CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-03-07 Minutes for CA/Browser Forum Teleconference

2019-03-07 Minutes for CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Anna Weinberg (Apple), Ben Wilson (Digicert), Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Frank Corday (SecureTrust), Geoff Keating (Apple), Inaba Atsushi (GlobalSign), Iñigo Barreira (360 Browser), Joanna Fox (GoDaddy), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Mahmud Khair (SecureTrust), Marcelo Silva (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Tim Shirley (SecureTrust), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla).

Minutes

1. Roll Call

The Chair took attendance

2. Read Antitrust Statement

The Antitrust Statement was read

3. Review Agenda

Today’s Agenda was approved.

4. Approval of Minutes of previous teleconference

The minutes of February 21, 2019 teleconference were approved and will be posted to the Public list and the Public web site.

5. Forum Infrastructure Working Group update

Wayne reported that the Infrastructure WG discussed two major topics. The first topic was around using Github as the canonical version of cabforum documents. We currently have the ability to create a PDF document from a GitHub “file” (currently in Markdown format) and the question is whether this PDF document is acceptable, as in “does it have all the features that we need” to make it usable as THE canonical document.

The solution might come from a specific session at the F2F meeting to discuss the differences between the existing PDF documents and the automatically produced PDF documents from GitHub. We will need to compare that with the current practice where a word document is maintained on the wiki and is manually updated. That’s why there is now a specific slot at the F2F to discuss this topic.

Dimitris added that this is one step towards using GitHub as the maintainer engine for canonical versions of Guidelines and documents. We have also scheduled a second slot with a short demo on how to create red-line documents using GitHub, something useful for people that want to create ballots and need to produce a red-lined document.

The second topic discussed was about the current ballot rules that require both a “Ballot Version” (statements like “in section X, replace the language with the following text”) and a “red-line” which is just for assistance and is not normative for the ballot. These inconsistencies that have been spotted from time-to-time may create confusion to Members that review the ballots.

Wayne also mentioned that most members prefer to read “red-lined” versions because it makes the review easier. The question is whether there is a need to create the “Ballot Version” when there is a clear proposed red-line Maintenance Guideline version.

We would like to propose an option that a ballot only has to document the red-line and that red-line version should be enforced. In order for this to be permitted, a small change in the Bylaws is required. Since we are already in the middle of changing the Bylaws, this additional change may be added in the proposed Bylaws changes.

Kirk mentioned that was a time where only red-lines were required and the “Ballot Version” was not required. Wayne responded that the current Bylaws include language that strongly implies that the more descriptive language (“Ballot Version”) is required for every ballot. The plan is to update the language to clearly state that a “Ballot Version” is optional.

Ryan commented that the language around the “Ballot Version” was discussed during Governance reform and the main reason was that it would cover for cases where the red-lined version was against an older version of the Guidelines.

Kirk said that the same problem would probably exist in a red-line and in a “Ballot Version” against an “incorrect” (or obsolete) text but is happy with anything that makes things clearer.

Dimitris summarized that the goal is to “drive” things on maintaining the “canonical” versions of documents on GitHub and in order to get there, we need to get members acquainted with GitHub and more familiar with it. Then, we would be in a position to introduce more specific procedures on how to perform ballot updates. We can then add specific steps utilizing GitHub and make these normative procedures in the future.

Of course, there will be specific instructions and demos to support that.

Ryan mentioned that he would circulate the minutes of the latest Infrastructure Working Group soon.

6. Follow-up on new S/MIME WG Charter and formation of Code Signing WG

Ballot Forum-8 for the creation of the Code Signing Working Group is currently in the voting period and will likely pass. Dimitris asked about provisions of the CSCWG at the upcoming F2F and if Dean would need a slot for a kick-off meeting of the new WG, but also time during the first day (Tuesday).

There was agreement to use the currently empty slot at the end of the meeting on Thursday and 30 minutes closer to the end of Tuesday.

The S/MIME WG charter will be based on the Code Signing WG Charter but there is no progress in that area yet.

7. Upcoming F2F 46 meeting March 12-14, 2019 (hosted by Apple)

All basic information related to the F2F meeting venue is published on the wiki. Remote audio/video participation information will also be posted on the wiki. Apple will prepare an Apple WebEx session. Geoff also mentioned that there will be some breakfast available at the venue, and this is stated in the F2F Agenda.

8. Finalize CA/B Forum Agenda for F2F 46

Dimitris read the topics of the current draft agenda and received no objections about the topics or time allocations. The final agenda will be posted on the public list.

9. Any Other Business

Dimitris mentioned that all F2F slots have been filled until October 2021. After Greece, the next F2F meeting will take place Oct 28-31 in Guangzhou, hosted by GDCA. Feb-March 2020 the meeting is scheduled for Bratislava, hosted by Disig and Feb-March 2021 the meeting is scheduled for Dubai, hosted by DarkMatter.

10. Bylaws and existing Charters update

Wayne summarized the current state of updating the Bylaws, reminding everyone that the last changes were sent already to the public list. Members should use this period of time to discuss these changes with their legal teams and attend the F2F with specific questions or concerns that will have to be addressed. If we receive no objections, then there will be a ballot prepared soon after the F2F to update the Bylaws according to the proposed changes.

One change is proposed to be added in section 2.4, clarifying that a single red-line should be sufficient for a draft guideline ballot.

Kirk mentioned that the group should put some thought about past cases where some mail clients could not properly display the red-line attachments and recommended that PDF is used for that. Wayne responded that the proposal doesn’t actually get into this area and leaves the existing bylaws as-is and just clarifies that a red-line alone is sufficient to submit a ballot.

11. Next call

March 21, 2019 at 11:00 am Eastern Time.

Adjourned

F2F Meeting Schedule:

  • 2019:
  • March 12-14, 2019 – Cupertino, CA (Apple)
  • June 11-13, 2019 – Greece (HARICA)
  • October 28-31– Guangzhou (GDCA)
  • 2020:
  • Feb-March Bratislava (Disig)
  • June – Minneapolis (OATI)
  • October – Tokyo (GlobalSign)
  • 2021:
  • Feb-March Dubai (DarkMatter)
  • June – Poland (Asseco-Certum)
  • October [Open]
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).