CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-06-20 Minutes of the CA/Browser Forum Teleconference

2024-06-20 Minutes of the CA/Browser Forum Teleconference

Attendees

  • Aaron Gable (Let’s Encrypt)
  • Aaron Poulsen (Amazon)
  • Adrian Mueller (SwissSign)
  • Adriano Santoni (Actalis S.p.A.)
  • Ben Wilson (Mozilla)
  • Brianca Martin (Amazon)
  • Bruce Morton (Entrust)
  • Chad Dandar (Cisco Systems)
  • Corey Rasmussen (OATI)
  • Dean Coclin (DigiCert)
  • Dimitris Zacharopoulos (HARICA)
  • Doug Beattie (GlobalSign)
  • Enrico Entschew (D-TRUST)
  • Inaba Atsushi (GlobalSign)
  • Jaime Hablutzel (OISTE Foundation)
  • Janet Hines (VikingCloud)
  • Jos Purvis (Fastly)
  • Kiran Tummala (Microsoft)
  • Llew Curran (GoDaddy)
  • Mads Henriksveen (Buypass AS)
  • Marco Schambach (IdenTrust)
  • Martijn Katerbarg (Sectigo)
  • Michelle Coon (OATI)
  • Miguel Sanchez (Google)
  • Naveen Kumar (eMudhra)
  • Nicol So (CommScope)
  • Nome Huang (TrustAsia)
  • Paul van Brouwershaven (Entrust)
  • Pedro Fuentes (OISTE Foundation)
  • Rebecca Kelly (SSL.com)
  • Sandy Balzer (SwissSign)
  • Scott Rea (eMudhra)
  • Tathan Thacker (IdenTrust)
  • Thomas Zermeno (SSL.com)
  • Tim Hollebeek (DigiCert)
  • Tobias Josefowitz (Opera Software AS)
  • Tsung-Min Kuo (Chunghwa Telecom)
  • Wayne Thayer (Fastly)
  • Wendy Brown (US Federal PKI Management Authority)

Agenda

  1. Begin Recording - Roll Call
    Dimitris Zacharopoulos opened the meeting.

  2. Read note-well
    Dimitris read the note-well.

  3. Review of Agenda
    No additional topics were proposed.

  4. Approval of minutes from June 6, 2024 Teleconference
    (minutes were circulated 2024-06-07) - approved

  5. Server Certificate Working Group update (Inigo)
    Made summary from F2F, continued to triage open issues and continued with the PAG. Continued working with ballot SC67 and 75. Validation SC was working on improving registration numbers and alternative for registration agencies. Enrico proposing change to LDAP schemes. Working on F2F minutes. Dimitris is working on F2F minutes and is having troubles with links to presentations. Paul offered some advice and support from other meetings.

  6. Code Signing Certificate Working Group update (Bruce)
    Ballot for removing EVG references from CSBRs is in voting period. Time-stamp ballot failed due to quorum and needs to be re-submitted. We are also working on simplifying EV requirements, since Microsoft wants one version of Code Signing certificates.

  7. S/MIME Certificate Working Group update (Stephen)
    Had presentation from Tim H on PQC and S/MIME. Recently passed SMC07 for Logging and Private Key Escrow. Soon starting SMC08 to deprecate Legacy Profile; expect to start next week. Looking at ballot SC67 since the change would impact domain validation for S/MIME, so may be looking at setting a specific TLS BR version.

  8. NetSec Working Group update (Clint)
    Clint was not available and no update was provided.

  9. Definitions and Glossary Working Group (Tim H.)
    Mailing list is setup. Had a kick-off at F2F. Will test mailing list, pick a time for a meeting and set up a new meeting.

  10. Forum Infrastructure Subcommittee update (Jos)
    Migration of Infrastructure mailing list is complete and has been functional. Martijn is working on other mailing lists which could be migrated during IPR periods, but not in voting periods. Archives are now being uploaded as each group gets migrated. Need to update instructions as to how to join and read the archives. There were discussions about the “Google” account required and there may be some issues with using a corporate email account. We have a 4-eyes policy for pull requests, but we might not have enough people. Creating a new group for reviewers who the WG Chair can assign to help approve pull requests.

  11. Intellectual Property Rights Subcommittee (Ben)
    Scheduled first call for Monday 1 July 2024. Have updated wiki for new subcommittee.

  12. Any Other Business
    Ben would like to highlight the creation of a discussion group for section 4.9.1.1 revocation 24hr/5days. This was discussed at F2F under the Forum, but should be discussed under a WG for IPR reasons. Consider creating a cross-functional issues working group under IPR to discuss issues that impact all three working groups working on BR documents.

  13. Next call
    July 4 call cancelled. Next call will be July 18, 2024.

  14. Adjourn

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).