CA/Browser Forum
Home » Posts » 2020-07-23 Minutes of the CA/Browser Forum Teleconference

2020-07-23 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Ben Wilson (Mozilla), Bruce Morton (Entrust Datacard), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Johny Reading (GoDaddy), Karina Sirota (Microsoft), Michelle Coon (OATI), Michol Murray (GoDaddy), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rae Ann Gonzales (Godaddy), Rich Smith (Sectigo), Robin Alden (Sectigo), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Thanos Vrachnos (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Travis Graham (GoDaddy), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

No changes to the agenda were noted.

4. Approval of minutes from previous teleconference

No objections to approval of minutes.

5. Forum Infrastructure Subcommittee update

Nobody who attended the last Infrastructure Subcommittee meeting was on this call, thus no update.

6. Code Signing Working Group update

Dean: Out of the previous week’s meeting there is a Ballot in Voting Period currently, to approve the combination of the EV Guidelines and the non-EV Code Signing Guidelines into one document. Voting started earlier this week and is now in progress, all members of the WG are hereby urged to vote sooner rather than later.

The WG has a TODO list of items that the WG is planning to change in a future update to the document and is proceeding with working on these items. We expect a presentation from Microsoft about high risk requests in a future meeting.

The WG also transitioned over to the new WebEx without problems.

7. S/MIME Working Group update

Stephen: The S/MIME WG’s charter requires the WG to be bootstrapped, so you may recall a call for declarations of interest to participate. After the first meeting of the WG yesterday, July 22, we finalized the WG with 19 Certificate Issuers, 2 Certificate Consumers, 4 Associate Members and 3 Interested Parties. I was confirmed as Chair of the Group, and we deferred electing a Vice Chair for a week or two, in order to allow people to consider volunteering. The Group will be meeting again on August 5, at 11:00 EST, maintaining a two week rythm. Currently there is a call open for members who may be aware of related standards that might have a bearing on the groups work, such as the GMail certificate policy, and standards that exist from ETSI. The group is still open for additional members, there are some prospect members. The charter is quite specific as to the objectives and deliverables of the group. The group will start with some topics that may be familiar to other CA/B Forum documents, such as “how one goes about validating email control” and certificate profiles. Anyone interested please reach out, special thanks to the Infrastructure Subcommittee.

Robin: We missed the initial call to join the S/MIME WG, who do we mail to join? Stephen: That would be to me, or to the questions email list.

Dimitris: We have established a management list for the WG, and there is of course a public list, similiar to our other Working Groups. Anybody outside the forum can join the public list and access its archives.

8. Any Other Business

Dimitris: I would like to mention that elections are coming up, I am working with Dean and Wayne on some informative mails to be sent on 1st week of August. The Chair nominations will start at August 17. You might want to start thinking about this process, we will need a Chair and a Vice-Char for every working group but the S/MIME working group which was just created. The whole process is documented on the Wiki, “Officer Elections”. Feel free to reach out to me or the other officers for questions related to the duties, or f.x. for the time required to fill a certain role.

Daniela: What was decided for the next F2F? Dimitris: It was decided to go virtual. Daniela: So for signup, just sign up on the Wiki? Dimitris: That is very soon, we’re not really

Dean: We developed the ground rules for the meeting but haven’t send them out yet because everyone would just forget about them, I plan to send them out just a few weeks before the meeting, does that seem reasonable?

Dimitris: I have already posted them on the wiki… First I would please like everybody to register for the meeting. Right now the Ground Rules are a bit of in draft status, we will get them more solid the closer we get to the meeting, any proposals for changes or additions are very much welcome. We will send a reminder when we get closer to the meeting.

Still have to do some demos and tryouts with Josh to figure out the best setup and configs for this large meeting.

9. Next call

The next call will take place on August 6, 2020 at 11:30am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed

Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates:

  • Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action;
  • Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and
  • Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).