2020-01-23 Minutes of the CA/Browser Forum Teleconference
Attendees (in alphabetical order)
Arno Fiedler (D-TRUST), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), David Moeller (Sectigo), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Kirk Hall (Entrust Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Patrick Nohe (GlobalSign), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rashmi Jha (Microsoft), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Thanos Vrachnos (SSL.com), Tim Callan (Sectigo), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Vincent Lynch (Digicert), Wayne Thayer (Mozilla).
Minutes
1. Roll Call
The Chair took attendance.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
Accepted without changes.
4. Approval of minutes from last teleconference
Approved without objections.
5. Forum Infrastructure Subcommittee update
The subcommittee call lasted about 5 minutes because there was not enough participation.
6. Code Signing Working Group update
- The WG invited a representative from the Clean Software Alliance (CSA) to the call. They were previously associated with Microsoft and now they are an independent organization. They will look at potential synergies between CSA and the CA/B Forum working groups. There was also interest in the validation subcommittee so Dean will send an email to the subcommittee Chair about that. Dean described the structure of the Forum and will have a follow-up call with their representative. They also invited Forum Members to attend a meeting in LA at the end of the month. Some browsers and OS vendors will be participating.
- The February Summit is being postponed for March. A new Doodle poll will be circulated.
- Discussed about improvements in validating and vetting for code signing certificates.
- Tomas talked about key attestation and some customers having problems proving possession of keys in cloud instances, using Google cloud HSM as an example. This affects section 16.3 of the Code Signing BRs. Each Vendor has a proprietary solution and we need to modify the BRs for Code Signing with appropriate language to take the remote key attestation into account when subscriber keys are generated remotely. There was a suggestion to review Adobe’s AATL Policy for guidance.
7. Follow-up on new S/MIME WG Charter
There is some debate on the draft language of the S/MIME charter that seem to allow the case where an S/MIME Certificate may not contain an email address. This is very close to being completed.
8. Action items from F2F 48
Dimitris went over the list of pending actions from the last F2F. Most of the topics related to the Bylaws have been incorporated in a draft next revision of the Bylaws. Arno is planning to get feedback about the ETSI update next week at the scheduled ETSI ESI F2F meeting.
9. Topics for F2F 49
No suggestions.
10. Draft next revision of the Bylaws
Dimitris went over the main updates proposed in the next revision of the Bylaws that were circulated in the public list. There were no objections for the suggested changes. Dimitris plans on discussing a couple more issues at the next F2F and then prepare a ballot for updating the Bylaws. Due to the fact that some Members require legal review for Bylaws changes, we try to keep these changes limited to once a year.
11. Any Other Business
Patrick mentioned that accommodation information for F2F 51 is available on the wiki. Globalsign has added hotel information and there are special rates for Members. However, some of them require early booking until the end of March 2020.
12. Next call
February 6, 2020 at 11:00 am Eastern Time.