CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-10-28 Minutes of the CA/Browser Forum Teleconference

2021-10-28 Minutes of the CA/Browser Forum Teleconference

Attendees

Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Natalia Kotliarsky (SecureTrust), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Dickson (Google), Sebastian Schulz (GlobalSign), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

The anti-trust statement was read.

The agenda was reviewed. No changes.

No minutes to approve.

Forum Infrastructure Report

Jos Purvis gave the update.

There was a very brief discussion on the GitHub digest and Corey has started poking into implementing the automated digest email digest to GitHub activity to each of the working groups. He just needs access to send from the account, which Jos is going to be getting him.

Code Signing Working Group Update

Bruce Morton gave the update.

CSC-12 is in the voting period. Working on a ballot for subscriber key protection. Next priority is to update the code signing service requirements. Also want to complete changing CSBRs to the RFC 3647 format.

S/MIME Working Group Update

Stephen Davidson gave the update.

Continuing the discussion on the validity periods. Apple has settled on 825 days. Would be allowable for the 1 legacy policy, which is intended as kind of a short term bridge to allow more of the ecosystem to be pulled into this auditable framework. But the intent is that it would disappear over time. It’s really a debate on the balancing of kind of the desire for automation and policy agility, versus kind of acknowledging the heavy usage of tokens and so forth. There has been some willingness on the part of a certificate consumers to consider 2095 day legacy period, as long as there is a hard date that it would be deprecated. So that’s really an ongoing discussion. We’ve also had a discussion of the contents of the version 1, primary deliverable. Certainly for those who would like to see the evolution of that document, it is publicly available out In the cab form, GitHub repository, there’s, the S/mine section and you would be looking for the SBR. There’s a version called the Pre SBR that is the working draft. The next step in our list of discussions there, was a specific request from a certificate consumer asking to have, as a focused discussion, the topic of external enterprise RAs. So that’s what’s next on our agenda.

Next Meetings

Next face to face meeting will be in person hosted by DigiCert in Salt Lake City. Proposed dates are Feb 22-24. RSA Conference is week of Feb 7th. Discussed possibly starting meeting on Weds vs. Tuesday. Dean will send out Doodle poll but preference is to start on Tuesday, Feb 22nd.

Other meetings

Dates have been set for June and October meetings.

June 6-8 Poland (Asseco)

October 24-26 Berlin (D-Trust)

Other business

No other business

Meeting adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).