CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-04-30 Minutes of the CA/Browser Forum Teleconference

2020-04-30 Minutes of the CA/Browser Forum Teleconference

Minute taker: Tobias S. Josefowitz

Attendees (in alphabetical order)

Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust Datacard), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michael Guenther (SwissSign), Michelle Coon (OATI), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority), Taconis Lewis (FPKI).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

Accepted without changes.

4. Approval of minutes from previous teleconference

Accepted without objections.

5. Forum Infrastructure Subcommittee update

Jos reports:

We briefly discussed our infrastructure issues, particularly with mail, part of the problem that happened with the wiki server might be related to AWS blocking outbound SMTP by default, we will investigate how to get it fixed one way or another (port opened or service moved).

We did not have any further minutes on the Pandoc work, Dimitris will sit down and go through that for the next ballot and will see if any corrections should be needed, but we ought to be in pretty good shape there.

We had a good discussion around the virtual conference in June and agreed we would demo some of the available webex possibilities to see what are the options, but webex also has additional services for events and training which we would also look into.

Finally big discussion about the webex account, it has been transitioned last year. It is a donated account, Dimitris has stepped forward and offered for HARICA to own the account, because HARICA is an official non-profit that we can donate to while CABF isn’t one. However, as we are moving between accounts, the Chairs need to be aware that because this you will need to schedule new meetings for your meetings.

Dimitris: If we are transitioning we need to create new links and new rooms for the meetings, but we fortunately have all the information collected on the wiki and we have 6 meeting rooms we need to schedule and we can do this sooner then later, I’m just having a little trouble navigating the new account because it seems to be some different version and the configuration panel looks different. Anyway, we’ll get this ready, I will work with Josh to get this ready and coordinate with Subcommittee chairs to get the links around.

The draft minutes of that particular Subcommittee meeting are available at the following URL:

6. Code Signing Working Group update

Dean: We are not going to have a meeting during the F2F, we are combining the EV Guidelines and the regular BRs, Bruce is managing the compilation with input from all the different members. We have a open items we reviewed during the meeting, about the validity period of a signing service, about the minimum keysize effective January 1st is going to be 3072 bit RSA (was not a requirement for EV but will then to be applied to EV as well). Some confusion about eKUs; WG will investigate removing the EKUs for email and document signing to not conflict with future products of the S/MIME WG. Bruce will update the document once more re: the just listed items.

The draft minutes of that particular Subcommittee meeting are available at the following URL:

7. New S/MIME WG Charter

Tim: Ryan, there still is a grammar mistake that Corey identified last night. Ryan: Fixed. Tim: You fixed some other typos but not these. Ryan: Allright, Corey left a large number of comments. Tim: They’re mostly on the issue of the one sentence publicly trusted root certs may be poorly documented. If we could improve that sentence… Ryan if you can fix that last typo I can get the ballot out Ryan: Not sure where it is. Tim: If you don’t find it just ping me. I am hoping we will get the ballot out today and then we will see if we will resolve the issue about what publicly trusted means…

Dimitris: So the goal is to proceed despite the poorly described publicly trusted terminology and discuss it further in the discussion period.

Tim: Yes.

8. Agenda Topics for the upcoming F2F

Dimitris: Does anyone have topics for discussion?

If anybody has an idea of a good topic to discuss on our virtual meeting send it to the public list or to Dimitris.

9. Any Other Business

Dimitris: I would like to remind people about the update to our Bylaws, FORUM-12 Ballot: Under preparation I made some last minute updates which I missed from Ryan’s comments. I believe I have no other comments to address. Still looking for an additional endorser, anyone willing on this list?

Tim: here

Dimitris: Ok, endorsed by Tim and Mike.

About the upcoming F2F virtual meeting: Dean: We developed the ground rules for the meeting but haven’t sent them out yet because everyone would just forget about them, I plan to send them out just a few weeks before the meeting, does that seem reasonable?

Dimitris: I have already posted them on the wiki. First I would please like everybody to register for the meeting. Right now the Ground Rules are a bit of in draft status, we will get them more solid the closer we get to the meeting, any proposals for changes or additions are very much welcome. We will send a reminder when we get closer to the meeting.

Still have to do some demos and tryouts with Josh to figure out the best setup and configs for this large meeting.

10. Next call

May 14, 2020 at 11:30 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).