CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-05-09 Minutes of the CA/Browser Forum Teleconference

2024-05-09 Minutes of the CA/Browser Forum Teleconference

Attendees

  • Aaron Gable - (Let’s Encrypt)
  • Abhishek Bhat - (eMudhra)
  • Adam Jones - (Microsoft)
  • Adriano Santoni - (Actalis S.p.A.)
  • Andrea Holland - (VikingCloud)
  • Ben Wilson - (Mozilla)
  • Brianca Martin - (Amazon)
  • Brittany Randall - (GoDaddy)
  • Bruce Morton - (Entrust)
  • Chad Dandar - (Cisco Systems)
  • Clint Wilson - (Apple)
  • Corey Bonnell - (DigiCert)
  • Corey Rasmussen - (OATI)
  • Dimitris Zacharopoulos - (HARICA)
  • Dong Wha Shin - (MOIS (Ministry of Interior and Safety) of the republic of Korea)
  • Doug Beattie - (GlobalSign)
  • Enrico Entscheidungen - (D-TRUST)
  • Georgy Sebastian - (Amazon)
  • Gregory Tomko - (GlobalSign)
  • Inaba Atsushi - (GlobalSign)
  • Inigo Barreira - (Sectigo)
  • Jaime Hablutzel - (OISTE Foundation)
  • Johnny Reading - (GoDaddy)
  • Jos Purvis - (Fastly)
  • Keshava Nagaraju - (eMudhra)
  • Kiran Tummala - (Microsoft)
  • Luis Cervantes - (GoDaddy)
  • Mads Henriksveen - (Buypass AS)
  • Marco Schambach - (IdenTrust)
  • Michelle Coon - (OATI)
  • Miguel Sanchez - (Google)
  • Mrugesh Chandarana - (IdenTrust)
  • Nargis Mannan - (VikingCloud)
  • Nate Smith - (GoDaddy)
  • Naveen Kumar - (eMudhra)
  • Nicol So - (CommScope)
  • Nome Huang - (TrustAsia)
  • Rebecca Kelly - (SSL.com)
  • RIch Smith - (DigiCert)
  • Rollin Yu - (TrustAsia)
  • Scott Rea - (eMudhra)
  • Stephen Davidson - (DigiCert)
  • Steven Deitte - (GoDaddy)
  • Tadahiko Ito - (SECOM Trust Systems)
  • Tathan Thacker - (IdenTrust)
  • Tim Hollebeek - (DigiCert)
  • Tobias Josefowitz - (Opera Software AS)
  • Trevoli Ponds-White - (Amazon)
  • Tsung-Min Kuo - (Chunghwa Telecom)
  • Wayne Thayer - (Fastly)
  • Wendy Brown - (US Federal PKI Management Authority)

Administrivia

  • Aaron Gable taking minutes
  • Roll call taken via Webex
  • Dimitris Zacharopoulos read the note-well
  • Minutes from April 25 approved

Server Certificate Working Group update (Inigo Barreira)

  • Continued triage of GitHub issues
  • Patent Advisory Group created as a result of exclusion notice filed on SC-070 had its first meeting, elected Ben Wilson as chair, and drafted and sent an email requesting clarification from GoDaddy
  • Currently soliciting F2F agenda topics
  • The EVGs have published a new version based on Ballot SC-072

Validation Subcommittee update (Corey Bonnell)

  • Continued discussion of identifying Delegated Third Parties in validation methods

Code Signing Certificate Working Group update (Bruce Morton)

  • Still working on a ballot to pull various EV requirements into the CSBRs
  • Ran into some difficulties regarding Organization Identifier, so will probably leave that field as-is for now
  • Also still updating the Timestamp ballot
  • Discussing reducing the maximum validity of code-signing certificates, from 39 months to 15 months
  • Discussing unifying EV and non-EV code-signing certificates into just one type
  • Still finalizing F2F agenda, expect to discuss the topics above
  • Dimitris points out that the CSBRs reference a specific version of the NetSec requirements, and will also have to do a ballot to update that version

Forum Infrastructure Subcommittee update (Jos Purvis)

  • Working through issues with mailing lists, considering upgrading mailman
  • Ran an experiment to convert a list to Google Groups, which mostly works, but involves rewriting headers
  • One solution would be to change MX records and do all mail delivery via Google, but would likely result in a temporary disruption of mail delivery
  • Intend to create a test plan to propose to all other working groups
  • Lots of documentation work, which is a Forum-wide effort
  • Intend to set up the IPR Subcommittee on Google Groups as a test subject, since it is intended to be a short-lived group

S/MIME Certificate Working Group update (Stephen Davidson)

  • Ballot SMC-06 exits IPR at the end of this week, has effective date in September
  • Upcoming ballot to create parity with recent BRs logging changes
  • Some concerns about shorter validity periods from smartcard providers due to more difficult provisioning
  • New certificate consumer member: Posteo, a webmail provider

NetSec Working Group update (Clint Wilson)

  • Ballot NS-03 is in IP Review period
  • Ballot to update Section 4 still being workshopped, particularly for clarity around cadence/timelines of things like penetration tests

IPR Subcommittee update (Ben Wilson)

  • Ballot FORUM-022 would establish this new subcommittee
  • Ballot is currently in discussion period, no comments so far

Bylaws update preparation (Dimitris Zacharopoulos)

  • No update

F2F#62 agenda preparation (Dimitris Zacharopoulos)

  • KeyFactor will not be able to present their plans for a linting engine
  • Still soliciting additional topics

Any other business

  • Trevoli Ponds-White reports that Amazon has been asked to move the October F2F from Oct 1-3 to Oct 8-10, due to a major holiday

Next meeting

  • May 23 (not cancelled)
  • Will start 1 hour after the ServerCert WG call would normally start

Meeting adjourned

Latest releases
Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Forum Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).