CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-05-14 Minutes of the CA/Browser Forum Teleconference

2020-05-14 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Adam Clark (Visa), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust Datacard), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jos Purvis (Cisco Systems), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michael Guenther (SwissSign), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Quo Vadis), Taconis Lewis (US Federal PKI Management Authority), Thanos Vrachnos (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

Accepted without changes. Enrico volunteered to take minutes on the next call.

4. Approval of minutes from previous teleconference

Accepted without objections.

5. Forum Infrastructure Subcommittee update

Jos gave the reports.

  • On the issue of migrating the mailers and web site, the subcommittee will make progress with the web site first.
  • On the issue of pandoc formatted BRs, Jos will proceed with making changes to the “Travis” configuration to autobuild with the new pandoc.
  • WebEx demoing various options. Evaluated default and existing meeting options with Dimitris and tested various scenarios. We did not have a chance to evaluate other types of webex meetings because they were not available in our subscription.
  • Migration of webex. The URL is changing and cabf.cabforum.org is the new URL. Chairs and Vice Chairs of subcommittees should ask for an account and schedule new meetings. Don’t forget to update the associated wiki page with the new meeting information.

Tim asked about the calendar invites on the old system. Jos replied that the old WebEx account will disappear in June.

The draft minutes of that particular Subcommittee meeting are available at the following URL:

6. Code Signing Working Group update

Dean: The merged document is ready to proceed. They also created a prioritized list of parking lot items, and will work with the top 5 things. The SC added a code signing wiki page with this information. Draft document with mark-ups and parking lot items are added to that wiki.

Next plan is to put this document up for a ballot. Dimitris asked if this would be considered a new Guideline, thus requiring 60 days of IPR review or an update to an existing guideline, thus requiring 30 days of IPR review. Dean said they will add it to the agenda for next meeting. Tim proposed to update of one of the two. Dean will explore these options. Sunsetting one document makes sense and Ryan thinks 30 days is ok with calling this “merge” a maintenance guideline.

7. New S/MIME WG Charter

This was now supposed to be in the discussion period but due to a technical issue with the ballot redline link, it is not a correct ballot. Tim will have to restart the discussion period by posting the proper “immutable” redline link, if this is supposed to be the normative ballot text. Tim mentioned that there is one last thing being discussed about root certificates that are not publicly trusted and which should be out of scope. There are concerns raised by Ryan that he is trying to understand.

Ryan said that the way this is written, what seems to be documented as out of scope can easily be presented differently to be in scope. He asked what is it that we’re trying to prevent. This language also prevents things we want to address. FPKI schemes and policy seems that they cannot be discussed. There was also a change in the introduction of the ballot.

Tim thinks that the current language does not prohibit that. The WG should not delete these things. Discuss for publicly-trusted.

Corey, asked to clarify the net result. This group would not produce standards that would be used exclusively on a private PKI.

Dimitris reminded the members about the codesigning WG charter where the Trusted third-party model was in scope and the non third-party model was out of scope.

Arno said that it’s good to take existing standards into account like ETSI NCP, etc.

Tim will check Forum-11 for an immutable red-line link.

8. Discussion about F2F agenda

No new topics for the agenda. It will be finalized at the next meeting.

If anybody has an idea of a good topic to discuss on our virtual meeting send it to the public list or to Dimitris.

9. Any Other Business

Doug mentioned that he assumes same virtual mode will be for a couple more F2F meetings. It is becoming very likely that F2F 51 will also need to be done virtually. The group agreed to wait another month to 6 weeks. Likely it will be cancelled due to International restrictions.

Trev: Some companies do not allow employees to travel Doug: There is also an significant financial impact Corey: Currently, US and Japan self-quaranteen for 2 weeks.

In relation to Forum-12: Update CA/B Forum Bylaws. There has been no feedback and Dimitris intends to start the voting period as soon as the discussion period is over.

10. Next call

May 28, 2020 at 11:30 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).