CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-08-05 Minutes of the CA/Browser Forum Teleconference

2021-08-05 Minutes of the CA/Browser Forum Teleconference

Attendees

Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Mike Reilly (Microsoft), Niko Carpenter (SecureTrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority), Natalia Kotliarsky (SecureTrust), Brittany Randall (GoDaddy), Tyler Myers (GoDaddy), Fumihiko Yoneda (Japan Registry Services), Yoshiro Yoney a (Japan Registry Services), Mike Min (GoDaddy), Rachel McPherson (Trustcor), Jose Guzman (GoDaddy)

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Roll Call

Dean Coclin read the roll.

3. Review Agenda

No changes were made to the agenda.

4. Approval of minutes from last teleconference

  • July 8 minutes were approved
  • July 22 minutes were approved

5. Forum Infrastructure Subcommittee update

  • Met on 28 July. Covered version packet implemented in GitHub. Gives ability to see which pull request made changes to a document. Tags go back only a few versions for documents but will be complete going forward.
  • Redlines is the next thing they are digging into for ballot process. Moving to an automated process. In recent ballot had some redline problems with how MSWord was functioning.

6. Code Signing Certificate Working Group update

  • CSC 9 in voting period. Ends today and looks like it will pass
  • CSC 10 will go to ballot shorting which will clarify WebTrust version 2 audit criteria
  • Discussed moving the CS BRs to the new format. Dimitris created a Google doc to help map the migration from old to new format
  • Moving out next session on signing services to September

7. S/MIME Certificate Working Group update

  • Met on 4 Aug. Over past two sessions clarifying direction on profiles, common terminology, etc. This is resetting the certificate profiles. How Corporate certs were being used was complicating the approach for profiles. Resetting the terminology will help move forward. Profile will include:
  • Mailbox
  • Legal person
  • Natural person
  • Good, positive discussion in the last two meetings.

8. REMINDER: Fall F2F Dates: Oct 12-14

  • Reminder of the dates for upcoming F2F. Once Karina is back the sign up page will be set up and ready to go
  • Keeping an eye on the COVID situation for future F2F meeting impacts

9. Any Other Business

Yoshiro Yoneya asked if anyone had attended the IETF meetings last week. Any updates?

Ryan stated that Google, DigiCert (Tim Hollebeek) were involved in the LAMPS discussion. ACME was covered. DigiCert is working in the LAMPS group. Document signing EKU creation was discussed. Google is not supportive for many reasons. Long discussions on this topic in the IETF meeting and best to review the minutes: https://datatracker.ietf.org/doc/minutes-111-acme/

Where CABF comes in? Ryan doesn’t think this EKU makes sense and he’s advocated that if this is important for the CABF (e.g. SMIME Working Group) then there is an opportunity for orgs (e.g. ETSI) or CABF to charter a work group to define what a document signing cert would look like and how would it be used. IETF has not adopted anything at this point so the question is if the CABF needs to adopt a position.

Tadahiko Ito stated there is a demand to have a public document signing EKU for not using emailProtection certs for (non-email) document signing. There might be different ways of realizing EKUs for that purpose.

UTA (Using TLS in Applications) is also a topic being discussed in IETF. Details can be found in the IETF minutes

10. Next call: August 19th, 2021 at 11AM Eastern

Adjourn

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).