CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-04-26 Minute of the Network Security Working Group

2022-04-26 Minute of the Network Security Working Group

Attendance

  • Adam Jones – Microsoft
  • Antti Backman – Telia
  • Ben Wilson – Mozilla
  • Bruce Morton – entrust
  • Christopher Bonjean – GlobalSign
  • Clint Wilson – Apple
  • Corey Bonnell – DigiCert
  • Corey Rasmussen – OATI
  • David Kluge – Google Trust Services
  • Iñigo Barreira – Sectigo
  • Joanna Fox – TrustCor
  • Jozef Nigut – Disig
  • Paul van Brouwershaven – Entrust
  • Prachi Jain – Fastly
  • Rebecca Kelley – Apple
  • Roman Fischer – SwissSign
  • Ruben Annemans – GlobalSign
  • Tim Crawford – BDO
  • Tobias Josefowitz – Opera
  • Tony Seymour – Comsign
  • Trevoli Ponds – Amazon Trust Services

Minutes

1. Read Antitrust Statement

a.Clint Wilson read the antitrust statement

2. Roll Call

a. No new members in attendance

3. Review Agenda

a. Approved minutes from previous meetings

b. Review rough drafts of ballot proposals (SLO for Cert Info)

c. Update from Ben Wilson (Mozilla)

d. Open for other business

4. Ballot Status

a. David Kluge (Google Trust Services) shared that the ballot proposal document is in a stage to transfer over to the Certificate Working Group (Thursday Meeting) for review and more input before a formal submission.

i. Clint Wilson suggested sharing the ballot by the Public List would be a good introduction for public discussion.

b.David Kluge shared a few comments that are still need a solution. (1) The first being the Availability Targets. There should be some and they should defined in the SLO, but the question remains “Availability measured against what?” (2) Secondly, from a technical standpoint, most agreed that it would be great to have some objective reference point (a location of a measurable point), but there is still the missing problem of what such reference points should be.

i. Trevoli Ponds (Amazon Trust Services) agreed from the comments, that an example would be confusing. There should either be a minimum or no example in the BRs. If there has to be an example, one on the website would be satisfactory.

c. Discussion around the symbols in the examples in the draft ballot are not used by all. Examples were given between different CAs to explain how the symbols and values could be confusing.

i. The discussion focused on how clarification and understanding.

5. Ben Wilson Update

a. Ben Wilson (Mozilla) provided an update on the proposed changes he is currently working on.

**6. Other Business **

a. David Kluge (Google Trust Services) discussed the Risk Assessment that they Cloud Services Sub Group has been working on. A couple of weeks ago it was suggested that they use Microsoft Stride to document risk scenarios. Trevoli Ponds (Amazon Trust Services) has a contact that can assist in helping with this task.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).