CA/B Forum Teleconference - 2025-08-28

1. Roll Call

• For attendance, see Item 15 below.

2. Review of Agenda

• The agenda was reviewed. One additional item was added under Any Other Business: the notice from Buypass CA regarding the cessation of TLS issuance.

3. Approval of Minutes

• Minutes of 31 July 2025 plenary, prepared by Aaron Gable, were approved without objection.
• Minutes of 17 July 2025, prepared by Scott Rea, are still being finalized.
• Minutes of 10 April 2025, which were to be prepared by Trev, remain outstanding. Aaron Poulsen noted that he has the recording and can assist with preparing them.

4. Server Certificate Working Group update

• Dimitris Zacharopoulos reported that the WG had continued its work on ballots and discussions of DNSSEC requirements. He noted that Sectigo has published P-521 keys to its GitHub repository.

5. Code Signing Certificate Working Group update

• Martijn Katerbarg reported that the ballot to reduce the validity period now has two endorsers and is progressing. He also described plans for a presentation at the Warsaw face-to-face meeting by representatives of the Canadian police on malware and its impacts. A guest contributor accompanying them has requested anonymity in the public minutes. The group agreed that the individual’s name would be redacted.

6. S/MIME Certificate Working Group update

• Martijn, serving as vice chair, reported that SMC-013 (PQC for S/MIME) has been adopted and the IPR review period has closed. Work continues on a charter update and discussions relating to SMC-014 (DNSSEC for CA records) and the treatment of pseudonyms.

7. NetSec Working Group update

• Clint Wilson reported that the WG has begun considering possible policies concerning the use of artificial intelligence in WebPKI. The group also continues to explore issues related to the use of cloud services.

8. Definitions and Glossary Working Group

• Tim Callan explained that the WG has been slowed by limited resources, but Sectigo has now assigned a project manager to drive progress. A kickoff is scheduled, and activity is expected to increase.

9. Forum Infrastructure Subcommittee update

• Jos Purvis reported that all e-mail processing for cabforum.org has been migrated to Google Workspace, resolving prior issues caused by the split between systems. The old mail server will be retired after list archives are transferred. The Subcommittee is also clarifying the process for saving IPR policy agreements online, particularly from Interested Parties, to ensure consistent handling.

10. Intellectual Property Rights Subcommittee

• Ben Wilson reported that the Subcommittee had reviewed a request from Deutsche Telekom to exclude affiliates from coverage under the IPR Policy Agreement. This request was rejected as inconsistent with the IPR Policy Agreement signed by all other members. Deutsche Telekom has been informed. The Subcommittee is also finalizing proposed updates to the IPR Policy, which will soon be circulated for member review. The Subcommittee also discussed Contributor License Agreements (CLA) and possible GitHub configurations to ensure alignment with the IPR policy. The Forum Infrastructure Subcommittee would be asked to look into this.

11. Bylaws Changes

• No report was provided.

12. Any Other Business

• The Forum discussed whether Deutsche Telekom should continue to attend face-to-face meetings without signing the IPR Policy Agreement. It was agreed that they may attend the October 2025 meeting in Warsaw, but that their continued participation will need to be reconsidered if they remain unwilling to sign.
• Dean Coclin reminded members that registration for the Warsaw meeting is open, with capacity limited to 75 participants and a registration deadline of 15 September 2025.
• Dean also informed members of Buypass CA’s notice that it will cease issuing TLS certificates by October 2025, citing commercial reasons. Buypass will continue to provide revocation and status services for previously issued certificates until their expiration or revocation, no later than October 2026, and will remain a Forum member until that time. However, it was also mentioned that Buypass might still be intending to issue other types of publicly trusted certificates.
• Finally, members were reminded that the agenda for the Warsaw plenary includes a session for CA presentations. Interested CAs should notify the Chair of their proposed topics.

13. Next Call

• The next plenary teleconference will be held on 11 September 2025.

14. Adjourn

• The meeting was adjourned.

Attendees

Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adrian Mueller (SwissSign), Adriano Santoni (Actalis S.p.A.), Alvin Wang (SHECA), Ben Wilson (Mozilla), Brianca Martin (Amazon), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Enrico Entschew (D-TRUST), Eric Kramer (Sectigo), Gregory Tomko (GlobalSign), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Jun Okura (Cybertrust Japan), Karina Sirota (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kate Xu (TrustAsia), Kiran Tummala (Microsoft), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Michael Slaughter (Amazon), Michelle Coon (OATI), Miguel Sanchez (Google), Mohd Redha Hamzah (Pos Digicert Sdn. Bhd.), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Roman Fischer (SwissSign), Ryan Dickson (Google), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tobias Josefowitz (Opera Software AS), Tsung-Min Kuo (Chunghwa Telecom), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Wiktoria Więckowska (Asseco Data Systems SA (Certum)