2020-09-03 Minutes of the CA/Browser Forum Teleconference
Attendees (in alphabetical order)
Amanda Mendieta (Apple), Ben Wilson (Mozilla), Bruce Morton (Entrust Datacard), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Johny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Kirk Hall (Entrust Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Mayur Manchanda (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rae Ann Gonzales (Godaddy), Rebecca Kelley (Apple), Robin Alden (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
Minutes
1. Roll Call
The Chair took attendance.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
No changes to the agenda were noted. It was noted that Wayne Thayer volunteered to take minutes for this teleconference and Dimitris will take minutes on the next one.
4. Approval of minutes from previous teleconference
Accepted without objections.
5. Forum Infrastructure Subcommittee update
Jos said that the subcommittee is still working on updates to the password archives. Discussed updates to the structure of the GitHub repository. We are fleshing out a plan to create separate repos for each working group. An issue was raised about where to host the NCSSRs. A proposal has been made to replicate them into each WG repo. This means that each WG can manage their own documents and pull requests can be handled by the WG chairs. GoDaddy has created a document that is a distillation of the BRs into a timing matrix of when things need to happen. GoDaddy asked if this document could be contributed to a CAB Forum repo. Discussed how to do that without creating the appearance that these are official CAB Forum docs. The solution we landed on was to host the document elsewhere and create a section for links to shared docs on the wiki and/or website that clearly indicates the status of the document and who owns it. This could also be useful references for things like CABLint and ZLint.
6. Code Signing Working Group update
Dean said that he was not on the last call, but the document is finished and out for IPR review. Now the WG is going through parking lot items that were not addressed in the current version of the document. Looks like one big work item is to address EV requirements that should also apply to non-EV code signing certificates. Bruce is compiling a list of items to discuss at the next call. Also planning a discussion of high risk requests on Sept 24th.
Mike: that was an accurate summary of the discussion.
7. S/MIME Working Group update
Stephen said that the WG met yesterday. No additional members have joined. Mads Henriksveen from Buypass was confirmed as the Vice-Chair. The WG is trying to create a work product as soon as possible, and is focusing on a default certificate profile. This is requiring a lot of discussion because client software tends to be very forgiving. Also discussing the various use cases and deployment scenarios for S/MIME which are broader than for TLS. Some of this information has been posted to the public list, and we’re continuing to seek additional sources of requirements.
8. Elections update
Dimitris said that we have one candidate for each chair position. This means we don’t need an elections committee. Dimitris will prepare confirmation ballots for the Forum and SCWG and sending them on Monday according to our schedule, and Bruce or Dean will do the same for the code signing WG.
Dean: Remind us when the Vice Chair nominations open?
Dimitris said that nominations for Vice Chair begin on Oct 7 according to the original schedule. We can probably start earlier because we don’t have an elections committee.
9. Any Other Business
Dimitris said that the next F2F is scheduled for Oct 20. Should we start preparing?
Dean: Yes, we should start.
Mike: Have we considered the time zone?
Dimitris: The prior meeting’s time zone was though to be most convenient for all. Plan would be for the same.
Dean: We tried to accommodate the global audience by doing it early morning West Coast time. We could better accommodate Asia by hosting the meetings later, but that is bad for Europe.
Mike: The times we used before were probably best for all.
10. Next call
The next call will take place on September 17, 2020 at 11:30am Eastern Time.