CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-11-10 Minutes of the CA/Browser Forum Teleconference

2022-11-10 Minutes of the CA/Browser Forum Teleconference

Attendees (in alphabetical order)

Aaron Poulsen (Amazon), Adam Clark (Visa), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Jos Purvis (Fastly), Lynn Jeun (Visa), Mads Henriksveen (Buypass AS), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Dickson (Google), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance

2. Read Antitrust Statement

The Antitrust Statement was read

3. Review Agenda

Today’s Agenda was approved.

4. Approval of Minutes of previous teleconference

There are pending draft minutes to be delivered from October 13. Dustin Hollenback will notify Karina as she was not on this call. Minutes from the last F2F are still being drafted. If you have a presentation for the Forum-level sessions, please send to Dimitris.

5. Forum Infrastructure Subcommittee update

Jos Purvis gave the update:

  • There was a bug discovered in the membership tool during the registration for the face to face that led to some duplicate name registrations that’s been resolved and corrected in the records.
  • Martijn is next working on quorum calculations, which is one of the last remaining manually processed items for officers.
  • Mailing list management will be next to work on, potentially pending an upgrade to our mailman system.
  • Inigo raised the issue that a lot of chair responsibilities were not documented. So Jos went and published some documentation and took the opportunity to offer it in the form of a potential upgrade to our wiki. The new wiki looks very promising and will be a significant upgrade. He plans to extend access to the “development” new wiki to the larger Forum Voting and Associate Member representatives. If people are interested, please send an email to Jos.
  • The Subcommittee also discussed about website page upgrades and potentially restructuring content. The goal is to preserve the long standing links https://cabrorum/org/….documents but provide pointers to the separate pages of the working groups rather than trying to maintain two copies of all the documents or two copies of the links for all the documents for all working groups.

Ben added that he worked with GoDaddy admins to upgrade the PHP from 7.4 to 8.0. The WordPress “theme” is incompatible with the new PHP version. We probably need to change the theme which means there will be a new “look and feel” of the website. If anyone has WordPress experience, knows a good theme that also works for mobile devices, please reach out to Ben.

Dimitris asked if we still have the dev wordpress site available for testing the new theme. Ben replied that he can test the new theme on-the-fly and switch it back if it doesn’t work well. The current theme is called “sahitha”.

On a different subject, Wayne mentioned that with the change of Chairs and Vice Chairs, there is some automation built on GitHub that allows officers to approve Pull Requests against their respective WGs. Permissions need to change and we are already in progress with this task. Paul received an invite which has been accepted and it looks like Kiran and David have pending invitations.

Jos added that during the transition, access to some GoogleDocs (e.g. the ones tracking ballots) needed to be reassigned.

Dimitris thanked the Infrastructure Subcommittee, lots of improvements since we started years ago.

6. Code Signing Certificate Working Group update

Bruce Morton gave the update:

  • The main topic of discussion was the signing services update. There is a “base update” which is out for a last review and soliciting some endorders. And when that’s through, then we’ll look at some more complicated changes that we want to make on signing services.

7. S/MIME Certificate Working Group update

Martijn Katerbarg gave the update:

  • The SMBRs ballot has passed and we are in the 60-day IPR review period
  • The group discussed about a couple of potential future changes or improvements. As the group gains additional experience it will tackle any potential issues that may come up once the implementation phase starts by various CAs over the next few months.

8. Network Security Working Group update

Clint Wilson gave the update:

  • There is a new calendar invite so Members of the WG should check the new link on the Member’s wiki
  • Primarily the discussion was over the redline of the air-gapped CA logical and physical security requirements. Already completed a first pass. The group basically identified how the new security controls map to the old and will be doing the inverse next time, making sure the language is consistent.

9. Any other business

There is a proposal to cancel the November 24 teleconference due to a US holiday (Thanksgiving). No objections were raised so the November 24 meeting is cancelled.

There was also agreement to reverse the order of the meetings between the Forum and the Server Certificate WG.

Dimitris is also working with Paul to present a plan of tasks/actions for the next 2-years at the next meeting.

10. Next call

Next meeting will take place at December 8, 2022 at 11:00 am Eastern Time.

11. Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).