CA/Browser Forum
Home » All CA/Browser Forum Posts » 2025-01-30 Minutes of the CA/Browser Forum Teleconference

2025-01-30 Minutes of the CA/Browser Forum Teleconference

Attendance

Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Alexander Truskovsky (AWS), Antti Backman (Telia Company), Ben Wilson (Mozilla), Bineesh Ambali Vadakkekandi (Microsoft), Brianca Martin (Amazon), Chad Dandar (Cisco Systems), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Cynethia Brown (US Federal PKI Management Authority), David Kluge (Google), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Gregory Tomko (GlobalSign), Hazhar Ismail (MSC Trustgate Sdn Bhd), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Jeff Ward (Aprio), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Josselin Allemandou (Certigna (DHIMYOTIS)), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Llew Curran (GoDaddy), Luis Cervantes (SSL.com), Lynn Jeun (Visa), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rich Smith (DigiCert), Roman Fischer (SwissSign), Ryan Dickson (Google), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yamian Quintero (Microsoft)

Roll Call

The Roll Call was taken by Dean Coclin (DigiCert).

Read Antitrust Statement

The statement was read concerning the antitrust policy, code of conduct, and intellectual property rights agreement.

Review Agenda

The agenda was approved.

Approval of minutes

The minutes for the teleconference of 16 January 2025 were approved.

Discussion

Server Certificate Working Group Update

  • Dimitris Zacharopoulos (HARICA) provided a summary of the Server Certificate WG meeting.
  • Aprio was approved as an Interested Party.
  • Discussions included ongoing ballots and issues with GitHub triage.

Validation Subcommittee

  • Corey Bonnell (DigiCert) reported on discussions regarding CA-assisted domain validation and a proposal to deprecate Method 7, replacing it with separate methods for CA-assisted and applicant-based validation.
  • Work continues on the CAA ballot for supporting account URI validation.

Code Signing Working Group Update

  • Martijn Katerbarg (Sectigo) reported progress on aligning code signing requirements.
  • A cleanup ballot is being considered to remove outdated effective dates.
  • Work continues on moving towards a single profile for cloud signing.

S/MIME Working Group Update

  • Martijn Katerbarg (Sectigo) also reported on the S/MIME Working Group.
  • A presentation was given by Jan Klaußner (Bundesdruckerei/D-Trust) on Post-Quantum Cryptography (PQC) for S/MIME.
  • Discussions on EU ID as an organization ID option within certificates.
  • Brief discussions on legacy profile and Intune issues, which seem to have been resolved.

NetSec Working Group Update

  • Clint Wilson (Apple) reported discussions on NetSec v2.0 requirements, particularly focusing on defining CA infrastructure and ensuring appropriate scoping of security requirements.
  • Ballot NS-007 is in progress to update the enforcement date of NCSSRs v2.0 to September 2025 to allow CAs sufficient time for compliance.
  • Ongoing discussions are addressing how to clarify and enforce security measures across different CA system components.

Definitions and Glossary Update

  • Tim Hollebeek (DigiCert) was not on the call, Tim Callan (Sectigo) reported that there has been limited progress due to competing priorities.
  • The group acknowledged the need to advance work before the next face-to-face meeting.

Forum Infrastructure Update

  • Josh Purvis (Fastly) provided updates on membership tool and mailing list synchronization.
  • The migration of the Questions email list has been completed. Emails sent to questions@cabforum.org are now forwarded to questions@groups.cabforum.org, where the reply-to address is set to the original sender. Please note that when replying, the original sender is included by default, and you should remove this if you wish to provide internal feedback.
  • Infrastructure improvements continue, with a focus on containerization and reducing redundant systems.
  • Discussions on enabling electronic voting through tools like the membership platform are ongoing. A proposed bylaw revision is currently under review to support this transition, ensuring alignment with existing voting procedures while streamlining the process. It appears that no changes to the working group charters will be necessary once the bylaws are updated.

Intellectual Property Rights (IPR) Update

  • Ben Wilson (Mozilla) discussed updates to the GitHub comment policies and contributor license agreements.
  • A revised process for approving invited experts is under consideration, including an extended review period of 7, 14, or 14+7 days, which is currently being discussed.
  • Work continues on refining IPR agreement obligations for interested parties.

Bylaws Revisions

  • Dimitris Zacharopoulos (HARICA) and Ben Wilson (Mozilla) reviewed open GitHub issues.
  • Efforts are underway to assign and triage issues, with additional contributions welcomed.

Any Other Business

  • Face-to-face meeting registration reminder. Tatahiko Ito (SECOM) encouraged attendees to finalize registrations.

Next call

Next call: 13 February 2025 at 11:00 am Eastern Time

Meeting adjourned.

Latest releases
Server Certificate Requirements
BRs/2.1.3 SC083: Winter 2024-2025 Cleanup Ballot - Feb 24, 2025

Winter 2024-2025 Cleanup Ballot (#561)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Forum Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).