CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-11-14 Minutes of the CA/Browser Forum Teleconference

2019-11-14 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Adam Clark (Visa), Ben Wilson (Digicert), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Eva Vansteenberge (GlobalSign), Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Shelley Brewer (Digicert), Tim Hollebeek (Digicert), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Vincent Lynch (Digicert), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

No changes to the agenda.

4. Discuss Action Items from the recent F2F 48 meeting

Infrastructure Subcommittee

  • Jos and Ryan will continue to work on a ballot to make the BRs “pandoc friendly”

  • As discussed in the SCWG meeting, this is work in progress, Jos is waiting for SC23 and SC24 to be merged in the master branch of GitHub, rebase and update the proposed changes.

  • Trev to investigate about allowing incoming/outgoing SMTP traffic to new VMs

  • Trev confirmed the action item.

  • Someone (?) to plan for Etherpad installation for next F2F

  • Jos volunteered to work on this task

S/MIME WG

  • Someone (?) to draft and send the charter based on the F2F discussion. Unfortunately the minutes are missing and the recording is not available yet.
  • Tim mentioned that a couple of people are working on a charter and he hopes to be able to send a draft out today.

Photo Policy

  • Dimitris to finalize the draft proposal and describe the red/dark blue lanyard colors to indicate additional-privacy/no-additional-privacy request.
  • Ryan to propose language improvements for the “attribution” to IETF.

Issues with Bylaws

  • Dimitris to propose text for Bylaws so that each Member participating in a Working Group to designate voting representatives. If a Member wants to designate different representatives for the Forum level compared to the Working Group level, they can do so. Only votes from official representatives will count. Each voting representative may extend or restrict the set of voting members. Voting representatives can also be introduced or removed by a Member’s legal (or properly delegated) representative.
  • Dimitris to prepare some draft language in the following weeks.
  • Tim mentioned that Digicert is not necessarily opposed to this language but during the F2F discussion there were some members who expressed the opinion that this is more of a problem with an organization that may be having trouble controlling who votes for their organization. This seems to be more of a Member-type of problem rather than a CA/B Forum problem. Ryan asked if Digicert could share some information about the change of opinion on this subject and Tim replied that there are concerns that this process of introducing this language and clarifying will take time. If this can get quickly resolved, that’s worth doing. But there are concerns that it might take more than it’s worth. This is trying to solve a problem that the Forum has not experienced before.
  • Dimitris responded that different opinions were heard at the F2F and hopefully have been captured in the minutes, we may not reach a full agreement on this topic but he will make an effort to write a proposal and send it out to see if it works for everyone. He also added that this problem will become more important as the Forum grows.

Who signs the IPR Agreement

  • Dimitris (and Ryan?) to describe the scenario where the CA/B Forum receives an application from a CA, which is the “Owner”, but that CA uses a different Legal Entity as the CA “Operator”. The “Operator” is the one likely to participate in CA/B Forum activities and likely to “Contribute”. The safe approach is to require both Legal Entities to sign the IPR Agreement.
  • Draft language in the Bylaws to give guidance for this particular scenario because we had it more than once. It shouldn’t be too hard to describe this. Ryan agreed it should be trivial to describe what happens when a Member delegates participation or the operations of their CA and also voting. We could imagine a scenario where the Policy Management Authority controls the voting rights and delegates the other operations and participation. We could allow this flexibility if this is combined with the previous discussion about voting representatives.
  • Dimitris and Ryan can continue this offline and work on this language.
  • There was some additional discussion about current Forum examples of Members with delegated partners (Network Solutions – Sectigo, FPKI – delegated contractors, etc).

Concept of member

  • Ryan to work with counsel to identify inconsistencies.
  • Ben recommended to go through the Bylaws/IPR Policy and flag instances that contain inconsistencies. Actions?
  • Ryan mentioned that this is a similar problem as the problem with the legal representatives.
  • Ben was not sure if it was the same thing but he noticed that we don’t have a “member agreement” but just an “IPR agreement” which may not bind a Member to the Bylaws. Ryan replied that this should probably not lead in creating a new membership agreement document. Tim mentioned that this could be an “interesting” area because the IPR Policy is mentioned in the Bylaws and if there is no legally-binding process for the Members to follow the Bylaws it would lead into “interesting” situations. Ryan replied that by binding a Member to the IPR Policy, automatically binds them with the Bylaws. It might be a lot to unpack on this call and suggested we either discuss at the next call or on the list. Dimitris recommended that we hold off on opening this topic and work with other action items with more priority. This won’t go away from the list of issues.

Time requirements for CAs as Associate Members

  • Dimitris to describe a process to evaluate CAs that are Associate Members once a year. There is no need to change the Bylaws but we should try to have a clear process to implement the policy requirement to review CAs that are in the Associate Member category.
  • There were some good suggestions from Jos.

5. Any Other Business

Dean reminded Members and Associate Members to vote on Doug’s Doodle poll for the Fall 2020 F2F meeting. Dimitris also reminded people to register for the Bratislava meeting.

Finally, Jos mentioned that the Infrastructure Subcommittee meeting invitation was just sent out to 6-7 participants that were active in previous meetings. If anyone is interested in attending the subcommittee’s activities, he will post the meeting information on the wiki.

6. Next call

December 12, 2019 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).