2022-04-14 Minutes of the CA/Browser Forum Teleconference

Opening Procedures – Dean

Roll Call

Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Inaba Atsushi (GlobalSign), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Khairil Nizam Abdul Malek (MSC Trustgate Sdn Bhd), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services)

Read Antitrust Statement- Jos Purvis

Review Agenda
Approval of minutes of last call


Forum Infrastructure Subcommittee update given by Jos Purvis

  • Had successful migration of DNS to GoDaddy and now can stand up a dev host for membership tool to start testing
    • Going to create a label of ‘interested person’ for someone who is interested but not as a group in the tool
  • Creating a style guide on how to post things to the website-e.g. picking a consistent date for minutes to make sure things are consistent
  • There was a website issue over the weekend but it has been resolved. It was an internal issue but it was corrected very quickly.
  • Talked about tools page – adding more sections per type of interested person and adding additional tools

Code Signing Certificate Working Group update given by Bruce Morton

  • Approved ballot 13 for subscriber key protection. It’s in IPR and will be effective 11/15/2022.
  • Moving on to finalize format change to RFC 3647 format.

SMIME working group update given by Stephen Davidson

  • Draft of BRs is complete
  • Working through fringe cases that are not included in other types of BRs- common names, functional names (like help desk) or a pseudonym, as well as field serial number, which is can be used in different ways in S/MIME certs, like an employee ID number or a personal identifier like in ETSI
  • Moving into formal pre-ballot discussion period shortly. Now is the time for organizations to review and read
  • Goal to move into ballot in the summer.

NetSec Working Group given by Clint Wilson

  • Risk Assessment is ongoing
  • Discussion on OCSP uptime requirements in the BRs and it’s essentially 24/7 – which is an atypical SLA. Starting to discuss what would be more realistic
    • Move towards drafting a requirement that requires Cas to report this in their CPS to get a better understanding of what would be more reasonable.
  • This couldn’t be a NetSec ballot since it’s in the BRs, but it should be in either the Server Cert group or maybe in the Validation group
    • Should be added to the server certificate working group agenda – maybe add it to next week
    • Other working groups will have to also update their BRs if they need it
    • Should there a baseline of baselines? That is the baseline requirements that goes for every type of certificate and then working groups make their own
    • Suggested that this conversations should be made on the mailing lists, not in a specific meeting.
  • Went through an complied issues in Github of things that have been discussed over the years to start going through

Any Other Business

  • Meeting in Poland is still in on. Wiki sign-ups are open. Notices will be sent out and all information is online
    • Is there anything we can do to help make the remote experience good?
    • Dean will check with the hosts


Check Also

2023-08-03 Minutes of the Server Certificate Working Group

ServerCert WG Meeting: August 3, 2023   Present: Aaron Gable – (Let’s Encrypt) Aaron Poulsen …