CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-04-14 Minutes of the CA/Browser Forum Teleconference

2022-04-14 Minutes of the CA/Browser Forum Teleconference

Opening Procedures – Dean

Roll Call

Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Inaba Atsushi (GlobalSign), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Khairil Nizam Abdul Malek (MSC Trustgate Sdn Bhd), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services)

Read Antitrust Statement- Jos Purvis

Review Agenda

Approval of minutes of last call {.wp-block-heading}

Approved

Forum Infrastructure Subcommittee update given by Jos Purvis

  • Had successful migration of DNS to GoDaddy and now can stand up a dev host for membership tool to start testing
  • Going to create a label of ‘interested person’ for someone who is interested but not as a group in the tool
  • Creating a style guide on how to post things to the website-e.g. picking a consistent date for minutes to make sure things are consistent
  • There was a website issue over the weekend but it has been resolved. It was an internal issue but it was corrected very quickly.
  • Talked about tools page – adding more sections per type of interested person and adding additional tools

Code Signing Certificate Working Group update given by Bruce Morton

  • Approved ballot 13 for subscriber key protection. It’s in IPR and will be effective 11/15/2022.
  • Moving on to finalize format change to RFC 3647 format.

SMIME working group update given by Stephen Davidson

  • Draft of BRs is complete
  • Working through fringe cases that are not included in other types of BRs- common names, functional names (like help desk) or a pseudonym, as well as field serial number, which is can be used in different ways in S/MIME certs, like an employee ID number or a personal identifier like in ETSI
  • Moving into formal pre-ballot discussion period shortly. Now is the time for organizations to review and read
  • Goal to move into ballot in the summer.

NetSec Working Group given by Clint Wilson

  • Risk Assessment is ongoing
  • Discussion on OCSP uptime requirements in the BRs and it’s essentially 24/7 – which is an atypical SLA. Starting to discuss what would be more realistic
  • Move towards drafting a requirement that requires Cas to report this in their CPS to get a better understanding of what would be more reasonable.
  • This couldn’t be a NetSec ballot since it’s in the BRs, but it should be in either the Server Cert group or maybe in the Validation group
  • Should be added to the server certificate working group agenda – maybe add it to next week
  • Other working groups will have to also update their BRs if they need it
  • Should there a baseline of baselines? That is the baseline requirements that goes for every type of certificate and then working groups make their own
  • Suggested that this conversations should be made on the mailing lists, not in a specific meeting.
  • Went through an complied issues in Github of things that have been discussed over the years to start going through

Any Other Business

  • Meeting in Poland is still in on. Wiki sign-ups are open. Notices will be sent out and all information is online
  • Is there anything we can do to help make the remote experience good?
  • Dean will check with the hosts

MEETING ADJOURNED

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).