CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-12-11 Minutes of the CA/Browser Forum Teleconference

2020-12-11 Minutes of the CA/Browser Forum Teleconference

Attendees

Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Christy Berghoff (Federal PKI), Curt Spann (Apple), Daniela Hood (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority)

CA/B Forum Meeting Minutes

Administrative Updates

Dean Coclin (DigiCert) CA/B Forum Chair

  • Anti-trust statement was read
  • Agenda was published. No comments.
  • Approval of Face-to-Face 51 minutes
  • No comments. Minutes approved.

Forum Infrastructure Subcommittee

Jos Purvis (Cisco) Subcommittee Chair

  • Conversion of CA/B Forum GIT Repository into separate sub-repositories
  • All repositories created and working out final details
  • Ryan Sleevi (Google) asked for owners in email to add 2FA or ask to be removed as an owner
  • At this point, only 2 members remaining without 2FA. Ryan will send them a direct email.
  • At this point, 2FA will be enabled.
  • Jim Gorz (GoDaddy) has been preparing to move the mailer host
  • He’ll post a change date once it is available to ensure we do not have discussions or voting periods during the migration to the new host

Code Signing Certificate Working Group

Dean Coclin (DigiCert) CA/B Forum Chair

  • CSCWG-4: Review period ended. Bruce published final version and it is up and running
  • Ian McMillan (Microsoft) proposed Key Protection ballot. This is about cloud based key protection requirements. Clarification needed on log retention. USB tokens needed for that. Auditing discussed.
  • Question about clarifying timeline for 3072 bit keys. Now June 2021.
  • If root issued before 2021 and is 2048 key size, can it still be used. Ian McMillan is going to get clarity.
  • Bruce Morton (Entrust) is investigating EV vs. Non-EV requirements in BRs.

S/MIME Working Group

Stephen Davidson (DigiCert), Working Group Chair

  • Telia interested in participating in working group
  • Working group is currently at 38 members
  • Fast approaching stage of using GitHub
  • Steven will work with Infrastructure Subcommittee to use GitHub for S/MIME
  • Leaf certificate profile
  • Reviewed data within fields
  • Working on aligning format (table type) with what other working groups are using

Additional Administrative Updates

  • Member applications
  • Jos Purvis (Cisco) will follow-up with members requesting to join the CA/B Forum
  • Stephen Davidson (DigiCert) will follow up with Telia regarding the S/MIME Working Group membership request
  • Responding to Mailing List Questions
  • Dean Coclin (DigiCert) discussed the process for how to respond to the questions list. If Dean can answer administrative questions, he’ll respond immediately. If the questions are more unique or not “administrative”, he’ll ask for input from the group before sending a response.
  • Dean asked if anyone has any issues with how he’s been responding so far. No concerns were raised.
  • Next Meeting
  • The next scheduled meeting is canceled because it lands on the U.S. holiday of Thanksgiving.
  • December 10th is the now the next meeting.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).