CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-04-11 Minutes of the CA/Browser Forum Teleconference

2024-04-11 Minutes of the CA/Browser Forum Teleconference

CA/Browser Forum Teleconference

April 11, 2024

Attendees: Aaron Gable - (Let’s Encrypt), Aaron Poulsen - (Amazon), Abhishek Bhat - (eMudhra), Adam Jones - (Microsoft), Adriano Santoni - (Actalis S.p.A.), Aggie Wang - (TrustAsia), Andrea Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Bruce Morton - (Entrust), Chris Clements - (Google), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), David Kluge - (Google), Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Gregory Tomko - (GlobalSign), Inaba Atsushi - (GlobalSign), Jaime Hablutzel - (OISTE Foundation), Janet Hines - (VikingCloud), Jay WIlson - (Sectigo), Johnny Reading - (GoDaddy), Jos Purvis - (Fastly), Karina Sirota - (Microsoft), Keshava Nagaraju - (eMudhra), Kiran Tummala - (Microsoft), Llew Curran - (GoDaddy), Lynn Jeun - (Visa), Mads Henriksveen - (Buypass AS), Mahua Chaudhuri - (Microsoft), Marcelo Silva - (Visa), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Miguel Sanchez - (Google), Mrugesh Chandarana - (IdenTrust), Nargis Mannan - (VikingCloud), Nate Smith - (GoDaddy), Naveen Kumar - (eMudhra), Paul van Brouwershaven - (Entrust), Peter Miskovic - (Disig), Rich Kapushinski - (CommScope), RIch Smith - (DigiCert), Rollin Yu - (TrustAsia), Ryan Dickson - (Google), Sandy Balzer - (SwissSign), Scott Rea - (eMudhra), Sissel Hoel - (Buypass AS), Stephen Davidson - (DigiCert), Tadahiko Ito - (SECOM Trust Systems), Tathan Thacker - (IdenTrust), Thomas Zermeno - (SSL.com), Tim Hollebeek - (DigiCert), Tobias Josefowitz - (Opera Software AS), Wayne Thayer - (Fastly), Yashwanth TM - (eMudhra), Yoshihiko Matsuo - (Japan Registry Services).

1. Roll Call

Dimitris indicated the number of participants from prior SCWG had not changed so we would take the list of attendees from WebEx (see above).

2. Read Note-well

Dimitris read the note-well statement.

3. Review Agenda

No updates to posted Agenda (see above) were suggested

4. Approval of Minutes from Last Teleconference

There were no minutes to approve since March 28, 2024 Teleconference minutes hadn’t been posted yet.

5. Server Certificate Working Group Update

Kiran provided the update on the SCWG.

  • SC72 has passed
  • SC70 is under discussion and will instantiate a PAG to deal with an essential claim prior to end of discussion period

Corey B provided update on Validation SubWG

  • Good discussion held in previous call around identifying DTPs in context of domain validation.
  • Some discussion around method 18 (http validation), brainstorming on how to identify DTPs as we consider each type of domain validation.

6. Code Signing Certificate Working Group Update

Bruce provided the update for CSCWG.

  • EV Guidelines Superseded Ballot was determined that no subsequent IPR was necessary and that document is now superseded. Dimitris indicated however that the superseded document needs to be updated in the repository so anyone who downloads it will get a “deprecated” notice.
  • Since no IPR was done on that ballot, there does seem to be some post ballot processes that were not kicked off. These need to be triggered even if an IPR is not done. Some process adjustments will be considered for future.
  • No movement on Ballot for removing the EV Guideline References in the CS BRs. Dimitris requested if anyone had reviewed the draft, but it was confirmed it was not discussed on last call. A reminder will be sent to the list.
  • CSC24 Timestamping Private Key Protection – is still in progress
  • Individual Membership was approved for researcher from Lawrence Berkley Lab
  • Associate Member status was approved for KeyFactor
  • Longer discussion around Microsoft’s evaluation of EV vs OV for Code Signing in terms of whether they would be treated the same in their products. Microsoft still evaluating and will provide clarity once their evaluation is complete.

7. S/MIME Working Group Update

Stephen provided the update for the SMCWG.

  • SMC06 closes voting in 1 hour – on the path to passing
  • A number of discussions have come up regarding items being discussed for SCWG (particularly BR related) and whether these also need to be considered and adopted by SMCWG and do they have the same relevance e.g. MPIC.
  • Plan always was to deprecate legacy profiles and align to reasonable practices across the industry wherever possible in terms of multi-purpose hierarchies. Some differences have been identified, a summary has been posted and discussion has been initiated.
  • Intention is to reuse as much of the TLS BRs as much as possible, but there are some logistical issues for transition, and having new requirements in new sections would be a lot more helpful in facilitating this.

8. Forum Infrastructure Subcommittee Update

Jos provided the update for FIS.

  • We went through GitHub backlog and prioritized items to be focused on in near term
  • A couple are just documentation oriented e.g. what does a new member need to know when they join. Solicitation for relevant content/topics was made.
  • Request for WG Chairs to document the membership application and review process in as detailed manner as possible to capture and perpetuate precedence so that we have consistency don’t have to revisit similar scenarios over and over.
  • There are several automation tasks identified e.g. construction, updating and tracking of ballot pages. The addition of an effective date for a ballot needs WGs to set these requirements as part of their ballot proposals, so that automation of these can be facilitated.
  • Other documentation includes: how things are done in GitHub
  • Other documentation: Documentation around standardization around how balloting numbering is addressed etc.
  • Review of proposal to replace voting by email will be a long process. Anticipation is that it won’t be a replacement but rather an alternative – so either the other option or email could be used.

9. NetSec Working Group Update

Clint provided the update for the NSWG.

  • NS003 Restructure Ballot effective date was settled and discussion has started (around 2 weeks ago)
  • NS002 Section 4 Ballot is nearing finalization of content and will go to discussion soon. There is some dependency on NS003 but they should be pretty close together.

10. IPR Update Subcommittee

Ben provided the update to the IUS.

  • Ben will draft a charter and the scope of this will be much broader than the PAG that was discussed earlier.
  • Tim will work with Ben on the draft.

11. Any Other Business

Dimitris indicated that Forum21 Ballot has passed. A new Glossary Forum level WG will be started.

Dimitris also indicated that all recordings will now be sent to Management list so that everyone can review there if interested. They are set to expire at 90 days, but may be deleted prior to that after minutes are published prior to that time.

Please register for next F2F meeting in Bergamo. Actalis has added a lot in info to the Wiki now.

12. Next Call

Next call: 25 April 2024

13. Adjourn

Meeting adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).