CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-05-12 Minutes of the CA/Browser Forum Teleconference

2022-05-12 Minutes of the CA/Browser Forum Teleconference

1. Opening Procedures- Dean

Roll Call

Attendees: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Amanda Mendieta (Apple), Ben Wilson (Mozilla), Brian Keogh (Microsoft), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Hogeun Yoo (NAVER Cloud), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijay Kumar (India PKI Forum), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Read Antitrust Statement- Jos Purvis

Review Agenda

Approval of minutes of last call

  • Approved

2. Forum Infrastructure Subcommittee update given by Jos Purvis

  • No update due to no meeting

3. Code Signing Certificate Working Group update given by Bruce Morton

  • Closed on ballot and updated CSBRs have been posted
  • Started a ballot on format update that is currently in discussion period
  • Relooking at high-risk cert requests because it would allow keys to be generated in software
  • Will discuss Open questions on time stamps
  • Once format is updated, group will work on eliminating references to SSL BRs to make CSBRs stand alone

4. SMIME working group update given by Stephen Davidson

  • Entered 30 day pre-ballot discussion period to get feedback and the discuss at the face-to-face in Warsaw
  • Reviewed changes made to document that included changes to the way that organization vetting occurs, introducing some flexibility for naming in the legacy profile and consideration of data protection

5. NetSec Working Group given by David Kluge

  • Revived older ballot drafts, in particular about offline and air gapped root CA systems
  • Still working on risk assessments and threat modeling to identity specific risks.
  • Have guest speaker to talk on this.

6. Any Other Business

  • For F2F, Working groups should have short update presentations and talk to Dean about timing needed for sessions
  • 22 people will be attending in person and 26 people will be attending remotely.
  • Shared agenda on screen and brief overview of agenda

F2F Meeting Schedule

  • 2022
  • June 6-8 – Poland (Note: Meeting dates are Mon-Weds and will be followed by the Trusted Economy Forum on Weds-Thurs), MEETING IS CONFIRMED
  • Oct 24-26 – Berlin (Note: Meeting dates are Mon-Weds and will be followed by the CA Day and TSP event on Thurs/Fri)
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).