CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-04-01 Minutes of the CA/Browser Forum Teleconference

2021-04-01 Minutes of the CA/Browser Forum Teleconference

Attendance

Roll Call: Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (DigiCert), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jos Purvis (Cisco Systems), Leo Grove (SSL.com), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Sleevi (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wendy Brown (US Federal PKI Management Authority)

Minutes

Antitrust Statement read by Jos Purvis

Agenda

The agenda was reviewed.

Approval of prior minutes

The minutes of March 19th were not available for review. The face to face meeting minutes were approved.

Forum Infrastructure Update

Jos provided the update: Issues with mailman have been resolved. Monitoring scripts have been added so notification of outages is sent. No updates on github tooling work other than some requests on font sizes. Need an smtp server account setup. Discussion of revamped website occurred. Will create a test website so that it can be evaluated by others during development. On membership management, a new Google sheet will be created to address the issues there.

Code Signing Update

Bruce gave the update. End of voting for CSCWG-8 today. Approval expected. Other ballots on subscriber key protection for individual users or in the cloud, are under discussion. Discovering some cleanup issues that need to be addressed in a future cleanup ballot.

S/MIME Working group update

Stephen Davidson gave the update. Discussed the progress of the draft SMIME BR which are in GitHub, and some of the observations that have arisen the process regarding where/when to “copy over” content from the BR versus “refer out” to content from the BR. Had a detailed walk thru of the proposed requirements for domain auth and mailbox control to solicit feedback on that text. We will start collecting issues in the CABF to capture topics that are of interest but will be dealt with in a later version 1.x of the SMIME BR.

Commenced discussion of the specific Mailbox-validated certificate profile. Conversation returns to the subject of how to appropriately define a stricter baseline for SMIME certs while also bringing the wider implementations of public email Protection certs (which may not be solely dedicated to SMIME) into better conformity. Links will be provided to the above materials in the SMCWG public list in the coming days for those that are interested.

2021 F2F meeting schedule

June 15-17, will be virtual. Fall meeting is tentatively scheduled for October in Minneapolis but this will be reevaluated after the June meeting.

Other Business

No new membership applications.

Next call April 15th

Adjourn

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).