CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-01-23 Minutes of the CA/Browser Forum Teleconference

2020-01-23 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Arno Fiedler (D-TRUST), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), David Moeller (Sectigo), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Kirk Hall (Entrust Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Patrick Nohe (GlobalSign), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rashmi Jha (Microsoft), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Thanos Vrachnos (SSL.com), Tim Callan (Sectigo), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Vincent Lynch (Digicert), Wayne Thayer (Mozilla).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

Accepted without changes.

4. Approval of minutes from last teleconference

Approved without objections.

5. Forum Infrastructure Subcommittee update

The subcommittee call lasted about 5 minutes because there was not enough participation.

6. Code Signing Working Group update

  • The WG invited a representative from the Clean Software Alliance (CSA) to the call. They were previously associated with Microsoft and now they are an independent organization. They will look at potential synergies between CSA and the CA/B Forum working groups. There was also interest in the validation subcommittee so Dean will send an email to the subcommittee Chair about that. Dean described the structure of the Forum and will have a follow-up call with their representative. They also invited Forum Members to attend a meeting in LA at the end of the month. Some browsers and OS vendors will be participating.
  • The February Summit is being postponed for March. A new Doodle poll will be circulated.
  • Discussed about improvements in validating and vetting for code signing certificates.
  • Tomas talked about key attestation and some customers having problems proving possession of keys in cloud instances, using Google cloud HSM as an example. This affects section 16.3 of the Code Signing BRs. Each Vendor has a proprietary solution and we need to modify the BRs for Code Signing with appropriate language to take the remote key attestation into account when subscriber keys are generated remotely. There was a suggestion to review Adobe’s AATL Policy for guidance.

7. Follow-up on new S/MIME WG Charter

There is some debate on the draft language of the S/MIME charter that seem to allow the case where an S/MIME Certificate may not contain an email address. This is very close to being completed.

8. Action items from F2F 48

Dimitris went over the list of pending actions from the last F2F. Most of the topics related to the Bylaws have been incorporated in a draft next revision of the Bylaws. Arno is planning to get feedback about the ETSI update next week at the scheduled ETSI ESI F2F meeting.

9. Topics for F2F 49

No suggestions.

10. Draft next revision of the Bylaws

Dimitris went over the main updates proposed in the next revision of the Bylaws that were circulated in the public list. There were no objections for the suggested changes. Dimitris plans on discussing a couple more issues at the next F2F and then prepare a ballot for updating the Bylaws. Due to the fact that some Members require legal review for Bylaws changes, we try to keep these changes limited to once a year.

11. Any Other Business

Patrick mentioned that accommodation information for F2F 51 is available on the wiki. Globalsign has added hotel information and there are special rates for Members. However, some of them require early booking until the end of March 2020.

12. Next call

February 6, 2020 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).