CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-09-01 Minutes of the CA/Browser Forum Teleconference

2022-09-01 Minutes of the CA/Browser Forum Teleconference

1. Roll call

Attendees: Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Jos Purvis (Fastly), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

2. Antitrust statement

The Antitrust statement was read

3. Approval of previous meetings

– Aug 18 meeting minutes were approved

– July 21st meeting minutes were approved

4. Forum Infrastructure subcommittee

– Membership tool web site is now in production. Thank you Martijn!

– All data was imported from the current lists so all the profiles should be present. Each Member should log in and check the records.

5. Code Signing WG

– Discussed ballot regarding revocation in case of signing malware. The WG is close to getting a ballot out for that.

– Signing service proposal is now on GitHub for the WG to review.

– Updates in time-stamping issues coming up.

6. S/MIME WG

– Pre-ballot discussion period last minute comments/requests for changes.

– The intent is to move to ballot and official discussion period within the next week.

– Several topics are parked for v2 already (CAA, key escrow, etc).

7. NetSec WG

– Update on the threat modelling discussion. Working on a redline specifically around logical and physical equipment protections

Two major topics:

– The need to eliminate/reduce OCSP logging for privacy issues desire to move to downgrading or eliminating OCSP requirement

– Trusted Roles and why do we have Trusted Roles, perhaps change the terminology.

8. Any Other business

a. Chair nominations

– Dimitris Zacharopoulos has been nominated as Chair of the Plenary group, Karina is automatically nominated unless she declines.

– Stephen mentioned that he will be running for another term as SMCWG Chair

– Mads (current vice chair) said he needs more time to consider whether he will be a candidate for SMCWG Chair or not.

– Clint is also interested in another term as NetSec Chair

– No candidates for SCWG Chair

b. F2F meeting in Berlin

– Berlin meeting is scheduled from Monday to Wednesday during the last week of October. Already have 38 in person participants signed up. Capacity is 60.

– Interesting place (former GDR headquarters building with a lot of history)

– More information will be out on the wiki over the next weeks. Visa letters can be directed to Enrico.

– Guest speaker Dr Lochter will speak on PQC efforts within the German BSI

– On Thursday and Friday there is ENISA Trust Services Forum and CA Day event. Very interesting event with many topics for CAs. CABF Members are encouraged to stay until Friday. The event is held at the same location, same building. Sign-up is not open yet but will open soon. It’s limited to 100 persons to be physically present but there is also remote participation capability.

c. Spring Meeting

– March meeting 1st or 2nd week in Ottawa, Canada.

9. Next call

Next scheduled call is on September 15.

Latest releases
Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Forum Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).