CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-03-28 Minutes of the CA/Browser Forum Teleconference

2024-03-28 Minutes of the CA/Browser Forum Teleconference

CA/Browser Forum Teleconference

March 28, 2024

Attendees: Aaron Gable - (Let’s Encrypt), Aaron Poulsen - (Amazon), Abhishek Bhat - (eMudhra), Adam Jones - (Microsoft), Adrian Mueller - (SwissSign), Adriano Santoni - (Actalis S.p.A.), Andreas Henschel - (D-TRUST), Antti Backman - (Telia Company), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Bruce Morton - (Entrust), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), Dean Coclin - (DigiCert), Dong Wha Shin - (MOIS (Ministry of Interior and Safety) of the republic of Korea), Inaba Atsushi - (GlobalSign), Jaime Hablutzel - (OISTE Foundation), Jay WIlson - (Sectigo), Johnny Reading - (GoDaddy), Jos Purvis - (Fastly), Karina Sirota - (Microsoft), Keshava Nagaraju - (eMudhra), Kiran Tummala - (Microsoft), Lynn Jeun - (Visa), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Michael Slaughter - (Amazon), Michelle Coon - (OATI), Miguel Sanchez - (Google), Nargis Mannan - (VikingCloud), Nate Smith - (GoDaddy), Naveen Kumar - (eMudhra), Nicol So - (CommScope), Nome Huang - (TrustAsia), Paul van Brouwershaven - (Entrust), Rich Kapushinski - (CommScope), RIch Smith - (DigiCert), Rollin Yu - (TrustAsia), Sandy Balzer - (SwissSign), Scott Rea - (eMudhra), Stephen Davidson - (DigiCert), Tathan Thacker - (IdenTrust), Thomas Zermeno - (SSL.com), Trevoli Ponds-White - (Amazon), Wayne Thayer - (Fastly), Wendy Brown - (US Federal PKI Management Authority), Yashwanth TM - (eMudhra), Yoshihiko Matsuo - (Japan Registry Services).

1.Roll Call

Paul Van indicated 7 new participants from prior SCWG (see above).

2.Read Note-well

Paul read the note-well statement.

3.Review Agenda

No updates

4.Approval of Minutes

a) Minutes from the February 15, 2024 Teleconference(minutes were distributed 2024-03-21) was approved.

b) Minutes from March 14, 2024 Teleconference (minutes were distributed 2024-03-15) was approved.

c) Minutes from F2F 61 (minutes was updated 2024-03-25) was approved.

5.Server Certificate Working Group update

Kiran provided the update on the SCWG.

  • SC72 is in voting period.
  • SC73 is in discussion period.
  • Compromised/Weak key is in review period.

Wayne provided update on Validation SubWG.

  • Multi perspective domain validation ballot is in an extended discussion period.
  • There was discussion about the EV guideline related to the automation, BR 3.2.2.4 and BR 3.2.2.4 domain/IP address validation method.

6.Code Signing Certificate Working Group update

Bruce provided the update for CSCWG.

  • Timestamp requirement ballot is going to discussion period.
  • There was discussion about Superseded Ballot SCS-23 EV Code Signing Guidelines is needed subsequence IPR.
  • Identrust has been accepted as a full member and WG will have further discussion regarding the Key Factor being upgraded to an associate member.

7.S/MIME Certificate Working Group update

Stephen provided the update for SMCWG.

  • SMC06 is in discussion period through next Thursday.
  • Some of the relevant new language was inserted in the middle of section 3.2.2.2 of the TLS BR. The S/MIME BR incorporate the text from section 3.2.2.4.
  • The WG discussed that the S/MIME “adopted and then improved” the organizationIdentifier text from the EV Guidelines - particularly in the use of the GOV, INT, and LEI (when Active/Corroborated) registration schemes.
  • There will be a discussion relating to the use of the Legacy profiles and the reasonable timeframe for the deprecation of Legacy.

8.Forum Infrastructure Subcommittee update

Jos provided the update for FIS.

  • There was a discussion about mailing list starting with moving the infrastructure list over to Google groups. WG will have a report to the forum on what that looks like and what our proposal is for fixing things up.
  • WG will Continually improve the membership tools to make them more useful and reduce the need for separate spreadsheets to calculate quorum for a particular ballot.
  • WG discussed about the contents of the website, GitHub repository for infrastructure.

9.NetSec Working Group update

Clint provided the update for NSWG.

  • WG reviewed the Restructure Draft about any remaining feedback and it will move into a discussion period.

10.IPR update Subcommittee

Ben provided the updated to the IUS.

Ben was soliciting interest members to participate in PAG, so far about 10 to 15 individuals have shown interest. Ben proposed the deadline for receiving new members to April 5th.

11.Next F2F meeting schedule

  • May28-30, 2024 :Bergamo, Italy (Registration will close after at the end of this month. )

  • Oct 1-3, 2024: Seattle, WA, USA(Amazon)

  • March: Tokyo, Japan (SECOM)

  • June: Toronto, Canada (CPA Canada)

  • October: Warsaw, Poland (Asseco Data Systems)

12.Next call: April 11, 2024

13.Adjourn

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).