CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-02-01 Minutes of the Network Security Working Group

2022-02-01 Minutes of the Network Security Working Group

Clint Wilson leading the meeting.

Request a volunteer for minutes. Dan Jeffery volunteers.

Clint reads the antitrust statement

Attendees: Adam Jones, Antti Backman, Ben Wilson, Brittany Randal, Christophe Bonjean, Clint Wilson, Corey Bonnell, Corey Rasmussen, Curt Spann, Daniel Jeffery, Daryn Wright, David Kluge, Dustin Hollenback, Israel Ventura, Jillian Karner, Kati Davids, Martjin Katerbarg, Niko Carpenter, Prachi Jain, Roman Fischer, Ruben Annemans, Thomas Connelly, Tim Crawford, Tobias Josefowitz, Tony Seymour, Trevoli Ponds-White

Discussion of minutes approval and request for changes, accepted by silence

Discussion of meeting time slots and the Doodle poll

  • opportunity given to add additional time slots
  • no suggestions
  • request to complete by next meeting
  • currently Monday at 0800 Pacific is leading
  • Clint will send a reminder if few responses are coming in

Cloud services subgroup has been meeting regularly and is completely helpful work

  • shall we convert the cloud services subgroup into an official NetSec subcommittee
  • Dan, Prachi and Trev voiced support
  • David was asked if he’d continue to lead it
  • he suggests changing the name to be a little more versatile
  • Trev suggests raising visibility into what the committee is doing for those who don’t attend
  • David is asked to summarize
  • we determined that current expectations assume a certain CA architecture or design
  • this makes cloud services difficult or unclear within the current NSR
  • this group is investigating how we could modify this to allow more versatility while preserving security
  • have reviewed various aspects including audit frameworks, where cloud services might be most useful, relationships between CA and cloud service provider
  • led to current effort which is focused on generating a better risk assessment framework
  • Clint asks for any further questions on what the subcommittee is trying to accomplish – none
  • do we need a ballot
  • discussion of why we’d want a ballot
  • Trev raises “why do it if we don’t have to”
  • Ben points out that having a set of specific expectations and purposes seems worthwhile
  • general consensus seems to be that it’s worth doing a ballot
  • discussion of whether we should continue meeting until ballot is complete
  • general consensus is that meetings should continue
  • Tobias checks the server cert WG practice on this and determines there is nothing clearly written
  • Clint will create the ballot, Trev will endorse

Request for any comments on Ballot NS-001: Adopt Network and Certificate System Security Requirements

  • no comments were offered

Vote on David Kluge for vice-chair raised by Ben Wilson

  • David is willing, Clint presents and Ben seconds
  • no opposition, multiple ‘thumbs up’

Prachi raises that she has a change to the NSRs which will need a ballot

  • someone else needs to shepard through Prachi’s change as Fastly is only an interested party
  • we will wait until after the NSR is voted on
  • Ben and Clint offer to take it at that time, if no one else is willing

Closed meeting early with reminder to vote and provide feedback in Doodle poll

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).