CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-04-26 Minute of the Network Security Working Group

2022-04-26 Minute of the Network Security Working Group

Attendance

  • Adam Jones – Microsoft
  • Antti Backman – Telia
  • Ben Wilson – Mozilla
  • Bruce Morton – entrust
  • Christopher Bonjean – GlobalSign
  • Clint Wilson – Apple
  • Corey Bonnell – DigiCert
  • Corey Rasmussen – OATI
  • David Kluge – Google Trust Services
  • Iñigo Barreira – Sectigo
  • Joanna Fox – TrustCor
  • Jozef Nigut – Disig
  • Paul van Brouwershaven – Entrust
  • Prachi Jain – Fastly
  • Rebecca Kelley – Apple
  • Roman Fischer – SwissSign
  • Ruben Annemans – GlobalSign
  • Tim Crawford – BDO
  • Tobias Josefowitz – Opera
  • Tony Seymour – Comsign
  • Trevoli Ponds – Amazon Trust Services

Minutes

1. Read Antitrust Statement

a.Clint Wilson read the antitrust statement

2. Roll Call

a. No new members in attendance

3. Review Agenda

a. Approved minutes from previous meetings

b. Review rough drafts of ballot proposals (SLO for Cert Info)

c. Update from Ben Wilson (Mozilla)

d. Open for other business

4. Ballot Status

a. David Kluge (Google Trust Services) shared that the ballot proposal document is in a stage to transfer over to the Certificate Working Group (Thursday Meeting) for review and more input before a formal submission.

i. Clint Wilson suggested sharing the ballot by the Public List would be a good introduction for public discussion.

b.David Kluge shared a few comments that are still need a solution. (1) The first being the Availability Targets. There should be some and they should defined in the SLO, but the question remains “Availability measured against what?” (2) Secondly, from a technical standpoint, most agreed that it would be great to have some objective reference point (a location of a measurable point), but there is still the missing problem of what such reference points should be.

i. Trevoli Ponds (Amazon Trust Services) agreed from the comments, that an example would be confusing. There should either be a minimum or no example in the BRs. If there has to be an example, one on the website would be satisfactory.

c. Discussion around the symbols in the examples in the draft ballot are not used by all. Examples were given between different CAs to explain how the symbols and values could be confusing.

i. The discussion focused on how clarification and understanding.

5. Ben Wilson Update

a. Ben Wilson (Mozilla) provided an update on the proposed changes he is currently working on.

**6. Other Business **

a. David Kluge (Google Trust Services) discussed the Risk Assessment that they Cloud Services Sub Group has been working on. A couple of weeks ago it was suggested that they use Microsoft Stride to document risk scenarios. Trevoli Ponds (Amazon Trust Services) has a contact that can assist in helping with this task.

Latest releases
Server Certificate Requirements
SC095v3: Clean-up 2025 - Apr 2, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.13 - Ballot SMC015v2 - Mar 28, 2026

This ballot introduces requirements that a CA or RA must follow to rely upon a Mobile Drivers License (mDL) to provide evidence for the authentication of individual identity. It allows the use of mDL that conform to ISO/IEC 18013-5 and which may be verified by the CA or RA in conformance with ISO/IEC 18013-7. The CA or RA shall only accept mDL from an Issuing Authority that is legally authorized by the relevant government or jurisdiction to issue driving licenses. The draft also aligns the subsections of 3.2.4.2 (Validation of individual identity) to correspond more closely with those in 3.2.4.1 (Attribute collection of individual identity). It also includes minor editorial corrections. SMC015v2 was updated to remove an additional reference to the superceded ETSI EN 319 403. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ben Wilson (Mozilla) and Scott Rea (eMudhra).

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Network Security
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).