CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-09-03 Minutes of the CA/Browser Forum Teleconference

2020-09-03 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Amanda Mendieta (Apple), Ben Wilson (Mozilla), Bruce Morton (Entrust Datacard), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Johny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Kirk Hall (Entrust Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Mayur Manchanda (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rae Ann Gonzales (Godaddy), Rebecca Kelley (Apple), Robin Alden (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

No changes to the agenda were noted. It was noted that Wayne Thayer volunteered to take minutes for this teleconference and Dimitris will take minutes on the next one.

4. Approval of minutes from previous teleconference

Accepted without objections.

5. Forum Infrastructure Subcommittee update

Jos said that the subcommittee is still working on updates to the password archives. Discussed updates to the structure of the GitHub repository. We are fleshing out a plan to create separate repos for each working group. An issue was raised about where to host the NCSSRs. A proposal has been made to replicate them into each WG repo. This means that each WG can manage their own documents and pull requests can be handled by the WG chairs. GoDaddy has created a document that is a distillation of the BRs into a timing matrix of when things need to happen. GoDaddy asked if this document could be contributed to a CAB Forum repo. Discussed how to do that without creating the appearance that these are official CAB Forum docs. The solution we landed on was to host the document elsewhere and create a section for links to shared docs on the wiki and/or website that clearly indicates the status of the document and who owns it. This could also be useful references for things like CABLint and ZLint.

6. Code Signing Working Group update

Dean said that he was not on the last call, but the document is finished and out for IPR review. Now the WG is going through parking lot items that were not addressed in the current version of the document. Looks like one big work item is to address EV requirements that should also apply to non-EV code signing certificates. Bruce is compiling a list of items to discuss at the next call. Also planning a discussion of high risk requests on Sept 24th.

Mike: that was an accurate summary of the discussion.

7. S/MIME Working Group update

Stephen said that the WG met yesterday. No additional members have joined. Mads Henriksveen from Buypass was confirmed as the Vice-Chair. The WG is trying to create a work product as soon as possible, and is focusing on a default certificate profile. This is requiring a lot of discussion because client software tends to be very forgiving. Also discussing the various use cases and deployment scenarios for S/MIME which are broader than for TLS. Some of this information has been posted to the public list, and we’re continuing to seek additional sources of requirements.

8. Elections update

Dimitris said that we have one candidate for each chair position. This means we don’t need an elections committee. Dimitris will prepare confirmation ballots for the Forum and SCWG and sending them on Monday according to our schedule, and Bruce or Dean will do the same for the code signing WG.

Dean: Remind us when the Vice Chair nominations open?

Dimitris said that nominations for Vice Chair begin on Oct 7 according to the original schedule. We can probably start earlier because we don’t have an elections committee.

9. Any Other Business

Dimitris said that the next F2F is scheduled for Oct 20. Should we start preparing?

Dean: Yes, we should start.

Mike: Have we considered the time zone?

Dimitris: The prior meeting’s time zone was though to be most convenient for all. Plan would be for the same.

Dean: We tried to accommodate the global audience by doing it early morning West Coast time. We could better accommodate Asia by hosting the meetings later, but that is bad for Europe.

Mike: The times we used before were probably best for all.

10. Next call

The next call will take place on September 17, 2020 at 11:30am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).