CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-04-29 Minutes of the CA/Browser Forum Teleconference

2021-04-29 Minutes of the CA/Browser Forum Teleconference

Attendance

Aaron Gable (Let’s Encrypt), Abdul Hakeem Putra (MSC Trustgate), Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (DigiCert), Curt Spann (Apple), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority), Natalia Kotliarsky (SecureTrust), Maileen Del Rosario (GoDaddy), Brittany Randall (GoDaddy)

Minutes

Anti-Trust statement read, no changes to the agenda

Infrastructure subcommittee update given by Jos

  1. The anti-spam measures weren’t on and have been turned on. All of the emails for the infrastructure group are going to infrabot, so if people want to join the email list, they should ask. The group is also working are getting rid of bounced email address. If there are any issues with not getting emails, reach out to the infrastructure working groups. Check with the corporate email providers as they may have done some blockers as well.
  2. Tried to get digest emails working on Gitlab. Have a test website for the revisions to the CABForum site.
  3. Started to dig into membership management and the membership spread sheet.
  4. There is some discussion around interested parties and getting their input. Wayne has added information on the site that becoming an interested party is the right way to go about it.

Code Signing Working Group given by Bruce

  1. Discussed how timestamping works and whether it is in the charter. Nothing has been resolved yet. Discussion will continue in the working group.
  2. Restore clean up ballot: having some challenges with version control and moving forward.

SMIME working group given by Stephen

  1. Going through using the TLS baseline as a model for the SMIME. There is language regarding government entities. Is the content in section 8.4 still relevant and is it relevant for CAs that have the email trust bit? Will be reaching out to CAs
  2. Doing some research on how different consumer products take in SMIME certificates and other fields.
  3. Ongoing discussion related to the SAN field, in particular the use of the other name. This would be related to the legacy profile rather than the strict profile. Continue discussion in calls this upcoming week.
  4. Targeting having a rough draft before the June face-to-face.

June Face to Face

  1. Had discussion on different dates and time structure. Will be setting a meeting with working groups to discuss.
  2. One guest speaker has already been found

Any other business?

  • Dimitris: Is there any plans on tackling the working group charter alignment? The charters are not aligned, particularly the SMIME.
  • A: Not aware of any discussion but is a good idea. A task group has been proposed to do this and will be scheduled for the future.

Next call is May 13th

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).