CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-04-25 Minutes of the CA/Browser Forum Teleconference

2024-04-25 Minutes of the CA/Browser Forum Teleconference

Attendees

  • Aaron Poulsen (Amazon Trust Services)
  • Adam Jones (Microsoft)
  • Andrea Holland (VikingCloud)
  • Ben Wilson (Mozilla)
  • Bindi Davé (DigiCert)
  • Brianca Martin (Amazon)
  • Chris Clements (Google Chrome)
  • Clint Wilson (Apple)
  • Corey Bonnell (DigiCert)
  • Corey Rasmussen (OATI)
  • Dimitris Zacharopoulos (HARICA)
  • Dong Wha Shin (MOIS)
  • Doug Beattie (GlobalSign)
  • Dustin Hollenback (Microsoft)
  • Enrico Entschew (D-Trust)
  • Gregory Tomko (GlobalSign)
  • Inaba Atsushi (GlobalSign)
  • Inigo Barreira (Sectigo)
  • Jaime Hablutzel (OISTE Foundation)
  • Janet Hines (VikingCloud)
  • Jay Wilson (Sectigo)
  • Johnny Reading (GoDaddy)
  • Keshava Nagaraju (eMudhra)
  • Kiran Tummala (Microsoft)
  • Li-Chun Chen (Chunghwa Telecom)
  • Lynn Jeun (Visa)
  • Mads Henriksveen (Buypass AS)
  • Mahua Chaudhuri (Microsoft)
  • Marco Schambach (IdenTrust)
  • Martijn Katerbarg (Sectigo)
  • Michael Slaughter (Amazon Trust Services)
  • Miguel Sanchez (Google Trust Services)
  • Mrugesh Chandarana (IdenTrust)
  • Nargis Mannan (VikingCloud)
  • Nate Smith (GoDaddy)
  • Nicol So (CommScope)
  • Nome Huang (TrustAsia)
  • Peter Miskovic (Disig)
  • Rollin Yu (TrustAsia)
  • Ryan Dickson (Google Chrome)
  • Scott Rea (eMudhra)
  • Sissel Hoel (Buypass)
  • Stephen Davidson (DigiCert)
  • Steven Deitte (GoDaddy)
  • Tadahiko Ito (SECOM Trust Systems)
  • Tathan Thacker (IdenTrust)
  • Thomas Zermeno (SSL.com)
  • Tim Hollebeek (DigiCert)
  • Trevoli Ponds-White (Amazon Trust Services)
  • Tsung-Min Kuo (Chunghwa Telecom)
  • Wayne Thayer (Fastly)
  • Wendy Brown (US Federal PKI Management Authority)
  • Yashwanth TM (eMudhra)

Agenda

  1. Begin Recording - Roll Call
    N/A - the call is already recording. Dimitris greeted participants and opened the meeting.
  2. Read note-well
    Dimitris read the note-well.
  3. Review of Agenda
    Dimitris reviewed the agenda. No additional agenda items were raised for discussion.
  4. Approval of minutes from the March 28, 2024 Teleconference
    (minutes were distributed 2024-04-19)
    Dimitris made a call for objections, none voiced. The draft minutes are considered approved.
  5. Approval of minutes from the April 11, 2024 Teleconference
    (minutes were distributed 2024-04-18)
    Dimitris made a call for objections, none voiced. The draft minutes are considered approved.
  6. Server Certificate Working Group update
    (Inigo)
    Inigo summarized the last SCWG call that took place immediately prior to this call. Please refer to the SCWG minutes.
    • Validation Subcommittee updates: Last week’s meeting focused on continued discussions re: EV automation improvement ballot. The text is largely finalized. Globalsign is looking for endorsers. If interested, please contact Eva directly.
    • Continued discussions re: improvements to 3.2.2.4.7 (CA assisted domain validation). Language finalized, formal balloting process expected to begin shortly. Endorsers needed.
    • Wayne led discussion to allow use of the ACME dns-account-01 validation method. Next steps will progress once an updated IETF draft is available to address open questions.
    • Discussion related to delegated third parties (DTPs) with regard to domain validation. Tackled methods .19 and .20 and outlined potential DTPs. Next meeting will focus on email validation methods.
    • Other discussion: Related to the SCWG, Dimitris was interested in learning more about the PAG Inigo described that Ben has been leading the PAG. A meeting is planned for the following Monday, and Ben has prepared an agenda to lead the group.
  7. Code Signing Certificate Working Group update
    (Bruce)
    No updates.
  8. S/MIME Certificate Working Group update
    (Stephen)
    SMC-06 is in IPR review, ending May 11th. Noteworthy deadline: 9/15/24 - changes validation requirements for organizations.
    • General updates: Long-running discussion re: deprecation of legacy profiles. Deprecation is forecasted for the middle of 2025. Stephen encouraged CAs who foresee challenges with the transition from the legacy profiles to participate in the S/MIME Working Group. Other updates are being discussed within the Working Group to include consistency with the TLS BRs: logging requirements, delegated DNS, and potentially Multi-Perspective Issuance Corroboration.
  9. Forum Infrastructure Subcommittee update
    (Jos)
    No updates.
  10. NetSec Working Group update
    (Clint)
    Clint shared the group met on Tuesday. No final feedback or updates required related to NS-03 as a result of the discussion period, ballot is now in the voting period.
  • Briefly spent time reviewing the Section 4 ballot (finalized, ready to go into discussion, dependent upon NS-03 completing the voting process).
  • Remainder of time was spent discussing items that the group might shift focus to next (list of 10 or so items created, and issues in GitHub that should be revisited). Time spent in the subsequent meeting and at F2F will help set future course of action.
  1. IPR update Subcommittee Charter
    (Ben)
    Ben shared a revised charter has been prepared, with one endorser. Dimitris will give a final review and likely will feel comfortable endorsing.
  2. Bylaws update preparation
    (Dimitris)
    Dimitris shared screen, reviewed bylaws-related issues in GitHub discussed at the last F2F meeting. These items will guide subsequent updates to the bylaws.
  • Open items: Remove letters of intent for associate members, Standardize release cycles of Guidelines, Introduction of e-voting. Discussion on these issues and/or proposed updates are welcome.
  1. F2F#62 agenda preparation
    (Dimitris)
    Dimitris expects each WG to come up with its own agenda for the F2F. Elements of the draft agenda need to be confirmed and finalized. We need to prepare for the upcoming elections cycle. We’ll use a new process, and this will be discussed at the F2F. Each WG will still maintain its own nomination and voting process (run through its list, or possibly through the e-voting method).
  2. Any Other Business
  • New Definitions and Glossary Working Group: There’s an open declaration for participation. If you want to participate in the WG, declare it in the public list. Dimitris assumes WG Chair/Vice-chair will work with the Forum Infrastructure subcommittee to stand up email lists/etc.
  • Adriano shared final logistics re: F2F. If you have questions or need help, email Adriano and Dimitris.
  • No other discussion.
  1. Next call: May 9, 2024
  2. Adjourn
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).