2019-09-05 Minutes of the CA/Browser Forum Teleconference
Attendees (in alphabetical order)
Ben Wilson (Digicert), Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Gordon Bock (Microsoft), Janet Hines (SecureTrust), Jeannie Rissman (Network Solutions), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Tim Callan (Sectigo), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
Minutes
1. Roll Call
The Chair took attendance.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
No changes to the agenda.
4. Approval of minutes from previous teleconference
The minutes from the previous teleconference were approved and will be circulated to the public list.
5. Forum Infrastructure Working Group update
Jos provided the update. He will send an request to update meeting days/times because of some conflicts by participants. The WG has a draft ballot to re-charter the WG into a Forum Subcommittee. The WebEx situation was also resolved with the assistance of HARICA. Jos would check with the WebEx team if everything is in order.
Dean asked if we should switch to WebEx for the bi-weekly teleconference calls because he was experiencing some difficulties with Turbobridge web access. Other members did not have issues with Turbobridge and suggested using Skype to call the Turbobridge gateway. We can revisit this in the future if more members have difficulties with Turbobridge.
6. Code Signing Working Group update
Dean mentioned that the Code Signing WG discussed merging newly approved CS with EV CS document, because there is significant overlap. There was some discussion about audits around that. Invitations will be sent to auditors for the code signing meetings. Moving up SHA1 prohibition but there are legacy applications that need SHA1. It was discussed to move the original prohibition from January 2021 to May 2020. Working on a cleanup ballot.
A spreadsheet with contact information was created so that malware companies can use contact information for CAs that issue code signing certificates, even though this information is published in the CAs CP/CPS.
7. Follow-up on new S/MIME WG Charter
No update.
8. Any Other Business
Dean reminded Members that we now have 43 attendees and if anyone plans to attend F2F 48 and 49 to signup and update the participant tables on the wiki so that the hosts can plan ahead.
Dimitris and Dean said we should start working on the agenda for the F2F by the next meeting. We also don’t have any guest speakers for F2F 48 and perhaps we could find speakers that could connect remotely.
9. Next call
September 19, 2019 at 11:00 am Eastern Time.