Home » All CA/Browser Forum Posts » 2019-08-08 Minutes for the CA/Browser Forum Teleconference

2019-08-08 Minutes for the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Arno Fiedler (D-TRUST), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Joanna Fox (GoDaddy), Jos Purvis (Cisco), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alen (Sectigo), Ryan Sleevi (Google), Tim Shirley (SecureTrust), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Vice-Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

Today’s Agenda was approved.

4. Approval of minutes from previous teleconference

Minutes were approved

5. Forum Infrastructure Working Group Update

Jos reported that there was no meeting this week due to holidays for many people. Meetings will resume in September. A ballot was floated on the mailer to re-charter the working group into a subcommittee. Kirk commented that pipermail is not picking up many of the group emails. Several people questioned that and Jos said he would check with GoDaddy to make sure everything is being archived properly.

6. Code Signing Working Group Update

Dean stated that the IPR review period will end next week. He also stated that the group discussed removing timestamping references from the code signing documents to put them into a separate, dedicated document for that exclusive purpose. The group will review the charter to see if that is within scope.

7. Follow-up on new S/MIME WG Charter

Tim was not available. No new information

8. Approval of F2F 47 Minutes

The minutes from F2F 47 were approved and will be circulated to the public list.

9. Any Other Business

Dean mentioned that the venue for the Fall meeting was posted to the management list and encouraged members to sign up (on the wiki) to attend the meeting, to help our host plan properly.

10. Next call: Aug 22, 2019 at 11am Eastern Time

Meeting Adjourned

Latest releases

Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35