CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-10-13 Minutes of the CA/Browser Forum Teleconference

2022-10-13 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Aaron Poulsen (Amazon), Adam Jones (Microsoft), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), David Kluge (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Lynn Jeun (Visa), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Ryan Dickson (Google), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services).

Minutes

1. Roll Call

The Chair took attendance

2. Read Antitrust Statement

The Antitrust Statement was read

3. Review Agenda

Today’s Agenda was approved.

4. Approval of Minutes of previous teleconference

The Minutes from September 29 were approved. We still have pending minutes from August 18 that were sent late yesterday. No objections were raised to approving those minutes as well.

5. Forum Infrastructure Subcommittee update

Jos Purvis gave the update mentioning that it was a very quick meeting to basically touch base and make sure things were okay. No update on the tasks the SC are working on.

6. Code Signing Certificate Working Group update

Bruce Morton gave the update.

  • There was a relatively brief meeting. Dean was re-elected as Chair of the WG. There was some discussion on the revocation of certificates based on malware. Martijn will be providing another update to the proposal.
  • The signing service discussion was pushed off for the F2F meeting in Berlin
  • There are some updates for Timestamping but the plan is to push those after the signing service changes have been processed.

7. S/MIME Certificate Working Group update

Stephen Davidson gave the update:

  • The WG managed to resolve an issue that has been outstanding for some time regarding the “shall” requirement to offer OCSP services. Some clarifications were received from the Microsoft Policy which is to say that it requires OCSP for TLS Certificates but does not intend to require it for non-TLS Certificates. So there will be some changes to the draft and reopen the discussion period.
  • Tomorrow the voting period for the single nomination for Vice Chair, Martijn will start.

8. Network Security Working Group update

Clint Wilson gave the update:

  • There was a quick discussion around the Vice Chair, there is one nomination for David and that’s in the discussion period. The voting period will start next week
  • Also discussed about topics and high-level agenda items for the F2F
  • Then the group will continue to work on security controls, physical, logical air-gapped CAs
  • There will be a new NetSec meeting invite sent out and shared with the WG Members following the F2F.

9. Any other business

  • Vice Chair nominations/status

  • There are 2 candidates for the Forum

  • F2F signups. There has been some extension in the number of people that can attend physically, but it does close next week.

10. Next call

Next meeting will take place at the F2F.

11. Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).