CA/Browser Forum
Home » Posts » 2019-12-12 Minutes of the CA/Browser Forum Teleconference

2019-12-12 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Corey Bonnell (SecureTrust), Daniela Hood (GoDaddy), David Moeller (Sectigo), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Joanna Fox (GoDaddy), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Patrick Nohe (GlobalSign), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Shelley Brewer (Digicert), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call, assign minute-taker

The Chair took attendance. Wendy Brown volunteered to take minutes.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

Accepted without change.

4. Approval of minutes from last teleconference

Approved without objections.

5. Forum Infrastructure Subcommittee update

The subcommittee call was cancelled due to technical difficulties.

6. Code Signing Working Group update

Bruce hosted the last call, it was a quick call as no one with action items was able to make the call.

Planning to have face-to-face code signing summit, hosted at Microsoft sometime early next year, maybe in February. The plan is to work cooperatively on merging the EV and base code signing guidelines.

7. Follow-up on new S/MIME WG Charter

No updates.

8. Approval of F2F 48 minutes

Approved with no objections.

9. Action items from F2F 48

Dimitris has created a Wiki page for action items from the F2F 48 meeting, he invited others to make use of this new page.

10. Updating the IPR Agreement signature form

Dean – while updating IPR signature form – question to make it clear that if someone is applying as an individual vs as employee of company or organization

  • Ryan – wants to check with counsel before he answers – sounds reasonable – but will it require everyone to sign the revised IPR?
  • Lengthy discussion on why we are checking if someone has authority to sign on behalf of the organization.
  • IPR is a contract with every member since the CABForum is not a legal entity, so anyone should have the ability to question the IPR agreement and its validity – are your contributions being given with approval of the company
  • Maybe address by clarifying that if you put an organization you are signing on behalf of that organization, if intention is to sign as an individual do not include organization name.
  • Instructions may need to be clarified especially for interested party
  • Maybe some confusion between various links – maybe different versions of how to participate based on starting location – github vs wiki pages, etc.

11. Any Other Business

  • Dean – Feb meeting hosted by Disig in Britislava, the WIKI has travel information posted.
  • Please sign up if intending to attend
  • Summer F2F meeting will be week of June 9-11, in Minnesota, wiki page up but not yet with info
  • Doug – Oct 20-22, location selected – in great shopping area – info on Wiki

12. Next call

January 9, 2020 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed

Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates:

  • Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action;
  • Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and
  • Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).