CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-10-01 Minutes of the CA/Browser Forum Teleconference

2020-10-01 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Ben Wilson (Mozilla), Bruce Morton (Entrust), Clint Wilson (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Jos Purvis (Cisco Systems), Julie Olson (GlobalSign), Karina Sirota (Microsoft), Kirk Hall (Entrust), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thanos Vrachnos (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

Dimitris reviewed the agenda: no changes were requested. Minute-taker for the next call will be Dimitris.

4. Approval of minutes from previous teleconference

Accepted without objections.

5. Forum Infrastructure Subcommittee update

Jos Purvis (Cisco): The committee met last week, with much of the discussion taken up with the proposed split of the documents into multiple GitHub repositories. The short version is that the existing /documents tree will be cloned into /archive, and then /documents will be renamed to /servercert for the SCWG. The /servercert repo will then be cleaned of any unneeded old branches or other documents. The other working groups (CSCWG, SMCWG) will have new repos created fresh for them, with any necessary hereditary git operations performed manually to ensure they have history for their own documents.

The committee also worked over the weekend on the issue observed with rogue posts to several Forum listservs. The problem appears to have been caused by the Forum mailer server not checking SPF records to reject spoofed emails; the team at GoDaddy quickly responded by updating the server to fix this. Members are asked to carefully review their own email servers to ensure they are setting SPF records correctly to avoid rejected emails to lists.

6. Code Signing Working Group update

Dean Coclin (DigiCert): CSCWG met last week to address high-risk cert requests. A guest speaker talked about their experiences handing these, and the Microsoft team provided input on their handling of them as a certificate consumer. No decisions have been made yet, but it was very helpful to have background on how cybercriminals obtain and (mis-)use these certificates. In future, we plan to review EV/non-EV certificate types in detail and will get back to this in future meetings. Bruce has been nominated as vice-chair for the working group again.

7. S/MIME Working Group update

Stephen Davidson (DigiCert): SMCWG met yesterday. For the first of our meetings, we didn’t have to add new members, so the number of participating organizations is now steady at 35. We are continuing the approach of reviewing the certificate profile for leaf certs field by field, gathering information about standards that may apply and practices from member organizations (issuers and consumers). Questions collected are being parked to loop back to as we begin filling out areas of the forthcoming baseline standards. We feel like we’re making good progress on this and will be contacting the Infrastructure subcommittee about getting things set up in GitHub soon.

8. Elections update

Dimitris sent an email to start vice-chair nominations, which end 15 October. So far we have vice-chair nominations for CSCWG (Bruce Morton), but are still looking for SCWG and Forum nominations. Dean nominated Karina Sirota from Microsoft for Forum vice-chair, with Mike Reilly and Jos Purvis seconding. This leaves only the SCWG position open. Dimitris confirmed that one person can occupy positions in more than one space (as he does today with Forum and SCWG).

9. Topics for the next virtual F2F

Dimitris has sent out the draft agenda for the upcoming virtual face-to-face and asked members to consider both agenda updates and any changes to the rules for virtual F2F, which are contained on the wiki from the previous. Things went well last time, but if there are recommendations for improvements in practice or rules, any feedback is very welcome. Dimitris and Dean welcome any feedback available from the community, and will be updating wiki pages accordingly.

10. Any Other Business

No other business was discussed.

11. Next call

The next call will take place on October 15, 2020 at 11:30am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).