CA/Browser Forum
Home » All CA/Browser Forum Posts » 2023-09-14 Minutes of the CA/Browser Forum Teleconference

2023-09-14 Minutes of the CA/Browser Forum Teleconference

Minutes prepared by Janet Hines – VikingCloud.

Attendance

Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Abhishek Bhat – (eMudhra), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Andrea Holland – (VikingCloud), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Hannah Sokol – (Microsoft), Inaba Atsushi – (GlobalSign), Jos Purvis – (Fastly), Keshava Nagaraju – (eMudhra), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Mrugesh Chandarana – (IdenTrust), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Nicol So – (CommScope), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Scott Rea – (eMudhra), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly), Yoshihiko Matsuo – (Japan Registry Services).** **

Minutes

  1. Note-well: Dimitris read the note-well. There were no changes to the agenda..
  2. Approval of minutes:

Minutes from the August 31 Teleconference were not distributed yet.

  1. SCWG – Corey Bonnell

Iñigo and Kiran were not on the call to give the SCWG update. Corey gave a quick update from the last validation subcommittee teleconference:

  • Q Misell’s presentation on ACME for Onion/Tor was given. They have a draft right now with the IETF. Discussion continues on the mailing list and GitHub.
  • Work was continued on the ‘Applicant’ and ‘Applicant Representative’ analysis. We have circled back and are working on lower priority list.
  • Next meeting will talk about F2F items for discussion.
  • Some progress on the EV Guidelines conversion.
  1. CSCWG – Bruce Morton
  • Ballot for removal of the SSL BR references has cleared IPR review and the new CS BR has been published.
  • Discussed signing service ballot update. Most of the text is done waiting on some review around prior comments.
  • Decided to postpone discussion around high risk until Microsoft investigates it.
  • Talked about TSA and timestamping and had recurring conversation on whether our charter covers that. We do think that our charter covers this. We may want to make some charter changes.
  • Next meeting will talk about F2F items for discussion.
  1. SMIME WG – Stephen Davidson
  • SMIME BRs are effective as of about two weeks ago.
  • Now looking at the auditability of services.
  • Clarification and errata ballot in the next few months.
  • Discussions of interest are around pseudonyms, organization identifiers at the state level and how various CAs are handling this. There may be F2F discussion around the organization identifiers.
  1. Forum Infrastructure Subcommittee – Jos Purvis
  • No meeting last week.
  • Currently trying to investigate the Gmail bounces.
  1. NetSec WG – Clint Wilson
  • Spent time on a mapping document between current network security requirements 1.7 and a branch.
  1. SCWG Charter Update – Ben Wilson
  • Discussions happen at the corresponding working group level before getting passed up to the forum level. This discussion could go either place.
  • Working on some language and trying to address concerns. There is one endorser so far and looking for one more.
  1. Draft Agenda for F2F 60
  • Draft agenda is on the wiki.
  • Thanks to Paul and Doug for putting this agenda together.
  • The goal is trying to get all the forum discussion topics on day 1, but had to move a little bit to day 2.
  • Adding an hour of open mic for bringing up new issues that are of interest.
  • Added Q&A times after the Root Program updates and Auditor updates.
  • Want to approve the final agenda at the next meeting.
  1. Separation of Forum and SCWG bi-weekly Teleconference

Survey questions were sent out and haven’t received any feedback.

  1. Any Other Business

No other business.

  1. Next Meeting – September 28, 2023
  2. Adjourned
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).