Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Christy Berghoff (Federal PKI), Curt Spann (Apple), Daniela Hood (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority)
CA/B Forum Meeting Minutes
Dean Coclin (DigiCert) CA/B Forum Chair
- Anti-trust statement was read
- Agenda was published. No comments.
- Approval of Face-to-Face 51 minutes
- No comments. Minutes approved.
Forum Infrastructure Subcommittee
Jos Purvis (Cisco) Subcommittee Chair
- Conversion of CA/B Forum GIT Repository into separate sub-repositories
- All repositories created and working out final details
- Ryan Sleevi (Google) asked for owners in email to add 2FA or ask to be removed as an owner
- At this point, only 2 members remaining without 2FA. Ryan will send them a direct email.
- At this point, 2FA will be enabled.
- Jim Gorz (GoDaddy) has been preparing to move the mailer host
- He’ll post a change date once it is available to ensure we do not have discussions or voting periods during the migration to the new host
Code Signing Certificate Working Group
Dean Coclin (DigiCert) CA/B Forum Chair
- CSCWG-4: Review period ended. Bruce published final version and it is up and running
- Ian McMillan (Microsoft) proposed Key Protection ballot. This is about cloud based key protection requirements. Clarification needed on log retention. USB tokens needed for that. Auditing discussed.
- Question about clarifying timeline for 3072 bit keys. Now June 2021.
- If root issued before 2021 and is 2048 key size, can it still be used. Ian McMillan is going to get clarity.
- Bruce Morton (Entrust) is investigating EV vs. Non-EV requirements in BRs.
S/MIME Working Group
Stephen Davidson (DigiCert), Working Group Chair
- Telia interested in participating in working group
- Working group is currently at 38 members
- Fast approaching stage of using GitHub
- Steven will work with Infrastructure Subcommittee to use GitHub for S/MIME
- Leaf certificate profile
- Reviewed data within fields
- Working on aligning format (table type) with what other working groups are using
Additional Administrative Updates
- Member applications
- Jos Purvis (Cisco) will follow-up with members requesting to join the CA/B Forum
- Stephen Davidson (DigiCert) will follow up with Telia regarding the S/MIME Working Group membership request
- Responding to Mailing List Questions
- Dean Coclin (DigiCert) discussed the process for how to respond to the questions list. If Dean can answer administrative questions, he’ll respond immediately. If the questions are more unique or not “administrative”, he’ll ask for input from the group before sending a response.
- Dean asked if anyone has any issues with how he’s been responding so far. No concerns were raised.
- Next Meeting
- The next scheduled meeting is canceled because it lands on the U.S. holiday of Thanksgiving.
- December 10th is the now the next meeting.