CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-04-18 Minutes for the CA/Browser Forum Teleconference

2019-04-18 Minutes for the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Chris Kemmerer (SSL.com), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Frank Corday (SecureTrust), Geoff Keating (Apple), Inaba Atsushi (GlobalSign), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Michael Guenther (SwissSign), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rich Smith (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Shelley Brewer (Digicert), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Timo Schmitt (SwissSign), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance

2. Read Antitrust Statement

The Antitrust Statement was read

3. Review Agenda

Today’s Agenda was approved.

4. Approval of minutes from F2F 46 and previous teleconference

The minutes from the previous teleconference were approved and will be circulated to the public list.

The minutes from F2F 46 will be considered for approval at the next teleconference.

5. Forum Infrastructure Working Group update

Jos reported that the wiki will migrate to the new instance between May 6 and May 10. During that time, the wiki will be switched to read-only mode so we don’t get into a split-brain situation. Members should be aware of this and proceed with any wiki updates (like registering for the F2F in Thessaloniki) before May 6th.

For the mailers, there is a plan to further discuss the migration process so that it is as smooth as possible. The most critical part is to maintain the integrity of the list archive. Jos recommended to Members who have ballots in Discussion Period, to NOT START the Voting Period within the week of May 6th. No voting should take place during that week to avoid unexpected behavior by the mailers.

In regards to Document Management, we have made progress with trying pandoc as a conversion mechanisms from Markdown to HTML, DOCX and PDF. This tool was able to resolve several existing issues with the current conversion mechanism and is able to produce a cover page, page numbers and a table of contents getting pretty close to what we publish today on the public web site.

We also discussed about the ability to make editorial/formatting changes to the GitHub repository. These are changes that don’t change the contents but just the formatting. We already configured the repo to require 4-eye principle so every recommended change needs to be reviewed by another authorized repo maintainer. if anyone has concerns about these changes, a subscription to GitHub will enable “notifications” to be sent everytime there is a recommended change to master and raise concerns if something needs to be balloted. We also proposed a policy to delay 3 days before merging any formatting change, giving a chance for members to object if they think there is something concerning about the merge. Before changing from Kramdown/weasy-print to pandoc, we will probably ballot these formatting changes because they change the layout.

Finally, the Infrastructure Working Group discussed about compute power that is currently missing. Jos will contact Dave Blunt from Amazon.

6. Code Signing Working Group update

Dean reported that the CSCWG had a call last week. There are several candidate members that are interested in becoming Certificate Consumers and large users of Code Signing Certificates in the category of Interested Parties. Qualcomm and Intel have expressed interest of joining so we are working with them to navigate through the IPR process.

The WG also agreed to proceed with updating the EV Code Signing Guidelines, while we are in the process of adopting the Minimum Requirements for Code Signing as a formal Forum document. The WG was advised by Dimitris that the new guideline would require a 60-day IPR review period because it is a new guideline and not a maintenance guideline.

The WG is also collecting and processing possible improvements to the document so when the Guideline is approved, these changes will have already been discussed.

Members of the WG will continue to solicit members from the Certificate Consumer category.

7. Follow-up on new S/MIME WG Charter

Dean reported that the intent was to have a ballot to establish the WG before the F2F in Thessaloniki. Dimitris mentioned that more people can assist if necessary. The S/MIME WG Charter would be using the Code Signing WG Charter as a template. We have already identified some of the challenges specific to the S/MIME WG but we could start the discussion period starting from a first draft charter. Tim agreed and said we would have something out in the next few weeks.

8. Expectations for Hosting a F2F meeting

Dimitris sent out a message to the management list with a link to a Google Document that contains recommendations and expectations for members that volunteer to host a F2F meeting. It was discussed whether we should ballot this as an “official” procedure for Members that plan on hosting a F2F meeting. The consensus was to keep this document on the wiki and use it as guidance for candidate hosts. The document will be linked to the wiki. Peter Miskovic from Disig, hosting the F2F in March 2020 found it very useful.

Dean recalled some past discussions when Dimitris had thoughts about setting certain criteria for inviting Guests at F2F meetings. Currently the Bylaws give full discretion to the Chair for invitations. If this was to be somehow formulated, it would probably need to enter in the Bylaws and balloted. Dimitris said that this is a different topic and plans on discussing it in the future.

9. Any Other Business

Peter Miskovic mentioned that the F2F 49 in Bratislava will take place February 18-20.

10. Bylaws and existing Server Certificate Working Group Charter update

Wayne sent a redline of the updated Bylaws and SCWG. Since this ballot includes several changes, it is very difficult to create the “Ballot language” and since there is a precedent with ballot 206, Wayne will send a complete new version of the Bylaws and the SCWG Charter and a redline for each of those, and Members will need to vote based on that information. Another option would be to create a PDF and attach that in the ballot.

Wayne asked the group if there are any objections to having a ballot in which the language of the motion itself points to GitHub for the changes that are being voted on. No objections were raised on the call so Wayne will proceed with that plan and members can still object when the discussion period starts. He already has one endorser (Dimitris) and is looking for another member willing to endorse.

11. Next call

May 2, 2019 at 11:00 am Eastern Time.

Adjourned

F2F Meeting Schedule:

  • 2019: June 11-13, 2019 – Greece (HARICA), October 28-31– Guangzhou (GDCA)
  • 2020: Feb 18-20 Bratislava (Disig), June – Minneapolis (OATI), October – Tokyo (GlobalSign)
  • 2021: Feb-March Dubai (DarkMatter), June – Poland (Asseco-Certum), October [Open]
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).