2022-09-01 Minutes of the CA/Browser Forum Teleconference
1. Roll call
Attendees: Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Jos Purvis (Fastly), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
2. Antitrust statement
The Antitrust statement was read
3. Approval of previous meetings
– Aug 18 meeting minutes were approved
– July 21st meeting minutes were approved
4. Forum Infrastructure subcommittee
– Membership tool web site is now in production. Thank you Martijn!
– All data was imported from the current lists so all the profiles should be present. Each Member should log in and check the records.
5. Code Signing WG
– Discussed ballot regarding revocation in case of signing malware. The WG is close to getting a ballot out for that.
– Signing service proposal is now on GitHub for the WG to review.
– Updates in time-stamping issues coming up.
6. S/MIME WG
– Pre-ballot discussion period last minute comments/requests for changes.
– The intent is to move to ballot and official discussion period within the next week.
– Several topics are parked for v2 already (CAA, key escrow, etc).
7. NetSec WG
– Update on the threat modelling discussion. Working on a redline specifically around logical and physical equipment protections
Two major topics:
– The need to eliminate/reduce OCSP logging for privacy issues desire to move to downgrading or eliminating OCSP requirement
– Trusted Roles and why do we have Trusted Roles, perhaps change the terminology.
8. Any Other business
a. Chair nominations
– Dimitris Zacharopoulos has been nominated as Chair of the Plenary group, Karina is automatically nominated unless she declines.
– Stephen mentioned that he will be running for another term as SMCWG Chair
– Mads (current vice chair) said he needs more time to consider whether he will be a candidate for SMCWG Chair or not.
– Clint is also interested in another term as NetSec Chair
– No candidates for SCWG Chair
b. F2F meeting in Berlin
– Berlin meeting is scheduled from Monday to Wednesday during the last week of October. Already have 38 in person participants signed up. Capacity is 60.
– Interesting place (former GDR headquarters building with a lot of history)
– More information will be out on the wiki over the next weeks. Visa letters can be directed to Enrico.
– Guest speaker Dr Lochter will speak on PQC efforts within the German BSI
– On Thursday and Friday there is ENISA Trust Services Forum and CA Day event. Very interesting event with many topics for CAs. CABF Members are encouraged to stay until Friday. The event is held at the same location, same building. Sign-up is not open yet but will open soon. It’s limited to 100 persons to be physically present but there is also remote participation capability.
c. Spring Meeting
– March meeting 1st or 2nd week in Ottawa, Canada.
9. Next call
Next scheduled call is on September 15.