2022-07-21 Minutes of the CA/Browser Forum Teleconference

Attendees: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hogeun Yoo (NAVER Cloud), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Lynn Jeun (Visa), Marcelo Silva (Visa), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Nicolas Lidzborski (Google), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Meeting conducted by vice-chair Karina Sirota

1. The anti-trust statement was read.

2. The agenda was reviewed. No changes.

3. Approval of minutes of last call. Approved.

4. Forum Infrastructure Report: Jos gave the report. Spam pull requests on github were discussed at the last meeting (as one had recently occurred). This raised the question of how to restrict this. The group is researching it. In the meantime, a field will be added to the management membership tool of github user names. This will help keep track of the authorized users. A discussion of the website also occurred. Ben will discuss with GoDaddy. Also a discussion about mail delivery took place, which seems stable at this point. Lastly, the membership management tool is almost ready. Will discuss with Martijn when he returns. For phase 2, the membership tools will do the mailing list management automatically.

5. Code Signing Working Group report: Janet Hines gave the update. The signing service discussion was deferred until Bruce’s return. On timestamping, a further discussion needs to take place before a draft ballot is proposed. The malware proposal will be discussed on the next call.

6. S/MIME Working Group report: Stephen gave the update. Certipath has joined as an Associate Member and Visa has joined as a Certificate Issuer. The S/MIME draft discussions are continuing. Topics around Org ID will necessitate some tweaks to the draft. Expecting a formal ballot at the end of the summer.

7. NetSec Working Group report: Clint gave the update. A threat assessment update was discussed and the github backlog was reviewed. If anyone has comments, please look in the CA/B Forum Netsec repository and provide your feedback.

8. Any other business: Forum-18 is in discussion period. Next F2F in Berlin is open for signup. CA Day is also the same week. Wayne asked if any information has been published yet. Enrico and Arno are the ones to follow-up with.

9. Meeting Adjourned