CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-07-07 Minutes of the CA/Browser Forum Teleconference

2022-07-07 Minutes of the CA/Browser Forum Teleconference

1. Opening Procedures – Dean Coclin

  1. Roll Call Aaron Poulsen (Amazon), Adam Jones (Microsoft), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Vijay Kumar (eMuhdra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
  2. Read Antitrust Statement- Jos Purvis
  3. Review Agenda
  4. Approval of minutes of last call
  • Available shortly after this call

2. Forum Infrastructure Subcommittee update given by Jos Purvis

  • Met shortly and agreed to keep moving forward
  • Ask for members to continue testing the membership tools

3. Code Signing Certificate Working Group update given by Corey Bonnell

  • CSC 14 successfully passed IPR review and become effective last Wednesday
  • Pushed back discussion on signing service requirements due to Bruce’s absense
  • Discussion on clean up ballot with minor fixes because of PanDoc format
  • Martin from Sectigo’s revocation requirements improvements ballot was discussed very briefly

4. SMIME working group update given by Stephen Davidson

  • Canceled. No Update

5. NetSec Working Group given by Clint Wilson

  • Discussed two membership applications- SSL.Com and Fastly. Both have been approved.
  • Talked about Risk Assessment- still have some work to do on the first component of the risk assessment, but it’s getting closer. Once that is done, group will move forward to next component
  • Talked about topics from the backburner
  • Talked about redline on what cloud hosted infrastructure would mean and what the expectations are for airgapped CAs

6. Any Other Business

  • Berlin page on Wiki is open for signups and details
Latest releases
Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).