CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-09-09 Minutes of the CA/Browser Forum Teleconference

2021-09-09 Minutes of the CA/Browser Forum Teleconference

Attendees

Adrian Mueller (SwissSign), Ali Gholami (Telia), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Brittany Randall (GoDaddy), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), David Kluge (Google), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumihiko Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Mike Min (GoDaddy), Mike Reilly (Microsoft), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Rebecca Kelley (Apple), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Vijayakumar (Vijay) Manjunatha (eMudhra), Yoshiro Yoneya (Japan Registry Services), Steven Deitte (GoDaddy)

Minutes

  1. Read Antitrust Statement
  2. Review Agenda
  3. Approval of minutes of last call
  • Ask to look through previous minutes
  1. Forum Infrastructure Subcommittee update given by Jos
  • Github tagging is enabled and the last couple of ballots up to the current release and 48 were tagged
  • Discussion of issues and issue tracking and whether to come out with labeling or guides for labeling issues
  • Brief issue with publication of smart ligatures in the SC48 update. Style guide was updated with dash types
  • For SC47, there was a last minute date fix that opened discussion about how to reopen a branch.
  • There were several suggestions on how to update the ballot table on the website. The working group is trying out options.
  • Adding DMARC into reporting status and then will move it into a quarantine status.
  • GoDaddy is looking at doing is moving the primary DNS records for CABforum.org to Amazon’s route 53 and then keeping GoDaddy as the secondary. That means, we’ll be able to control our own DNS but will still have GoDaddy as a backup
  • Will be starting from scratch on a new membership spreadsheet
  • We will asking each member organization to supply a fresh set of the canonical member list for your organization
  1. Code Signing Certificate Working Group update given by Andrea
  • Had 2 ballots (SC 9 and 10) that had been approved that are in the IPR period now
  • Discussed Ian’s ballot for logging and audit retention
  • Discussed Ian’s ballot for subscriber keys. Will be waiting for a clean-up ballot for that to go through
  • Will be reviewing some of the past SC ballots for any impact to the code signing BRs
  • Cory is working on the new formatting to move the code signing BRs to Pandoc
  • Will be comparing version 2.5 of the CSBRs and where it now is in the new doc compared to the 3647 structure and also how it was modified.
  • Discussed blank sections in the code signing documents to decide how the working group wants to handle that.
  1. SMIME working group update given by Stephen
  • Certificate profiles for mailbox validation are basically agreed on for individuals representing an organization
  • Next step is to look at certificate profile for personal certificates
  • These profiles will lead into the creation of the SMIME BRs
  1. Fall F2F dates
  • October 12-14, 2021
  • Guest speaker will be Professor Zane Ma from Georgia Tech
  • Please let us know comments about the agenda
  1. Any Other Business:
  • None
  1. Next call: September 16
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).