CA/Browser Forum
Home » All CA/Browser Forum Posts » 2023-10-26 Minutes of the CA/Browser Forum Teleconference

2023-10-26 Minutes of the CA/Browser Forum Teleconference

These are the Final Minutes of the Teleconference described in the subject of this message, prepared by Michelle Coon (OATI).

Attendance

Aaron Poulsen – (Amazon), Abhishek Bhat – (eMudhra), Adam Jones – (Microsoft), Andrea Holland – (VikingCloud), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Brittany Randall – (GoDaddy), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Eva Vansteenberge – (GlobalSign), Inaba Atsushi – (GlobalSign), Janet Hines – (VikingCloud), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Nicol So – (CommScope), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies Inc), Scott Rea – (eMudhra), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wendy Brown – (US Federal PKI Management Authority), Yoshihiko Matsuo – (Japan Registry Services).** **

Minutes

  1. Roll Call: Dimitris conducted roll call**
  1. Note-well: Dimitris read the note-well.

  2. Review of Agenda: There were no changes to the agenda.

  3. Approval of minutes from the August 31 Teleconference (minutes were distributed October 3rd): No objections, minutes were approved.

  4. Approval of minutes from the September 28 Teleconference (minutes were distributed October 24th): No objections, minutes were approved.

  5. Approval of Forum-level Minutes for F2F 60:

  6. Updates received yesterday (10/25) from Google Chrome team related to the root program update.

  7. Postponing approval until next call.

7. Server Certificate Working Group update – Kiran Tummala

  • Last meeting was during Face-to-Face
  • Planning to look at old open issues and ID orders for them
  • Ballots – will discuss during server cert working group portion

8. Code Signing Certificate Working Group update – Bruce Morton

  • No meeting for Code Signing Certificate last week.
  • Bruce mentioned that the group is working on 5 ballots.
  • One ballot is moving SSL reference, and IPR review period ends tomorrow.
  • Drafted text for updating signing service, high-risk applications, and timestamping changes.
  • Discussion about removing references to the EV guidelines (a future ballot).
  • Key generation in hardware for students discussed, to be addressed in the October face-to-face meeting.
  1. S/MIME Certificate Working Group update – Stephen Davidson
  • Ballot in discussion for Drop In references to ETSI TS 119 411-6 cross-referencing the BRs for those that do ETSI audits.
  • Ongoing discussions related to observations during implementation
  • Clarify standard language or improve upon it
  • CAA for S/MIME up next
  • Legacy policy related to use of Common Name field in OV profiles
  1. Forum Infrastructure Subcommittee update – Wayne Thayer
  • Call last week discussed issues with mailing system (specifically Gmail – believe they (AWS) are rate limiting based on IP address) – potential upgrade of mail system.
  1. NetSec Working Group update – Clint Wilson
  • Call this week
  • Draft Ballot which replaces section 4 from CSA Cloud Controls Matrix – working through licensing for CA/B Forum to include in requirements
  • Re-organization of NSCRs and how that will work in conjunction with the section change noted above
  • Section 5 draft (offline environments) specific to Root CA systems

12. SCWG charter update – Ben Wilson

Ballot distributed to public list – discussion period ends Monday, 10/30/2023. If no comments, it will proceed to voting.

13. CSCWG charter update – Martijn Katerbarg

Draft in progress – added clarification around time-stamping certificates; removing old Bylaws version reference and fixing forum calculation which isn’t valid according to the charter. Pull request: https://github.com/cabforum/forum/pull/40/files. Looking for endorsers – HARICA will endorse.

  1. Separation of Forum and SCWG bi-weekly Teleconference
  • Dimitris has prepared a draft survey – awaiting peer feedback prior to distributing out
  • The Forum should receive 1 vote per member – if multiple representatives, then we want 1 answer for the member and which option of the slots they prefer – can either send the ballot to ONE representative and they can cast the vote OR send to all representatives, they can all vote but only the LAST one submitted counts. First option – will send email to management list and request one email address to be given for the ballot process. Or could have a Google doc/spreadsheet or wiki page where people can add their own – can pre-populate that. It is not just Voting Members because Associate Members can participate in the poll. Dimitris will add the members to a page, then will send an email to ask the voting representatives to designate an email address.
  1. Any Other Business
  • In two weeks, several industry meetings: ESI 81 in Brussels; PKI Consortium Postquantum meeting in Amsterdam; IETF week as well. S/MIME group has cancelled their meeting that week (November 6th week) – this group has a planned meeting on 11/09; recommendation to postpone. Two weeks after that is Thanksgiving holiday in the U.S. meaning next meeting would be 12/07/2023. Any objection to cancel next TWO meetings? No objections.
  • Sign up for next Face-to-Face in New Delhi (eMudhra)
  1. Next Meeting – December 7, 2023
  2. Adjourned
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).