CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-09-01 Minutes of the CA/Browser Forum Teleconference

2022-09-01 Minutes of the CA/Browser Forum Teleconference

1. Roll call

Attendees: Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Jos Purvis (Fastly), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

2. Antitrust statement

The Antitrust statement was read

3. Approval of previous meetings

– Aug 18 meeting minutes were approved

– July 21st meeting minutes were approved

4. Forum Infrastructure subcommittee

– Membership tool web site is now in production. Thank you Martijn!

– All data was imported from the current lists so all the profiles should be present. Each Member should log in and check the records.

5. Code Signing WG

– Discussed ballot regarding revocation in case of signing malware. The WG is close to getting a ballot out for that.

– Signing service proposal is now on GitHub for the WG to review.

– Updates in time-stamping issues coming up.

6. S/MIME WG

– Pre-ballot discussion period last minute comments/requests for changes.

– The intent is to move to ballot and official discussion period within the next week.

– Several topics are parked for v2 already (CAA, key escrow, etc).

7. NetSec WG

– Update on the threat modelling discussion. Working on a redline specifically around logical and physical equipment protections

Two major topics:

– The need to eliminate/reduce OCSP logging for privacy issues desire to move to downgrading or eliminating OCSP requirement

– Trusted Roles and why do we have Trusted Roles, perhaps change the terminology.

8. Any Other business

a. Chair nominations

– Dimitris Zacharopoulos has been nominated as Chair of the Plenary group, Karina is automatically nominated unless she declines.

– Stephen mentioned that he will be running for another term as SMCWG Chair

– Mads (current vice chair) said he needs more time to consider whether he will be a candidate for SMCWG Chair or not.

– Clint is also interested in another term as NetSec Chair

– No candidates for SCWG Chair

b. F2F meeting in Berlin

– Berlin meeting is scheduled from Monday to Wednesday during the last week of October. Already have 38 in person participants signed up. Capacity is 60.

– Interesting place (former GDR headquarters building with a lot of history)

– More information will be out on the wiki over the next weeks. Visa letters can be directed to Enrico.

– Guest speaker Dr Lochter will speak on PQC efforts within the German BSI

– On Thursday and Friday there is ENISA Trust Services Forum and CA Day event. Very interesting event with many topics for CAs. CABF Members are encouraged to stay until Friday. The event is held at the same location, same building. Sign-up is not open yet but will open soon. It’s limited to 100 persons to be physically present but there is also remote participation capability.

c. Spring Meeting

– March meeting 1st or 2nd week in Ottawa, Canada.

9. Next call

Next scheduled call is on September 15.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).