CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-03-17 Minutes of the CA/Browser Forum Teleconference

2022-03-17 Minutes of the CA/Browser Forum Teleconference

Attendees

Adam Jones (Microsoft), Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Ward (SSL.com), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Hogeun Yoo (NAVER), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Karina Sirota (Microsoft), Kati Davids (GoDaddy), Khairil Nizam Abdul Malek (MSC Trustgate Sdn Bhd), Kiran Tummala (Microsoft), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

Opening Procedures- Dean

Roll Call – per above

Read Antitrust Statement- Jos Purvis

Review Agenda

Approval of minutes of Feb 3rd call

Approved

Forum Infrastructure Subcommittee update

Given by Jos Purvis

  • Working group repo on Github is now working
  • Terrific demo of membership application web app. This will be a great step up from current tooling
  • Next steps are going to be setting up dev pages on AWS and then start tracking in parallel until finally moving over to it permanently
  • There is a neat way how to track attendance on Webex, so this could be automated.
  • If anyone has experience with PHP, the group is looking for help
  • Difficulties in balloting are more in scope of content rather than processes
  • Will do some documentation on how to do the technical aspects
  • Discussed general revamp of the websites.
  • There was a security issue with the site and GoDaddy and Ben were helpful in cleaning that up.
  • Do they know what happened? They think there was an authentication breach.
  • Do they know which account was breached? No, but anyone who has access has been asked to change creds.
  • Plan for changing over DNS from GoDaddy to AWS soon. May push out this cutover due to ballot, but will look forward to it.

Code Signing Certificate Working Group update

Given by Bruce Morton

  • Long discussion on subscriber key protection, and discussion on ballot, which should go out shortly.
  • Long Discussion on going through the current document on bringing it up to date on the signing services.

SMIME working group update

Given by Stephen Davidson

  • Discussion on wrapping up odds and ends on text for ballot before it goes out.
  • Intend to have a month of pre-ballot discussion in order to find any issues, discussion
  • Before going to a proper ballot in accordance with the bylaws.
  • Have general agreement on how to go forward
  • Having general discussions on the details, like the use of the pseudonym aspect or reuse of common name, as examples.
  • In terms of mailbox validation, we are adopting the TLS Baseline requirements methods for proving mailbox control.
  • There has been an additional discussion that there would be a variant on the MX method
  • Draft is here: https://github.com/cabforum/smime/blob/preSBR/SBR.md

NetSec Working Group

Given by Clint Wilson

  • A shift in the time for the cloud services and infrastructure group to 9am Pacific time starting next week. This group is progressing in the risk assessment quite well and still looking for more people.
  • Looking at ballots around defined terms, adding definitions and fixing definitions overall.
  • Will continue to give this update going forward.

Any Other Business

  • Next meeting is in Warsaw. Will continue to look ahead and make a decision going forward.
  • Will there be a hybrid? Maybe, but we cannot promise quality of the hybrid.
  • Suggest to err on side of having a good hybrid meeting, but wait and see
  • Berlin meeting is still scheduled for Oct 24-26

Meeting Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).