CA/B Forum Teleconference - 2025-05-22

Meeting Title: CA/Browser Forum
Date: 22 May 2025
Chair: Dean Coclin

1. Roll Call and Housekeeping

• Meeting called to order by Dean Coclin; recording in process.

2. Note-well

• Note-well has already been read.

3. Review Agenda

• No changes to the agenda.

4. Approval of Minutes

• April 10th - still pending
• May 8th - minutes approved.

5. Server Certificate Working Group update (Dimitris)

SCWG

• Wayne said SC81 passed IPR review period, and new version after fixing some issues is available.

Validation Subcommittee

• They spent the majority of time to discuss SC085 and SC082, and make significant progress including triage of a bunch of bugs in GitHub, including assigning things out to a few people.

6. Code Signing Certificate Working Group update (Martijn)

• CSC030 should be hitting discussion period shortly, and not further updates yet on reducing the validity period. Karina will take over the role of representative from Microsoft, and the ballot for reduction of validity period will start running by Microsoft. PQC ballot is pending, and looking for additional endorser.

7. S/MIME Certificate Working Group update (Stephen)

• Discussed on PQC to found out what else is need for ballot. Also discussed on MPIC and validation control over mailbox. SMC012 is in the discussion period. Kicked off for updating Section 7 and looking for volunteers.

8. NetSec Working Group update (Ben)

• Went through the issues on GitHub and closed 4~5 of them because they had already been resolved. Reviewed agenda for F2F meeting.

9. Definitions and Glossary Working Group (Tim Callan)

• Compared definitions from various documents to identify inconsistencies. Most definitions were identical or had trivial differences like capitalization. Developed proposals to resolve discrepancies and aim to gather feedback from a group of participants. The next steps involve incorporating feedback into a document and proceeding with a ballot.

10. Forum Infrastructure Subcommittee update (Ben)

• No meeting last week.

11. Intellectual Property Rights Subcommittee (Ben)

• Working on revising IPR policy. An email was sent on May 19th to a public list requesting feedback on the invited experts policy and agreement by the deadline of May 27th, acknowledging the upcoming holiday. Ben encouraged feedback by Tuesday and seeks two endorsers for a forum ballot.

12. Bylaws Changes (Ben)

• Aaron said a forum bylaws change ballot was sent to an old mailing list instead of current one, preventing recipients from receiving them. Aaron restarted the discussion period and encouraged participants to review the email and ballot, and to provide any comments or suggestions.

13. F2F meeting Agenda

• Tim highlighted recent incidents related to CPS errors causing mass revocation events, and proposed discussing potential solutions to improve transparency and accountability without such events. Dean encouraged participants to send topics after the call, if needed. Rebecca inquired about deadlines for agenda topics and Dean confirmed it would be finalized a week before the meeting.

• A call scheduled for June 5th, the Thursday before the meeting, was proposed to be canceled due to overlapping discussions during the face-to-face meeting on Tuesday, Wednesday, and Thursday.

14. Adjourn

Attendees

Aaron Gable (ISRG), Aaron Poulsen (Amazon Trust Services), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Adriano Santoni(Actalis S.p.A.), Atsushi INABA (GlobalSign), Ben Wilson (Mozilla), Bineesh (Microsoft), Brianca Martin (Amozon), Chad Dandar(Cisco), Clint Wilson(Apple), Cynetheia Brown (FPKIMA), Dean Coclin (DigiCert), Enrico Entschew(D-TRUST), Eric Kramer (Sectigo), Eric Kramer (Sectigo), Greg Tomko (GlobalSign), Hazhar Ismail (MSC Trustgate), Hogeun Yoo (NAVER Cloud Trust Services), Inigo Barreira(Sectigo), Jaime Hablutzel (WISeKey), Janet Hines(VikingCloud), Jeff Ward (Aprio), Jeanette Snook (Visa Inc), Jieun Seong (Ministry of the Interior and Safety, Korea), Johnny Reading (GoDaddy), Josselin Allemandou (Certigna), Kate Xu (TrustAsia), Kateryna Aleksieieva (Certum by Asseco), Li-Chun Chen (Chunghwa Telecom), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Lynn Jeun (VISA Inc), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nate Smith (GoDaddy), Nargis Mannan (Viking Cloud), Nicol So (CommScope), Nicol So (CommScope), nome-huang (TrustAsia), Peter Miskovic (Disig), Rebecca Kelley (SSL.com), Rich Smith (DigiCert), Rollin Yu (TrustAsia), Scott Rea (eMudhra), Tadahiko Ito (SECOM), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek(DigiCert), Tobias Josefowitz (Opera), Tobias Josefowitz (Opera), Trevoli Ponds-White (Amazon Trust Services), Tsung-Min Kuo (Chunghwa telecom), Wayne Thayer(Fastly), Wendy Brown (FPKIMA)