CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-05-02 Minutes for the CA/Browser Forum Teleconference

2019-05-02 Minutes for the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Antonio Perez (GoDaddy), Ben Wilson (Digicert), Chris Kemmerer (SSL.com), Dean Coclin (Digicert), Devon O’Brien (Google), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Frank Corday (SecureTrust), Geoff Keating (Apple), India Donald (US Federal PKI Management Authority), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michael Guenther (SwissSign), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Scott Rea (Dark Matter), Shelley Brewer (Digicert), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Timo Schmitt (SwissSign), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Vice-Chair took attendance

2. Read Antitrust Statement

The Antitrust Statement was read

3. Review Agenda

Today’s Agenda was approved.

4. Approval of minutes from F2F 46 and previous teleconference

The minutes from the previous teleconference were approved and will be circulated to the public list.

The minutes from F2F 46 were approved and will be posted to the public web site.

5. Forum Infrastructure Working Group update

Jos reported that we are proceeding with the planned upgrade of the wiki and other mailer services migration. Amazon has provided us with AWS resources so we’re able to spin up EC2 and S3 resources to support that migration.

The wiki will be switching to read-only next week according to the migration plan and move to its own system.

Kirk asked if this will be the same wiki platform or will members be required to learn a new wiki. Jos responded that the interface of the new wiki is very similar to the old one so it’s not expected to be any complicated. Just like the current one, there is a graphical interface which helps updating pages and content on web pages. Jos also said that when the migration is complete, he will ask for some time in an upcoming call to demo the new wiki.

New credentials will be required and this will be based on the current representatives list.

Kirk also recommended a creation or a reference to a “cheat sheet” for those that might miss the demo on our next call.

Dean asked when is this migration expected to happen and Jos replied the it will start Monday May 6th and hopefully end by Friday May 10th.

Dean asked members who are planning to attend the F2F in Thessaloniki to register their names today because the wiki will not be editable next week.

Wayne asked about the mail system migration and Jos responded that it will be migrated at the same time. The plan is to migrate the mailer without creating an outage. Wayne’s concern is when changing IP addresses on mail servers, there is a chance for messages not being delivered or getting bounced back. So we should avoid any voting being scheduled for next week.

6. Code Signing Working Group update

Dean reported that the CSCWG had a call last week. Ben has drafted a ballot to adopt the minimum requirements for code signing. Improvements are already being gathered for the minimum requirements and the EV Code Signing requirements.

7. Follow-up on new S/MIME WG Charter

Tim will provide a draft in a week or two.

8. Bylaws and existing SCWG Charter update ballot

Wayne mentioned that the ballot is in a pretty good shape and he spent quite some time with Dimitris to create a clean redline version on GitHub. During this process a new problem was discovered. When we moved the membership criteria out of the Bylaws and into the Working Group Charters, we moved the definitions of Root Certificate Issuers and Certificate Issuers out of the Bylaws. This creates a potential problem when voting at the Forum level because we lost the definitions for the voting categories (Root Certificate Issuers, Certificate Issuers, Certificate Consumers). So, we put the definitions back into the bylaws to address this issue.

We also clarified that the voting rules of the Forum keep the same membership category as in the Working Group. So a Certificate Consumer in a Working Group will vote as a Certificate Consumer at the Forum level, which is what we’ve been doing already.

Finally, there were some improvements in the formatting of the document to resolve some markdown viewing issues.

The ballot is in the discussion period since last Friday and according to our decision at the last F2F, we agreed to leave it open for discussion at least 2 weeks before voting begins, so members that wish to engage their legal counsels will have the time to do that. So, the ballot will remain in discussion period for next week and if there are no comments we will initiate the voting period after the e-mail migration is complete. If anyone needs an extension please ask.

9. Any Other Business

None.

10. Next call

May 16, 2019 at 11:00 am Eastern Time.

Adjourned

F2F Meeting Schedule:

  • 2019: June 11-13, 2019 – Greece (HARICA), October 28-31– Guangzhou (GDCA)
  • 2020: Feb 18-20 Bratislava (Disig), June – Minneapolis (OATI), October – Tokyo (GlobalSign)
  • 2021: Feb-March Dubai (DarkMatter), June – Poland (Asseco-Certum), October [Open]
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).