CA/Browser Forum
Home » All CA/Browser Forum Posts » 2018-02-08 Minutes

2018-02-08 Minutes

Final Minutes for CA/Browser Forum Teleconference – February 8, 2018

Attendees: Arno Fiedler (D-TRUST), Atsushi Inaba (GlobalSign), Ben Wilson (DigiCert), Bob Wiegand (SSL.com), Bruce Morton (Entrust), Christopher Kemmerer (SSL.com), Corey Bonnell (Trustwave),Curt Spann (Apple), Daymion Reynolds (GoDaddy), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Enrico Entschew (D-TRUST), Fotis Loukos (SSL.com), Gervase Markham (Mozilla), Jeff Ward (WebTrust), Jos Purvis (Cisco), Julie Olson (GlobalSign), Kirk Hall (Entrust), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Michele Coon (OATI), Mike Reilly (Microsoft), Patrick Tronnier (OATI), Peter Bowen (Amazon), Peter Miąkovič (Disig), Rick Andrews (DigiCert), Ryan Sleevi (Google), Shelley Brewer (DigiCert),Tim Hollebeek (DigiCert), Tim Shirley (Trustwave), Virginia Fournier (Apple), Wayne Thayer (Mozilla), Wendy Brown (Federal PKI).

  1. Roll Call
  2. **Read Antitrust Statement **
  3. Review Agenda. Agenda was approved.
  4. Approval of Minutes from teleconference of Jan. 25, 2018. The Minutes were approved and will be posted to the Public list.
  5. Governance Change Working Group update. Ben said the WG had a call last week, reviewed remaining issues again, and addressed them individually. The WG has started using an issues/comments tracking sheet to deal with comments. Comments and suggestions have been divided into three groups: critical (working on now), important (to be addressed later), and those which will not be included.

Virginia circulated revised document drafts addressing people’s comments. She said the WG still needs to make a couple of changes to the Bylaws, after which the WG plans to circulate Ballot 206 for an informal discussion period where remaining concerns can be addressed, then move to a 7-day formal discussion period and then a vote. The ballot will take effect immediately if passed, as it does not amend any guidelines. Kirk asked if all transition periods between the old and new governance structures were clear, and Virginia said yes.

Wayne asked if an amended IPR Agreement would be needed, and Virginia said yes. Wayne asked what would happen in the interim period, after the Ballot passes but not every member has signed the new IPR Agreement – was it possible there would be no Forum members or not enough members for some period? Kirk said perhaps there should be a double trigger – the ballot doesn’t take full effect until it passes and some minimum number of members sign the new IPR Agreement. Ryan suggested maybe the Forum allow a period like 90 days for members to sign the new agreement, after which their membership rights would be limited.

  1. Policy Review Working Group update. Ben said the WG is working through the BRs to make the changes in terminology, and is now up to Sec. 8.5.
  2. Network Security Working Group update. Ben said the WG reviewed a red-lined copy of the NetSec Requirements amendments on the last call, and was addressing issues like password requirements, multi-factor authentication, and certificate system zones. Kirk asked if a ballot would be presented soon, and Ben said the WG needed more time and would be meeting at the F2F meeting.
  3. Validation Working Group update. Tim said the WG was working on IP address validation methods under BR 3.2.2.5. The approach will likely be to accept the methods that CAs are doing today and amend them as necessary, then eliminate the “any other method” subsection for IP address validation. He discussed the all-day VWG meeting scheduled for March 6 at the F2F meeting, to which multiple Interested Parties have been invited to participate. He, Wayne, and Gerv have been working on logistics, including an agenda and WG code of conduct, and will discuss on the March 1 VWG call. He has put out a call for volunteers to guide the discussion for each of the 10 validation methods under BR 3.2.2.4 to look for strengths and weaknesses – how the methods are actually implemented, how CAs comply with requirements for each method, etc. Members and Interested Parties can participate in person or by phone.

Wayne noted that Interested Parties had been specially invited to the meeting and the prior call, and five had volunteered so far – the purpose is to try to bring in additional expertise when examining each method.

  1. Membership application of Dark Matter CA to join as a CABF Member. The Members discussed the membership application of Dark Matter CA, and decided they did not have enough information in the application to decide if Dark Matter qualified for Membership or Associate Membership. Kirk will request more information.
  2. Ballot Status – Discussion of ballots (See Ballot Status table at end of Agenda). There was no discussion.
  3. Possible Topics for March F2F Meeting. The Members discussed topics and agenda timing for the three days of meetings at the upcoming F2F meeting on March 6-8, 2018 hosted by Amazon at its offices in Herndon, VA.
  4. Any Other Business. There was no other business.
  5. Next call: February 22, 2018 at 11:00 am Eastern Time
  6. Adjourn
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).