CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-02-06 Minutes of the CA/Browser Forum Teleconference

2020-02-06 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Peter Miskovic (Disig), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Thanos Vrachnos (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Vincent Lynch (Digicert), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

Accepted without changes.

4. Approval of minutes from last teleconference

Approved without objections.

5. Forum Infrastructure Subcommittee update

  • Updates on pandoc ballot
  • Etherpad instance, test, make sure it is ok and activate before the F2F, move information to the wiki after the F2F and deactivate.
  • Discussed about migration of the web site to the hosted environment and the mailing lists. Need follow-ups with service providers.
  • WebEx test with Peter (coordinate timing with the hotel).

6. Code Signing Working Group update

  • No meeting.
  • The WG is finalizing the date for a code signing summit at Microsoft’s offices in Redmond on March 17 or 18. The date will be finalized next week during the call. Guest speakers from Microsoft will participate.

7. Follow-up on new S/MIME WG Charter

The ballot is in the voting period.

Clint mentioned that the Forum agreed to go forward but the discussion period should not be considered a formality.

Tim responded that the comments were reviewed but they were part of a fundamental disagreement that was being discussed for over a year. Tim respects the different opinion of some members and we will see how the vote goes.

Ryan highlighted the fact that there was more substantive feedback than just the identity issue. Google reviewed it with Legal and IP team and this took almost the entirety of 7 days. In the process of doing that they wanted to provide improvements to structural issues of the draft charter. Apple also provided useful feedback. There were more suggestions unrelated to the identity issue. Unfortunately there was no response from the draft proposers before starting the voting period. Google intends to vote “No”, not just because they can’t participate but because it would be detrimental.

Tim: The feedback was considered but did not have any structural/substantive changes. This ballot was almost in the same identical form for over a year now and there was plenty of time, beyond 7 days, for any member to provide feedback. People are welcome to provide any constructive feedback even by voting the way they choose to vote and see where we go from there.

Ryan disagreed that the ballot was discussed for more than a year. He provided a timeline of events where Ben circulated the draft ballot in January and Google provided substantive feedback. No updates were provided since then. Concerns were raised and remained unaddressed, especially the structural issues.

Clint: A few points were important to discuss. As an example, using some RFC terminology in the draft charter was odd. Some minor changes that were non-controversial could be accepted. Without any feedback, we don’t know if there is any disagreement on any of the points raised.

Wayne: Other valuable feedback, aside from identity, may have been overlooked. As an endorser of the ballot he wasn’t sure if the points raised were substantial enough to warrant voting against this ballot. He encourages discussion on this feedback and Dimitris posted a point that might be worth discussing. At this point though, we have to let the ballot run its course. Members must consider whether it’s worth moving this ballot forward and see this Working Group, that has been pending for almost two years, being created with some sub-optimal parts of the charter, or to vote against it and bring these additional pieces of feedback in a revised charter. This additional feedback was missed in an honest attempt to just move things forward. For Wayne, it was difficult to distinguish whether the feedback was related to identity or other issues. Let’s keep getting feedback and if the feedback is significant enough, it might make members vote against it.

Mike agreed with Wayne that there are two issues at hand, the identity issue will only be resolved by voting on the ballot. The other feedback was not to be ignored but it kind of danced around the identity issue.

Tim added that the review of the feedback resulted that some of the issues raised were either unresolvable or relatively minor which is why they decided to go ahead with starting the voting period.

Ryan replied that there was substantive feedback on Membership qualifications with regards to how that’s defined. This feedback was not incorporated despite repeated attempts to flag it as an ongoing concern. Regardless of how members feel about identity, it defines how participation is judged and how ongoing membership is continued. This information is available in previous postings on the mailing list along with suggested edits related to identity and to membership. Ryan considers unfortunate the fact that there was no attempt to even respond to this feedback.

Tim encouraged anyone to point to particular issues that they feel is important, to highlight them individually. There was a long history of discussion for this ballot. It would be extremely helpful for individual edits and very constructive to point directly to suggested edits they feel strongly about.

Ryan added that an alternative approach, if this ballot fails, would be for a different group of people to introduce the ballot because after several years of providing feedback unrelated to identity, this feedback was ignored.

Tim responded that the feedback was not ignored and this is an unfair statement. There is a lot of work to be done, the Forum does not run itself and some people are working hard to keep things moving. It’s difficult work and we appreciate anyone who can help.

Dimitris tried to summarize the discussion by stating that we will probably not be able to resolve the identity issue, this will be determined by the vote of each Member. As far as the other feedback is concerned, that is not related to identity, we should make an attempt to discuss even having a few days before the voting ends. If there are some previous discussions that point out to specific edits that are not related to identity but are related to Membership, Member voting, it would be helpful if these were highlighted somehow.

Ryan replied that this is not necessarily a good course. The vote will be ambiguous whether the members will vote “No” for ambiguity or “No” for some of the process or other issues. If the ballot fails it will be unclear whether the ballot failed because of the identity issue or other reasons. While we can continue to discuss how to resolve these other reasons, we will not be able to reach a conclusion about identity. It seems that this ballot will not be able to give the level of guidance that was intended by bringing it to a vote in its current state.

Skipped 8 on the Agenda, apologies 🙂

9. Approve Agenda for F2F 49

The agenda as posted on 2020-02-07 was approved.

10. Allow Chair/Vice-Chair to make informative (not normative) changes to Final Guidelines and Final Maintenance Guidelines

Dimitris went over the proposed change to allow this in the Bylaws. There were no objections raised on the call for the suggested changes. Ryan didn’t have time to review the recommended changes. Dimitris mentioned that Bylaws changes will be discussed at the upcoming F2F.

11. Any Other Business

Peter asked the list of attendees to close on Monday. They can still accommodate a few more people and asked if anyone expects to register this week to contact him and the Chair.

12. Next call

March 5, 2020 at 11:00 am Eastern Time.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).