CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-08-01 Minutes of the CA/Browser Forum Teleconference

2024-08-01 Minutes of the CA/Browser Forum Teleconference

Attendees

  • Aaron Gable - (Let’s Encrypt)
  • Aaron Poulsen - (Amazon)
  • Adam Jones - (Microsoft)
  • Adriano Santoni - (Actalis S.p.A.)
  • Ben Wilson - (Mozilla)
  • Brianca Martin - (Amazon)
  • Clint Wilson - (Apple)
  • Corey Bonnell - (DigiCert)
  • Corey Rasmussen - (OATI)
  • Dean Coclin - (DigiCert)
  • Dimitris Zacharopoulos - (HARICA)
  • Dustin Hollenback - (Microsoft)
  • Enrico Entschew - (D-TRUST)
  • Jaime Hablutzel - (OISTE Foundation)
  • Janet Hines - (VikingCloud)
  • Ji Eun Seong - (MOIS (Ministry of Interior and Safety) of the Republic of Korea)
  • Johnny Reading - (GoDaddy)
  • Luis Cervantes - (GoDaddy)
  • Mahua Chaudhuri - (Microsoft)
  • Mark Nelson - (IdenTrust)
  • Michelle Coon - (OATI)
  • Miguel Sanchez - (Google)
  • Mrugesh Chandarana - (IdenTrust)
  • Nate Smith - (GoDaddy)
  • Nicol So - (CommScope)
  • Nome Huang - (TrustAsia)
  • Paul van Brouwershaven - (Entrust)
  • Peter Miskovic - (Disig)
  • Rebecca Kelly - (SSL.com)
  • Rollin Yu - (TrustAsia)
  • Scott Rea - (eMudhra)
  • Stephen Davidson - (DigiCert)
  • Tadahiko Ito - (SECOM Trust Systems)
  • Tathan Thacker - (IdenTrust)
  • Thomas Zermeno - (SSL.com)
  • Tobias Josefowitz - (Opera Software AS)
  • Trevoli Ponds-White - (Amazon)
  • Tsung-Min Kuo - (Chunghwa Telecom)
  • Wayne Thayer - (Fastly)
  • Wendy Brown - (US Federal PKI Management Authority)

Read note-well

Dimitris read the note-well

Review of Agenda

The agenda was approved with no changes.

Approval of previous meetings

July 18 meeting minutes were approved.

Server Certificate Working Group update

No update.

Code Signing Certificate Working Group update

Dean gave the update:

  • IPR for CSC25/26 ends today.
  • Microsoft plans to propose a ballot that will change the validity of Code Signing Certificates to 15 months, effective April 30, 2025.
  • Public and management lists are not functioning correctly and should probably migrate to Google Groups.

S/MIME Certificate Working Group update

Stephen gave the update:

  • Ballot SMC08 has passed and is currently in the IPR review period. This ballot deprecates the legacy profiles July 15, 2025.
  • The TLS BRs introduce changes with the MPIC ballot.
  • The WG is preparing how it will be adopted within the S/MIME BRs and whether it will support the same timing as in the TLS BRs.
  • 14 CA operators are publicly trusted for S/MIME that do not issue TLS. They may not be as familiar with the MPIC discussions as other CAs that are also trusted for TLS.
  • Accommodating changes for audit requirements for NetSec.
  • After April 1, 2025, for WebTrust audits, there will be a separate WT audit for NetSec.

NetSec Working Group update

Clint gave the update:

  • Changes were proposed for sections 2.2.2 and 2.2.5 of the NCSSRs, dealing with workstations and passwords.
  • The goal is to describe requirements that are more objective or principal-based rather than being too prescriptive.
  • Ballot NSC004 is ready to go to the discussion period after finding endorsers.
  • Trustcor’s resignation was processed and confirmed for the NetSec WG.

Definitions and Glossary Working Group

No update.

Forum Infrastructure Subcommittee update

Ben gave the update:

  • An email group was created for monitoring the servers (things like certificate validity, member’s portal health, etc.).
  • Ben, Jos, Martijn are on those lists. Ben asked if more people want to receive those emails, they can reach out to Ben and Jos.
  • Dimitris also reminded that Slack could be used for alerts.

Intellectual Property Rights Subcommittee

Ben gave the update:

  • There is a straw-man proposal about how the Forum should treat invited experts.
  • Seeking feedback on how the Forum should deal with Interested Parties.
  • The approach is to have two agreements; one with an Organization, as an Interested Party, and the other with an Individual.
  • The Forum wants to encourage participation from Interested Parties.
  • The risk is that someone might sign as an individual without disclosing they are employed by a company, and then the company avoids IPR obligations.
  • Anyone with ideas or feedback can share with the IPR subcommittee or join the subcommittee.
  • The subcommittee has a deadline of October 1st to complete its work, or it should amend the charter to extend its lifetime.

Elections 2024

Dimitris updated the group that nominations for the WG and Forum Chair positions are open. The end period is August 26, 2024. Nominations can be added directly to the wiki page or sent to the management list.

Any Other Business

  • Fall F2F meeting: Trev mentioned that Amazon has some internal procedures and cannot book places until two months in advance. She has a meeting scheduled to get the hotel information ready as soon as possible. Traveling information is expected to be updated on the wiki soon.
  • Summer 2025 F2F meeting: Dimitris announced that the F2F meeting in Toronto, Canada, hosted by CPA Canada, has been confirmed to take place June 10-12, 2025.

Next Call

The group agreed to cancel the August 15 Teleconference due to National Holidays in some European Countries. The next scheduled Teleconference is on August 29, 2025.

Meeting Adjourned.

Latest releases
Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).