CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-10-03 Minutes of the CA/Browser Forum Teleconference

2019-10-03 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Ben Wilson (Digicert), Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Janet Hines (SecureTrust), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

No changes to the agenda.

4. Approval of minutes from previous teleconference

The minutes from the previous teleconference were approved and will be circulated to the public list.

5. Forum Infrastructure Working Group update

Jos provided the update. Ballot Forum-10 has passed and the Infrastructure Working Group will be converted to a Forum subcommittee. The changes are already described in the ballot.

Converting the BRs to be “pandoc-friendly” was discussed in previous meetings. Jos has created a red-lined version of how this would look like and it was agreed to introduce these changes on a separate ballot and not in the “cleanup” ballot. Dimitris asked if this “pandoc friendly” view would be rendered correctly in the GitHub markdown viewer. Jos replied that he does not expect any issues with that as pandoc uses native features of markdown. He recommended members to check the final result of that pull request and if there are no issues, Jos can proceed with the ballot.

Jos mentioned that some maintenance work needs to take place on the server hosting the mailing list and asked when would that be best to happen. Reboots during voting periods should be avoided as much as possible. Members did not raise concerns over discussion periods because the proposer would be able to extend the discussion period for the time that the mailing list is unavailable before starting the voting period.

As a general case, Jos recommended that we declare a maintenance window on a monthly or quarterly basis on which day no voting can take place or if it in the middle of a voting period, that day does not count (the clock stops for 24 hours) for the 7-day voting period. That would be helpful to perform the necessary maintenance work and not risk of delivering people’s votes. Ryan thought it was a great idea. Jos asked if this proposal would require a ballot. Kirk mentioned that if we are to add an extra day for voting as described and the Bylaws mentions 7 days, that would probably require a change in the Bylaws. The alternative would require some coordination with the ballot proposers so they don’t start a voting period that includes the maintenance window day.

Ryan said that we need to communicate this as clearly as possible and agrees with Kirk that adding a day would require a change to the Bylaws. We do have a procedure on the wiki on how to prepare a ballot and all the steps that take place, so this maintenance window “check” should be described in that procedure. Members should be periodically “reminded” of this maintenance window.

Wayne recommended we discuss this topic some more in the Infrastructure Working Group/Subcommittee because there might be alternative options that would be more flexible and solve the problem in better ways. He recommended that someone should declare the beginning and end of maintenance window to indicate that the mailing lists would be “unreliable” even if no voting took place.

Jos agreed to send a start and stop of this month’s maintenance window and will bring it for discussion in the infrastructure subcommittee.

6. Code Signing Working Group update

Bruce mentioned that the WG did not have a meeting last week so there is no report.

7. Follow-up on new S/MIME WG Charter

It seems that there is some interest for this WG to move forward, the Forum received a question related to that. Dimitris will reach out to Tim and ask if he has any plans to move this forward. If he is overwhelmed with other work someone else should draft a charter and send it for discussion. We need something for the F2F.

8. F2F 48 Agenda

The draft agenda is up on the wiki. Dimitris mentioned about the photo policy to be discussed. He also reserved a slot to discuss about Bylaws issues since there was no feedback on the mailing list. Members are requested to check and propose new items to discuss at the F2F.

9. Any Other Business

None.

10. Next call

October 17, 2019 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).