CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-10-15 Minutes of the CA/Browser Forum Teleconference

2020-10-15 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Abdul Hakeem Putra (MSC Trustgate), Adrian Mueller (SwissSign), Ahmad Syafiq MD Zaini (MSC Trustgate), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Han Yong, Park (NAVER Business Platform), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Neil Dunbar (TrustCor Systems), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

Dimitris reviewed the agenda; no changes were identified. Tobi (Opera) volunteered to take minutes for the next call.

4. Approval of minutes from previous teleconference

Accepted without objections.

5. Forum Infrastructure Subcommittee update

Jos was not on the call. Ryan was also not on the call last week but was able updated the group that there was an improvement regarding the SPF configuration of the mailer.

The “blockers” for mail migration have mostly been resolved. There is discussion to see how this migration will take place from the GoDaddy infrastructure to the Amazon infrastructure. No concrete timeline for that.

Wayne sent out an email describing the GitHub repository migration for Forum-level and Working Group-level repositories. The subcommittee is testing and experimenting to make sure this plan actually works smoothly and preserves all the necessary information.

New WGs, especially the S/MIME Working Group will be able to take a look at the GitHub tools that automate production of documents for new guidelines.

Effectively, when a pull request is submitted, whether it’s from the cabforum repository or a private “fork” of that repository, and want to create a ballot and see how it looks like in the guidelines, we want to make sure it will be able to automatically produce the artifacts and possibly redline versions as well.

Automated production of documents is something the subcommittee is working on.

The subcommittee is also working on improve templates for producing documents, and to improve the generation of the PDF version. Exploring using NIST templates because they are creative commons licensed. Further modified to produce new PDF to reference and cross-reference.

Tim: Is it possible to produce documents from branches?

Ryan: Yes, and you can do redline with word. There is a task to improve the html template and create redlines with that, without needing to use word for that.

If it works with the main repo it will also work in forks.

6. Code Signing Working Group update

Dean Coclin (DigiCert): Ballot CSC-4 is approved sent for IPR review. This ballot was mainly to push out some dates for key sizes to move to 3072 bit RSA.

Tim Crawford reported to the Working Group that the audit criteria for CS and EVCS have been merged. The new audit criteria are dated November 1st, 2020.

Bruce is looking at the entire document to see when we have different requirements for EV and non-EV.

At the F2F, the WG will go through the changes and decide what to do.

There are also several parking items to review. They plan on having a revised document with these changes within the next 30-40 days.

7. S/MIME Certificate Working Group update

Stephen reminded that the main mission of this WG is to create Baseline Certificate profiles and go though email control verification requirements, describe the operational requirements for RAs and CAs, and finally the specifics of the Subject identity information. At this stage they are nearly complete going through a field-by-field review for leaf S/MIME Certificates.

The work of other WGs is very useful. In the coming weeks they will be moving and talking about aspects regarding issuing CAs.

They will soon have a draft Certificate Profile with all the original aspects that are agreed for further discussion and greater detail at that time.

8. Elections update

Dimitris sent the confirmation ballots for the Forum and SCWG. Bruce/Dean will soon start the confirmation ballot for the Code Signing Working Group.

9. Approval of Agenda for F2F 51

The agenda was approved without objections.

10. Any Other Business

Dimitris informed the Members that Cisco will not be able to host the F2F 52 meeting because of travel difficulties and other COVID-19 restrictions. This was obviously something more or less expected, but this is a confirmation that the F2F 52 meeting will also be a virtual one.

Dean announced our two guest speakers for the upcoming F2F meeting, Mr. Doug Hill from RealRandom and Mr. Michael Jahnich from Achelos.

11. Next call

The next call is scheduled for October 29, 2020 at 11:30am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).