CA/Browser Forum
Home » All CA/Browser Forum Posts » 2025-04-24 Minutes of the Forum

2025-04-24 Minutes of the Forum

Roll Call and Housekeeping

  • Meeting called to order by Dean; recording in process
  • Roll taken by recording

Note-well

  • Note-well has already been read

Review Agenda

  1. Begin Recording - Roll Call
  2. Read note-well
  3. Review of Agenda
  4. Approval of minutes: April 10th and F2F.
  5. Server Certificate Working Group update (Dimitris)
  6. Code Signing Certificate Working Group update (Martijn)
  7. S/MIME Certificate Working Group update (Stephen)
  8. NetSec Working Group update (Clint)
  9. Definitions and Glossary Working Group (Tim H.)
  10. Forum Infrastructure Subcommittee update (Jos)
  11. Intellectual Property Rights Subcommittee (Ben)
  12. Bylaws changes (Ben - Dimitris)
  13. Any Other Business
  14. Next call: May 8, 2025
  15. Adjourn

Approval of Minutes

  • No minutes for 2024-04-10
  • Minutes from the F2F: Ryan asked for more time to review - deferred to next meeting.
  • Draft minutes and presentations from F2F are available on Wiki

Server Certificate Working Group update (Dimitris)

SCWG

  • IODEF mail mechanism
  • CA Key reuse

Validations

  • Slaughter gave an excellent presentation on CA Assisted Validation Ballot
  • pull request is not in server cert repo

Code Signing Certificate Working Group update (Martijn)

  • CSC - 29 and 30 to be discussed once it has been confirmed that the new Microsoft representative can vote on the ballots
  • Reduction of max validity of CS certificates to 15 months with 12 month effective date
  • PKC ballot to allow ML DSA algorithms for code signing

S/MIME Certificate Working Group update (Stephen)

  • Confirmed participation of interested parties listed above (in CSWG meeting)
  • Users of PKI Lint have comments on usage, which are leading to updates to clarify the text and make changes in program.
  • RFC 8823 ACME for S/MIME validation method to be considered in future ballot
  • Discussions of draft for PQC S/MIME certs using ML DSA and ML KEM (pure certificates); interested parties can read the redline of the ballot text from the S/MIME CA/B Forum group. Comments are welcomed.

NetSec Working Group update (Clint)

  • NS-008: discussion period will continue for another week; effective date pushed back to November
  • Discussed next priorities of workgroup:
    • trusted roles; expect to have a beginning proposal to orient roles around outcomes and to increase consistancy in TR requirements
    • Reorganization of NETSEC requirements
    • Review of EU NIST 2 and NIST CyberSecurity frameworks
  • Next meeting May 6

Definitions and Glossary Working Group (Tim C.)

  • No feedback on F2F presentation == tacit agreement
  • Information to be put out on list to allow further review before moving forward with the working plan

Forum Infrastructure Subcommittee update (Ben)

  • Using AI for minute generation; what is the goal of minutes?
    • Goal of minutes is to inform those not in attendance
    • Record key discussion points
    • Identify action items
    • Provide historical record for any decisions
  • How to get correct level of detail from the AI
  • Worked on a minute template
    • neutral activity without color commentary/opinions
    • summary of meeting at topic
    • moving the list of attendees to the bottom of minutes
    • summarize discussion points: to what degree should comments be attributed?
    • want the Why of conclusions, not just the conclusion.
  • Working on AI prompt; will require testing with various tools.

Intellectual Property Rights Subcommittee (Ben)

  • Doodle poll to setup next call - no solid date, yet
  • Working on Google Doc, which will require review

Bylaws changes (Ben - Dimitris)

  • No recent progress

Any Other Business

  • Dean received 2 letters from ITU; will forward to Management List
  • For Toronto F2F the signup list is closing May 1; hotel deadline approaching

Next call: May 8, 2025

Adjourn

Attendance

Aaron Gable (Let’s Encrypt), Adrian Mueller (SwissSign), Alison Wang (TrustAsia), Alvin (SHECA), Andrea Holland (VikingCloud), Andreas Henschel (D-TRUST), Arno Fiedler (ETSI ESI), Arnold Essing (Telekom Security, invited guest), Ashish Dhiman (GlobalSign), Ben Wilson (Mozilla, Brianca Martin (Amazon), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chad Dandar (Cisco Systems), Chris Clements (Google), Chya-Hung Tsai (TWCA), Clemens Wanko (ACAB Council), Clint Wilson (Apple), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dmitry Sharkov (Sectigo), Dustin Hollenback (Microsoft), Edwin Zhai (TrustAsia), Enrico Entschew (D-TRUST), Eric Hampshire (Cisco Systems), Fumiaki Ono (SECOM), Han Yong Park (NAVER Cloud Trust Services), Hans Metsoja (Opera), Hao-Chun Li (TWCA), Hazhar Ismail (MSC Trustgate Sdn Bhd), Henry Birge-Lee (Henry Birge-Lee (Private person)), Hideki Kobayashi (KPMG Japan), Hiroki Katsube (JPRS), Hisashi Kamo (SECOM Trust Systems), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Iori Kondo (Cybertrust Japan), JP Hamilton (Cisco), Jaime Hablutzel (OISTE Foundation), Jeff Ward (Aprio), Jeremy Rowley (DigiCert), Ji Eun Seong (MOIS (Ministry of Interior and Safety) of the republic of Korea), Jinhwan Shin (Deloitte Korea), Joanna Zhu (TrustAsia), Jun Okura (Cybertrust Japan), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Karina Goodley (Microsoft), Kate Xu (TrustAsia), Kenji Nakada (JPRS), Kenji Urushima (GlobalSign), Lila Dubko (CPA Canada/WebTrust), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Llew Curran (GoDaddy), Luis Cervantes (SSL.com), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Mats Rosberg (Keyfactor), Matthias Wiedenhorst (ACAB Council), Michael Malinowski (Certum), Michael Slaughter (Amazon), Mitsuyoshi Tamura (Cybertrust Japan), Nate Smith (GoDaddy), Naveen Kumar (eMudhra), Nick France (Sectigo), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Puja Sehgal (Microsoft), Rebecca Kelly (SSL.com), Renne Rodriguez (Apple), Rich Smith (DigiCert), Rollin Yu (TrustAsia), Russ Housley (Vigil Security), Ryan Dickson (Google), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sooyoung Eo (NAVER Cloud Trust Services), Stefan Kirch (Telekom Security, invited guest), Stephen Davidson (DigiCert), Sven Rajala (Keyfactor), Tadahiko Ito (SECOM Trust Systems), Takashi Sawada (Secom), Taro Momosaki (Toyota Tsusho, invited guest), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Vinay Kumar (OATI), Wayne Thayer (Fastly), Xiu Lei (GDCA), Yamian Quintero (Microsoft), Yannick Thomassier (Certinomis), YeongHo Lee (Deloitte Korea), Yumo Makino (Toyota Tsusho, invited guest), Zurina Zolkaffly (MSC Trustgate)

Latest releases
Server Certificate Requirements
SC-081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods - May 21, 2025

BR v2.1.5

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.9 - Ballot SMC011 - May 14, 2025

This ballot allows the option to use a European Unique Identifier (EUID) as a Registration Reference in the NTR Registration Scheme. The EUID uniquely identifies officially-registered organizations, Legal Entities, and branch offices within the European Union or the European Economic Area. The EUID is specified in chapter 9 of the Annex contained in the Implementing Regulation (EU) 2021/1042 which describes rules for the application of Directive (EU) 2017/1132 “relating to certain aspects of company law (codification)”. The ballot also includes several editorial corrections, (e.g., reordering of References and regrouping of information from Appendix A to Section 7.1.4.2.2 (d)). This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Adrian Mueller (SwissSign) and Adriano Santoni (Actalis).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Forum Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).