CA/Browser Forum
Home » All CA/Browser Forum Posts » 2018-05-03 Minutes

2018-05-03 Minutes

Attendees: Arno Fiedler (D-TRUST), Ben Wilson (DigiCert), Bruce Morton (Entrust), Cecilia Kam, (GlobalSign), Christopher Kemmerer (SSL.com), Corey Bonnell (Trustwave),Daymion Reynolds (GoDaddy), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Enrico Entschew (D-TRUST), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Frasier Evans (FPKI), Gordon Bock (Microsoft), Jos Purvis (Cisco), Kirk Hall (Entrust), Mads Henriksveen (BuyPass), Michele Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (Trustcor), Patrick Tronnier (OATI), Peter Miscovic (Disig), Rick Andrews (DigiCert), Robin Alden (ComodoCA), Ryan Sleevi (Google), Shelley Brewer (DigiCert),Tim Hollebeek (DigiCert), Tim Shirley (Trustwave), Tyler Myers (GoDaddy), Virginia Fournier (Apple), Wayne Thayer (Mozilla), Wendy Brown (Federal PKI).

  1. Roll Call
  2. Read Antitrust Statement
  3. Review Agenda. Agenda was approved.
  4. Application of Cisco Systems to convert Membership to Certificate Consumer (Browser) Status. Jos reviewed his email requesting that Cisco Systems’ status in the Forum be changed from CA to browser (soon to be called Certificate Consumer Status). Ryan asked for more details on how Cisco meets the Bylaw 2.1 requirement that a browser member “produces a software product intended for use by the general public for browsing the Web securely“. Jos stated the current version of its IOS firmware relies on the Cisco trusted root store program for providing default TLS trust to customers. (Jos previously provided this product support document for IOS-XE 16.8 to the Chair: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_pki/configuration/xe-16-8/sec-pki-xe-16-8-book/sec-pki-trustpool-mgmt.html#GUID-12F9A05F-B06C-48CE-AE71-F1826A1955BD.) Kirk asked if there were any objections to converting Cisco Systems’ membership to browser status, and there were no objections. Cisco is now approved as a browser member, but is no longer a CA member.
  5. Membership application of DHIMYOTIS (Certigna). Kirk noted that Certigna had submitted an application to join the Forum as a CA member, but there were questions about the ETSI audit documents submitted and Certigna had not provided certain other information. Kirk will ask Certigna for the missing information, and the application will be considered at a later meeting.
  6. Governance Change Working Group. Ben said there had been no call this week, but reminded the members that they need to sign the IPR Agreement v1.3 by July 3. Other actions will be needed to move to the new governance structure by that date, including creation of a new mailing list for the Server Certificate Working Group. We will wait to create the new mailing lists until closer to the date after all the new IPR Agreements have been signed. Virginia added that if any members want to propose a new Working Group charter, they should start working on a ballot for the charter before July 3 in order to be up and running on the start date. Dimitris suggested we should create a naming scheme for the new mailing lists to avoid confusion, and Ben agreed. Ben also stated we will need better tracking on who is “participating” on a new working group, when they joined, etc. Tim noted we will also need new pages on the wiki for the various working groups.
  7. Policy Review Working Group update. Ben said the WG will meet after the current Forum call. The goal is to finish the current work of clarifying the term “CA” in current requirements. Another possible project is be to implement Ballot 154 from 2015, which required that the EV Guidelines be converted to RFC 3647 format – this has not yet been done.
  8. Network Security Working Group update. Ben said the WG had been working in two areas: (1) discussing the correct structure for the new NetSec requirements – what are the functional components of a CA, and how should security requirements be expressed for each, and (2) the need to use GitHub to track changes between meetings – the WG has been using a Word document that is circulated between calls, but it’s been hard to keep track of changes.
  9. Validation Working Group update. No report.
  10. Ballot Status – Discussion of ballots. There was no discussion.
  11. Preparing Agenda for London F2F – June 5-7, 2018. The members discussed how much time each WG would need for the Tuesday meetings in London, and tentatively decided the following: Governance Change WG – no meeting; Policy Review WG – to be decided later; Network Security WG – 2 hours; Validation WG – balance of time remaining. Possible speakers were discussed.
  12. Any Other Business. There was no other business.
  13. Next call: May 17, 2018
  14. Adjourn
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).