CA/Browser Forum
Home » All CA/Browser Forum Posts » 2018-09-20 Minutes of CA/Browser Forum

2018-09-20 Minutes of CA/Browser Forum

  1. Roll Call Attendees: Arno Fiedler (D-TRUST), Atsushi Inaba (GlobalSign), Ben Wilson (DigiCert), Christopher Kemmerer (SSL.com), Daymion Reynolds (GoDaddy), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Geoff Keating (Apple), India Donald (FPKI), Jeff Ward (WebTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco), Ken Myers (Federal PKI), Kirk Hall (Entrust), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (BuyPass), Marcelo Silva (Visa), Michele Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (Trustcor), Patrick Tronnier (OATI), Phillip Hallam-Baker (Comodo Security Services), Rich Smith (ComodoCA), Ryan Sleevi (Google), Shelley Brewer (DigiCert),Tim Callan (Comodo CA), Tim Shirley (Trustwave), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (Federal PKI).

  2. Antitrust Statement read by Kirk.

  3. Review Agenda. Agenda was approved.

  4. Approval of Minutes of teleconference of September 6, 2018. The Minutes were approved and will be posted to the Public list.

  5. Update on changes to mailing lists. Dimitris said there was no change to his update on the prior teleconference. We haven’t removed the posting privileges of non-official Forum representatives on the Forum list yet, but will do so soon. The SCWG mailing list is up to date on official representatives, with every member on the list, and so SCWG matters should now be posted to that list.

  6. Voting Period for CABF Vice Chair. Kirk noted that voting started on. Sept. 19 and would end on Sept. 26 on Ballot Forum-5 – Election of Forum Vice Chair.

  7. Governance Change Working Group. Ben said the Governance Change WG needed to move forward before it is dissolved on Oct. 3. Kirk asked if it was possible to amend the Bylaws so the Forum could have its own Subcommittees, and then approve a Governance Subcommittee of the Forum to continue work on issues such as Bylaws, etc. Ben noted that Jos had done a good job of drafting a charter for a Bylaws Working Group. Kirk asked why we would choose a separate Working Group rather than authorize a Subcommittee of the Forum instead to work on the Forum’s Bylaws. Ben said there had concern expressed in the past that a Forum Subcommittee could get into Bylaws issues that affected the work of separate Working Groups. Ryan said he had wanted to avoid IP issues if Bylaws changes for the Forum were handled in a Forum Subcommittee, and felt that only a separate Bylaws Working Group could address that issue. Ben discussed the possibility of creating a Bylaws Working Group that could only work on a particular version of the Bylaws. Ryan said a Bylaws WG Charter could specify what particular issues the WG was intended to resolve – some may be Forum issues, while others may pertain to particular WGs only. Kirk asked again if we should at least modify the Bylaws to allow the Forum to create its own Subcommittees to work up proposals for the Forum. Rich said the Forum at large has relatively little to do now that the SCWG has been created to handle server certificate issues, so maybe governance and Bylaws issues should be discussed by the Forum as a whole, not in a Subcommittee. He has never really liked delegating issues to subcommittees as it means the Forum itself doesn’t see the underlying documents the subcommittee works on. Ben concluded by saying he and Jos would work further on the matter.

  8. Forum Infrastructure Working Group update. Jos said the WG had scheduled its first meeting for Wednesday, Sept. 26 at 11 am Eastern Time, and will then decide whether to set that as its regular time and day on a bi-weekly basis. He invited others to join, but reminded them they needed to sign up to be members of the WG.

  9. Ballot Status. Dimitris noted on Ballot Forum 4 to readopt the Bylaws and correct editing errors that ACAB’c had asked that the reference to required audits in BR 8.4 should list ETSI EN 319 411-2 in addition to ETSI EN 319 411-1, but he thought the -1 reference was sufficient and covered everything. Ryan agreed and said adding the -2 reference was a non-goal. Arno said the -2 reference addresses QWAC certificates, and can be discussed later. Dimitris said the ballot removes old, out of date references and is still in the discussion period.

  10. Meeting Structure and Agenda Items for F2F Meeting Shanghai, Oct. 16-18, 2018. There was no discussion on the draft Agenda.

  11. Any Other Business. There was no other business.

  12. Next call: Oct. 4, 2018 at 11:00 am Eastern Time

  13. Adjourn; immediately convene meeting of Server Certificate Working Group (same call).

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).