CA/Browser Forum
Home » All CA/Browser Forum Posts » 2023-05-11 Minutes of the CA/Browser Forum Teleconference

2023-05-11 Minutes of the CA/Browser Forum Teleconference

  • Attendees: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Bruce Morton – (Entrust), Chris Clements – (Google), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), RIch Smith – (DigiCert), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)

  • The note-well was read by Paul

  • No changes to the agenda

  • Approval of April 27th minutes: Haven’t been received so can’t be approved. Moved to next call

  • Approval of March 30th minutes: Approved

  • SCWG update: A discussion was held on improvements to SC-62 but were not concluded. Also discussed was upcoming ballot SC-63 where discussions were held on the mailing list. In the validation subcommittee, there was a discussion of the ACME issuance workflow which spurned a discussion on whether or not one can delegate the domain validation to the CA. There was agreement that this should be allowed since it fosters automation. Next meeting will discuss how this will be tackled in the BRs. There was also a discussion on improvements to EV guidelines around disclosures of QGIS and sources that CAs have to provide. There will be a follow-up discussion.

  • CSCWG update: Finalized discussion on revocation reasons ballot, which is now in discussion period. Working on removal of references to the SSL BRs, which is getting close to ballot. Discussion on proposed topics for F2F meeting also took place.

  • SMIME WG update: Corey Bonnell gave a presentation on PKI lint which DigiCert has created and released as an open source linter, focused on ASN.1, which can look at different types of PKI structures. Approx 150 lints have been implemented so far, from the SMIME BRs. However, it can be expanded to other security frameworks. There is an intent to implement the linter for the SC-62 ballot. It’s available in github. A discussion around Enterprise RAs also was a topic of the meeting and will likely come up in the F2F.

  • Forum Infrastructure subcommittee: Brief meeting, nothing notable to report.

  • Netsec working group: The proposed ballot for updating section 4 of the NSRs was discussed in the WG meeting.

  • Bylaws changes: The necessary endorsers are in place and a ballot is expected soon. Tim Hollebeek stated he had submitted some changes to section 2.5 per the discussion on elections in Berlin and thought those could be done at the same time.

  • SCWG Charter update: Ben discussed proposed changes around probationary members or associate members (i.e. non-voting members). Although this is being discussed in the SCWG, it has to be voted at the Forum level. There is language around certificate consumers and participation. One proposal is that all members participate 30% in a 6 month period (orgs, not individuals) and attend 1 F2F meeting in the 12 month period. Another part of the changes is to define the criteria for certificate consumers. A discussion has whittled down an initial list of 10 items to 4-5 items. These are detailed in a separate mailer and will be brought to the Forum soon. A recommendation to have a moratorium on new certificate consumer is being proposed (this will be discussed in the SCWG call).

  • F2F Meeting in Redmond: 61 people have registered in-person and 19 remote.

  • F2F Agenda: A draft agenda is on the wiki. Regarding guest speakers, Karina stated that Aneta is confirming the 2 speakers. Signups should be closed by May 17th.

  • Any other business: None

  • Next call May 25th.

  • Meeting adjourned.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).