CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-09-15 Minutes of the CA/Browser Forum Teleconference

2022-09-15 Minutes of the CA/Browser Forum Teleconference

Attendees: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services)

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Review Agenda

No changes were made to the agenda.

3. Approval of Minutes from Last Teleconference

Minutes of September 1st were approved.

On the last call we approved minutes from Aug 18th however, those minutes had not been published yet. Hence we cannot approve them. Karina will work to get those published.

4. Forum Infrastructure report

Jos gave the report. Mew Membership tool is up and running. Webex integration requires a special license. Cutover plan to new system discussed. Oct 1st is the target date to make the old system read only. Ballots will also be tabulated in the new tool. Future integrations with Mailman are planned but will require an upgrade of our system. Admin emails are going to a special mailbox. Working on upgrading php with GoDaddy.

5. Code Signing Working Group report

Bruce gave the report. Microsoft proposed moving the date to require keys on hardware to fall 2023. After discussion, it was decided to move that to June 2023. This will help provide some relief to those trying to become compliant. A new ballot is in process. Still working on signing service updates, malware proposals and timestamping.

6. S/MIME report

Stephen Davidson gave the report. Formal discussion period for the ballot is underway with much discussion taking place. A number of items have been raised toward the end of the discussion period. Some are minor but others involve more discussion. Hence there will likely be a delay going into ballot. This is not unusual, given this is the first version of this standard. Some minor changes include references to outdated ETSI standards. Effective date is 10 months from now so if something is found before then, changes can be made without affecting that date.

7. NetSec report

Clint gave the update. Working on risk assessment. Group would like to pause and gather feedback on it. Looked at air gap system requirements for NSSRs. Not quite finished but making progress.

8. Any other business

The face to face meeting is capped at 60 people but we have 63 signed up and 21 remote. Dean is talking to the host about expanding capacity to 70 but if that is not possible, we will have to limit the number of guests. Then we will have to go to the member list and limit the number of members from individual companies. A draft agenda has been published, with a start time of 11am local time with a 4pm end time (possibly longer for working groups). Dean is looking for topics to add to the agenda. The CA Day and TSP Day signups are open for Thursday and Friday that week.

Nominations Status: Forum Chair nominations are in and voting period will start soon. Vice Chair nominations will start soon.

Meeting adjourned.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).