CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-01-07 Minutes of the CA/Browser Forum Teleconference

2021-01-07 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Digicert), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Christy Berghoff (Federal PKI), Clint Wilson (Apple), Corey Bonnell (DigiCert), Christy Berghoff (Federal PKI), Corey Rasmussen (OATI), Curt Spann (Apple), Daniela Hood (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Mike Reilly (Microsoft), Nazril Bin Mohd Gahni (PoS Digicert), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Noorul Halimin Mansol (PoS Digicert), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Redha Hamzah (PoS Digicert), Rebecca Kelley (Apple), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla)

Minutes

CA/B Forum Meeting Minutes (2020-01-07)

Dean Coclin (DigiCert) CA/B Forum Chair

Administrative Updates

· Anti-trust statement was read

· Agenda was reviewed. No comments.

· Approval of December 10 minutes

o No comments. Minutes approved.

Forum Infrastructure Subcommittee

Jos Purvis (Cisco)

· Ran thru Github discussions, tooling cleanups (as discussed in SCWG meeting)

  • Ryan S said other working groups can use these tools

· Reviewed mailer migration issues. Most issues solved.

· Webex can now send directly to management list, making it easier for meeting scheduling

· Membership management discussed, very labor intensive. Wayne developed a Google doc that is a “front door” to member list requests. This will help coordinate the list management.

Code Signing Certificate Working Group

Dean Coclin (DigiCert)

· Revisions made to CSCWG-7 to add an effective date and address other minor concerns

· Several changes discussed that needed Ian’s input (from Microsoft). He was not on the last call so those items were tabled and will be discussed on the next call

· Several questions about 3072 root requirements and cross signing. Again, Ian needed for that discussion

S/MIME Working Group

Stephen Davidson (DigiCert)

· Group took a step back to focus on a larger discussion topic: how to go from current permissive environment and how to become stricter in the future (i.e. multipurpose vs S/MIME only)

· Reaching out to email software providers to see what info they display for S/MIME

· Moving to put out an early cut on S/MIME BRs as S/MIME only certs

· Today many S/MIME certs allow for doc signing, authentication, etc. in addition to S/MIME

Additional Administrative Updates

· Doodle poll for spring meeting currently tied.

· Dean asked members to please take a moment to fill out the poll so we can nail down the date very soon

· Next Meeting scheduled for Jan 21st

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).