CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-11-21 Minutes of the CA/Browser Forum Teleconference

2024-11-21 Minutes of the CA/Browser Forum Teleconference

Attendees

Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adrian Mueller (SwissSign), Adriano Santoni (Actalis S.p.A.), Antti Backman (Telia Company), Ben Wilson (Mozilla), Brianca Martin (Amazon), Bruce Morton (Entrust), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Gregory Tomko (GlobalSign), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Janet Hines (VikingCloud), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Josselin Allemandou (Certigna (DHIMYOTIS)), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Marcelo Silva (Visa), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Michael Slaughter (Amazon), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nome Huang (TrustAsia), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rich Smith (DigiCert), Ryan Dickson (Google), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Stephen Davidson (DigiCert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tim Hollebeek (DigiCert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tsung-Min Kuo (Chunghwa Telecom), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yamian Quintero (Microsoft)

Note Well

Dimitris read the note-well

Agenda Review

Agenda approved

Approval minutes from the October 24, 2024 Teleconference (Draft minutes were distributed on 2024-11-07)

Minutes approved

Approval minutes from the November 7, 2024 Teleconference (Draft minutes have not been distributed yet)

Waiting for the minutes to be provided

Approval minutes from F2F#63 Meeting

Minutes approved

Server Certificate Working Group update (Inigo)

Inigo can´t provide any update on the SCWG because he didn´t attend last calls (there was no call 2 weeks ago), only the ballots that have been approved and the new version of the TLS BRs due to those ballots. Inigo asked Corey to provide an update on the Validation SC.

Corey provided an update on the last week discussion on a couple of topics:

  • SC81
  • CAA parameters
  • Wayne circulated an IETF draft on a proposal on the ACME WG

The validation SC is not meeting next week due to Thanksgiving

Code Signing Certificate Working Group update (Bruce)

Dean indicated that still discussing the max validity period for code signing certs but that Ian was not in the last call, so no much progress. But the proposed is 460 days max.

The other main topic is the email from Bruce about aligning with ballots from other WGs and how these affect the CS WG

That was last meeting for Dean and Bruce that will be replaced by Martijn and Thomas. There is not going to be a CSWG meeting due to thanksgiving.

S/MIME Certificate Working Group update (Stephen)

Couple of ballots: SMC010 closing today (related to MPIC) and SMC09 is under IPR.

A discussion going on regarding email control validation which is also under discussion on the SCWG and what to do if those methods are not used under the TLS and how affect the SMIME.

Stephen and Martijn will continue as chair and vicechair.

Dimitris make a comment regarding the ACME for SMIME RFC and the comment is that this could be a new method because the language is a bit different. Stephen agrees and indicates that could be others.

NetSec Working Group update (Clint)

Two ballots under IPR review.

Talking about CA infrastructure and use one term in the whole document. Concerns with the scope.

To decide if removing the definitions from the document.

Definitions and Glossary Working Group (Tim H.)

2 interesting discussions that will be managed in the next weeks

Forum Infrastructure Subcommittee update (Jos)

The dev wiki is not backed up so any content need to be migrated/copied to the wiki

Dimitris had an issue with the archive getting a 404 which is not normal. Send the link to Jos for review

Intellectual Property Rights Subcommittee (Ben)

Didn´t meet. No update

Style guide for CABF Guidelines

Dimitris summarized the discussion regarding the BR of BRs. Paul to provide some of the work done on the style guide regarding his last email.

Paul indicated that is in a very early stage. Have reviewed from google, IETF, ETSI, etc. and also input from members.

Dimitris thinks that the document is almost ready and can be finalized but more feedback from the group is needed

Bylaws changes (Ben - Dimitris)

No update.

Any Other Business

Dean asked Katerina for a date for the Fall meeting. Katerina will talk internally and come back with a date

Dean thanked Dimitris for his work during these 2 years as a Forum chair

Next call: December 5, 2024

Adjourn

Meeting adjourned

Latest releases
Server Certificate Requirements
BRs/2.1.3 SC083: Winter 2024-2025 Cleanup Ballot - Feb 24, 2025

Winter 2024-2025 Cleanup Ballot (#561)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Forum Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).