CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-01-20 Minutes of the CA/Browser Forum Teleconference

2022-01-20 Minutes of the CA/Browser Forum Teleconference

Attendees

Aaron Gable (Let’s Encrypt), Adam Clark (Visa), Adam Jones (Microsoft), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumihiko Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Israel Ventura (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Miguel Sanchez (Google), Natalia Kotliarsky (SecureTrust), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Pekka Lahtiharju (Telia Company), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijay Kumar (India PKI Forum), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

Roll Call

Dean captured the roll.

Read Antitrust Statement

Jos read the antitrust statement.

Review Agenda

Dean reviewed the agenda. No changes.

Approval of minutes of last call (Dec 9th and Jan 6th).

Dec 9th minutes – minor update to NIST 800-63 version (formerly listed ast NIST 863)

Other than that, no issues were communicated.

Forum Infrastructure Subcommittee update (Jos Purvis)

No meeting, no update.

Code Signing Certificate Working Group update (Bruce Morton)

Still working on subscriber key protection ballot

Eventually will move into changing BR format into 3647 format

Working on planning F2F updates

S/MIME Certificate Working Group update (Stephen Davidson)

  • Met yesterday (1/19)
  • Several items on agenda, only able to discuss the first.
  • Methods for mailbox validation
  • Draft language that exists for the domain validation methods coming from the BRs, as well as the possibility of authenticating control over an individual mailbox (the first option is the bulk authorization for an enterprise RA, the second, for example, is for a one off approval)
  • New proposed method – new to us and the TLS BRs, proposed by Foutis (Google) to use mxrecords.
  • A lot of discussion surrounding this because it has similarities to discussions that have taken place in the TLS group related to CNAMEs.
  • General agreement it’s an important method to include – people are digging into how we express it.
  • Some discussion on validity of random values (adopted from TLS BRs) – where possibly the adopted timeframes were too long and should be revisited.
  • Have this discussion take place upstream at the TLS group.
  • Some related discussions that will be picked up at the next meeting related to information reuse periods, and different aspects of enterprise RAs.

NetSec Working group establishment and report

Updates from Ben:

  • Need to update Google Sheet/Membership records
  • Clint has been helping with updates
  • Discussed resetting the meeting time, perhaps into the infrastructure committee slot (more participants in the NetSec group, would be ideal if Infrastructure group could move to a different time). In any event, there will be a poll to help determine the future meeting time.
  • Current time slot (11 AM PT) is not favorable for folks in Europe.

Next F2F: Salt Lake City, Feb 22-24

  • Chairs and Vice Chairs are meeting on 1/21 to discuss and set agenda.
  • If you are coming in person, please fill out the Wiki (dedicated section depending on participant type).
  • If attending in-person, there are discounted rates available at the hotel
  • Dean is looking forward to getting the group together.

Any Other Business?

None.

Next call

February 3, 2022

Adjourn

Meeting adjourned.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).