CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-02-07 Minutes of CA/Browser Forum Teleconference

2019-02-07 Minutes of CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Arno Fiedler (D-TRUST), Bruce Morton (Entrust Datacard), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Fotis Loukos (SSL.com), Frank Corday (SecureTrust), Geoff Keating (Apple), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Kirk Hall (Entrust Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Mahmud Khair (SecureTrust), Marcelo Silva (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Sissel Hoel (Buypass AS), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance

2. Read Antitrust Statement

The Antitrust Statement was read

3. Review Agenda

Today’s Agenda was approved.

4. Approval of Minutes of previous teleconference

The minutes of January 24, 2019 teleconference were approved and will be posted to the Public list and the Public web site.

5. Forum Infrastructure Working Group update

Jos reported that we now have a test wiki instance that can replace the current wiki. It is being reviewed with positive feedback so far, and we can import existing wiki code and pages fairly easily.

They had a good discussion about website management and how to migrate the current public web site over to the “managed” wordpress installation. They expect some small issues during the transition that can be resolved by using redirects to keep the current wiki URL operational until we move it to its new site.

They are still working on hosting the remaining services, namely the mailers and the wiki.

Document management was also discussed. There are published instructions on the wiki for how to prepare a red-lined draft maintenance guideline to be used for ballots. Wayne is also working on a GitHub maintenance documentation for people maintaining the CA/B Forum repositories.

6. Follow-up on new WG Charters (Code Signing, S/MIME)

There is some discussion about the S/MIME WG Charter on the CA/B Forum public list.

7. Upcoming F2F 46 meeting March 12-14, 2019 (hosted by Apple)

Hotel information is on the wiki. Geoff mentioned that Apple received some feedback that the suggested hotel was full, so it is possible that people booking at that hotel might not get the discounted price for all days. Any other hotel in that area would be convenient.

8. Any Other Business

None.

9. Bylaws and existing Charters update

Wayne lead the discussion and continued from where we left off during the last call. He recalled having consensus on allowing the formation of Subcommittees at the Forum level and we are close on fixing the language to accomplish that.

Section 2.1 and membership criteria was also discussed on the public list related to period-of-time and particular audit periods. There didn’t seem to be consensus for requiring an audit for membership criteria and Wayne suggested we put this question on hold temporarily.

There was discussion about whether joining the Forum level would require anything other than being a Member of a Chartered Working Group. That would mean that a Working Group Member would automatically be considered a Forum level Member. There was general agreement that nothing else should be required, new Applicant’s wouldn’t need to have two applications, one for a Chartered Working Group and one for the Forum, submitting the same membership information requirements twice. So, the proposal was to move Membership criteria out of the Bylaws and into the Working Group Charters. If we move to this direction, the Bylaws changes would have to be voted in the same ballot as a Server Certificate Working Group charter update.

Ryan mentioned that there might be Working Groups potentially huge because they have a broader topic and some Forum Members would like to use the Membership criteria to restrict that, however there might be alternatives to accomplish this goal if it becomes a problem.

Tim H. raised some concerns that membership criteria should be described in the Bylaws and Wayne recommended that these membership criteria can be included in the Bylaws in the template charter section as a guidance. Tim and Ryan agreed with this recommendation.

Wayne noticed that by resolving this matter, we also resolve the issue of section 2.1 because it makes this section much simpler. However, this would then be a concern for the Server Certificate Working Group charter to clarify.

Section 2.2 was discussed about ending membership and Wayne noticed that this should also be simplified down to “not being a member of a Working Group”. Dimitris recommended we follow the same approach used for Membership criteria, also for ending Membership which means that each Working Group Charter (and Working Group Charter template) should include language for Membership termination.

Wayne described the remaining changes as relatively straightforward and uncontroversial, mostly being language cleanups and problems that were previously discovered.

Section 2.3d clarifies where each voting takes place.

Sections 2.3 and 2.4 on ballot language were updated with no material changes.

Section 5 is currently a source of confusion because it is titled “Forum activities” but some of those activities are performed at the Working Group level. So, sections 5.1 and 5.2 apply to the Forum.

Section 5.3.4 was about Legacy Working Groups during the transition period and can safely be removed. Section 5.3 applies to Working Groups.

Section 5.3.1 now describes elections for Working Groups which is missing from the current version.

Ryan asked about the percentage of completion for the preparation of these changes because changes to Bylaws include reviews by legal counsels. Wayne had a similar question about whether it would be preferred if these changes were introduced in smaller ballots or one big ballot and leans towards the latter because legal departments need to be involved, so it’s better if these are presented all at once. There was general agreement on this issue, so we will attempt one large ballot to include all Bylaws and Server Certificate Working Group Charter updates.

Wayne described a plan on how to move forward by members adding all the proposed changes in the google document, including updates to the Server Certificate Working Group. Once we have that ready, Wayne will send it to the public list for another round of review. At that point, if we don’t have any more feedback, he thinks it would be reasonable to assume that this is what the Forum wants to proceed with. We could have a 60-day pre-ballot period with these changes so Members can review with their legal counsels before voting. No objections were raised by members.

Kirk asked if these amendments should be done before creating new Working Groups and Wayne replied that the proposed changes are not preventing new Working Groups to be created, as described under the current Bylaws.

10. Next call

February 21, 2019 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).