CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-05-26 Minutes of the CA/Browser Forum Teleconference

2022-05-26 Minutes of the CA/Browser Forum Teleconference

1. Opening Procedures- Dean

Roll Call

Attendees: Aaron Poulsen (Amazon), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Nargis Mannan (SecureTrust), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Trevoli Ponds-White (Amazon), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services), Lynn Jeun (Visa)

Read Antitrust Statement- Jos Purvis

Review Agenda

Approval of minutes of last call

Minutes are being prepared and should be ready soon.

2. Forum Infrastructure Subcommittee update given by Jos Purvis

  • Looking at changes to the webpage
  • Adding more tools to the tool page
  • Tagging system for minutes, ballots and other pages
  • Focus on updating antiquated pages. Content owners will be reached out
  • Looking at changing theme on the website
  • ASK: If anyone knows anything about how to work with CSS and PHP or WordPress, this WG is looking for support
  • Discussion about wiki and access rights and were able fix all issues
  • Will work with Github Activity bot will continue even on repos that are not as active
  • ASK: New membership testing site is rlive and please go into it and test it.
  • Did a review of the Infrastructure presentation from last face to face

3. Code Signing Certificate Working Group update given by Bruce Morton

  • Closed on ballot CSC 13 and updated CSBRs have been posted
  • Voting to change format of CSBRs passed and will be going into IPR
  • Discussed what will be discussed at Face to Face
  • Relooking at high-risk cert requests because it would allow keys to be generated in software, but that was moved
  • Once format is updated, group will work on eliminating references to SSL BRs to make CSBRs stand alone
  • Discussed Amazon Trust Services joining as an associate member and that is in motion

4. SMIME working group update given by Stephen Davidson

  • We are in a 30 day pre-ballot discussion period
  • Looking to move towards discussing issues in the next face to face and make a roadmap to move forward
  • Most comments are about language, not so much about content.

5. NetSec Working Group given by Clint Wilson

  • Want to talk at face-to-face about narrative around risks associated with CA infrastructure
  • Looking at definitions in NSRs and TLSBRs and acknowledging the guidelines in the other BRs
  • Same terms are used repeatedly but with different definitions
  • Looking to make a central document for definitions with the BRs

6. Any Other Business

  • Face-to-face June 6-8. There are 28 participants onsite and 50 online participants
  • Agenda will be sent out to list and was shared during the meeting
  • Meeting times for session were discussed as well.

F2F Meeting Schedule

  • 2022
  • June 6-8 – Poland (Note: Meeting dates are Mon-Weds and will be followed by the Trusted Economy Forum on Weds-Thurs), MEETING IS CONFIRMED
  • Oct 24-26 – Berlin (Note: Meeting dates are Mon-Weds and will be followed by the CA Day and TSP event on Thurs/Fri)
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).