CA/Browser Forum posts
Minutes of the F2F 59 Meeting in Redmond, WA, USA, 6-8 June 2023 – CSCWG (6 June)
June 6, 2023 by Corey BonnellAttendeesAttendance: IN THE ROOM (FROM SIGN UP SHEET) Ben Wilson (Mozilla), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Karina Sirota Goodley (Microsoft), Tahmina Ahmad (Microsoft), Hannah Sokol (Microsoft), Nitesh Bakliwal (Microsoft), Brianca Martin (Amazon), Trevoli Ponds-White (Amazon), Jonathan Kozolchyk (Amazon), Blake Hess (Amazon), Aaron Poulsen (Amazon), Michael Slaughter (Amazon), Tim Crawford (WebTrust), Inigo Barreira (Sectigo), Yoshiro Yoneya (JPRS), Martijn Katerbard (Sectigo), Nick France (Sectigo), Tim Callen (Sectigo), Roberto Quinones (Intel), Ben Dewberry (Keyfactor), Sven Rajala (Keyfactor), Leo Grove (SSL.com), Stephen Davidson (DigiCert), Jeremy Rowley (DigiCert), Scott Olsen (Microsoft), Linda Diefendorf (Microsoft), Steve Lasker (Microsoft), Yamian Quinero (Microsoft), Thomas Zermeno (SSL.com), Georgy Sebastian (Amazon), Meha Sharma (Microsoft), Rakia Segeu (Microsoft), Dawn Wang (Microsoft), Eva van Steenberge (Globalsign), Christophe Bonjean (Globalsign), Romain Delval (Certigna), Josselin Allemandou (Certigna), Xiu Lei (GDCA), Xizo Qiang (GDCA), Corey Bonnell (DigiCert), Vikas Khanna (Microsoft), An Yin (iTrus China), Vijay Kumar (eMuhdra), Pankaj Chawla (eMuhdra), Scott Rea (eMuhdra), Paul van Browershaven (Entrust), Bruce Morton (Entrust), Arno Fiedler (ETSI ESI), Dimitris Zacharopoulos (HARICA)
June 6, 2023 by Corey BonnellAttendeesAttendance: IN THE ROOM (FROM SIGN UP SHEET) Ben Wilson (Mozilla), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Karina Sirota Goodley (Microsoft), Tahmina Ahmad (Microsoft), Hannah Sokol (Microsoft), Nitesh Bakliwal (Microsoft), Brianca Martin (Amazon), Trevoli Ponds-White (Amazon), Jonathan Kozolchyk (Amazon), Blake Hess (Amazon), Aaron Poulsen (Amazon), Michael Slaughter (Amazon), Tim Crawford (WebTrust), Inigo Barreira (Sectigo), Yoshiro Yoneya (JPRS), Martijn Katerbard (Sectigo), Nick France (Sectigo), Tim Callen (Sectigo), Roberto Quinones (Intel), Ben Dewberry (Keyfactor), Sven Rajala (Keyfactor), Leo Grove (SSL.com), Stephen Davidson (DigiCert), Jeremy Rowley (DigiCert), Scott Olsen (Microsoft), Linda Diefendorf (Microsoft), Steve Lasker (Microsoft), Yamian Quinero (Microsoft), Thomas Zermeno (SSL.com), Georgy Sebastian (Amazon), Meha Sharma (Microsoft), Rakia Segeu (Microsoft), Dawn Wang (Microsoft), Eva van Steenberge (Globalsign), Christophe Bonjean (Globalsign), Romain Delval (Certigna), Josselin Allemandou (Certigna), Xiu Lei (GDCA), Xizo Qiang (GDCA), Corey Bonnell (DigiCert), Vikas Khanna (Microsoft), An Yin (iTrus China), Vijay Kumar (eMuhdra), Pankaj Chawla (eMuhdra), Scott Rea (eMuhdra), Paul van Browershaven (Entrust), Bruce Morton (Entrust), Arno Fiedler (ETSI ESI), Dimitris Zacharopoulos (HARICA)
2023-05-11 Minutes of the Server Certificate Working Group
May 25, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting May 11, 2023 Roll Call: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Bruce Morton – (Entrust), Chris Clements – (Google), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), RIch Smith – (DigiCert), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services) Read Antitrust Statement (* not needed since read in earlier meeting) Review Agenda: No changes. Minutes: 30 March minutes approved. 27 April: not yet circulated Certificate consumers moratorium ballot proposed by Ben Wilson: looking for another endorser. Ben clarified that the moratorium would be temporary, depending on how quickly the Forum could revise rules for membership. Memberships: Yahoo as Interested Party – approved CommScope – still pending IPR signature QikFox – IPR signature is valid. However, this issue relates to the moratorium ballot. Dimitris proposed to approve as Certificate Consumer member, since no moratorium is currently in place. Ben stated Mozilla’s dissent on this and doesn’t plan on asking for a vote. Tim said that if anyone objects, they should propose a ballot for membership. Toby wasn’t convinced that there was consensus. Clint also logged his dissent to the consensus. Bruce asked if we could wait for Ben’s moratorium ballot to pass. Tim said that the applicant has a right to hear back soon. Ryan Dickson said it makes more sense to wait. Paul thought it wasn’t fair to make them wait for the ballot to pass which could take several weeks. Tim agreed, and said there is no precedent in the bylaws for delaying. Dimitris agreed. Daryn said the bylaws don’t have a provision for cases where there is a dissent but don’t call for a vote. Clint stated that he hasn’t been able to confirm that the applicant is actually a browser, as it appears payment is required to use it. Could a test copy or license be provided? Ben said that’s probably not needed as he confirmed that it is in fact a browser. Jos suggested that those not part of the consensus “stand aside”, meaning that the group has settled on a consensus you do not agree with but you are not willing to impede their progress. Martijn also suggested the term “abstain”. Ben said he stands aside. Time ran out for further discussion and the item was tabled to the next meeting. Logius – membership change, to be removed from SCWG as full member, change to Interested Party. But wants to be added to S/MIME, which will need to be approved by that group. Discussion as to whether they need to re-sign IPR. Tim suggested we table removing them from SCWG until they have been accepted in S/MIME WG. Dimitris said we don’t need to wait. Jos suggested we put this back on the agenda for the next meeting for administrative reasons. Inigo asked that how would we know about other root status’ if others like Logius didn’t’ contact us? Dimitris said they have self declared their change in status. The bylaws allow for challenges and it’s up to members to do so. Next call: 25 May
May 25, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting May 11, 2023 Roll Call: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Bruce Morton – (Entrust), Chris Clements – (Google), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), RIch Smith – (DigiCert), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services) Read Antitrust Statement (* not needed since read in earlier meeting) Review Agenda: No changes. Minutes: 30 March minutes approved. 27 April: not yet circulated Certificate consumers moratorium ballot proposed by Ben Wilson: looking for another endorser. Ben clarified that the moratorium would be temporary, depending on how quickly the Forum could revise rules for membership. Memberships: Yahoo as Interested Party – approved CommScope – still pending IPR signature QikFox – IPR signature is valid. However, this issue relates to the moratorium ballot. Dimitris proposed to approve as Certificate Consumer member, since no moratorium is currently in place. Ben stated Mozilla’s dissent on this and doesn’t plan on asking for a vote. Tim said that if anyone objects, they should propose a ballot for membership. Toby wasn’t convinced that there was consensus. Clint also logged his dissent to the consensus. Bruce asked if we could wait for Ben’s moratorium ballot to pass. Tim said that the applicant has a right to hear back soon. Ryan Dickson said it makes more sense to wait. Paul thought it wasn’t fair to make them wait for the ballot to pass which could take several weeks. Tim agreed, and said there is no precedent in the bylaws for delaying. Dimitris agreed. Daryn said the bylaws don’t have a provision for cases where there is a dissent but don’t call for a vote. Clint stated that he hasn’t been able to confirm that the applicant is actually a browser, as it appears payment is required to use it. Could a test copy or license be provided? Ben said that’s probably not needed as he confirmed that it is in fact a browser. Jos suggested that those not part of the consensus “stand aside”, meaning that the group has settled on a consensus you do not agree with but you are not willing to impede their progress. Martijn also suggested the term “abstain”. Ben said he stands aside. Time ran out for further discussion and the item was tabled to the next meeting. Logius – membership change, to be removed from SCWG as full member, change to Interested Party. But wants to be added to S/MIME, which will need to be approved by that group. Discussion as to whether they need to re-sign IPR. Tim suggested we table removing them from SCWG until they have been accepted in S/MIME WG. Dimitris said we don’t need to wait. Jos suggested we put this back on the agenda for the next meeting for administrative reasons. Inigo asked that how would we know about other root status’ if others like Logius didn’t’ contact us? Dimitris said they have self declared their change in status. The bylaws allow for challenges and it’s up to members to do so. Next call: 25 May
2023-05-25 Minutes of the CA/Browser Forum Teleconference
May 25, 2023 by Ben WilsonMinutes prepared by Eva Van Steenberge (Globalsign). Attendees Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Cade Cairns – (Google), Chad Ehlers – (IdenTrust), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Eva Vansteenberge – (GlobalSign), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Jamie Mackey – (US Federal PKI Management Authority), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Kyle Duren – (Yahoo Inc), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marco Schambach – (IdenTrust), Michelle Coon – (OATI), Miguel Sanchez – (Google), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Scott Rea – (eMudhra), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services).
May 25, 2023 by Ben WilsonMinutes prepared by Eva Van Steenberge (Globalsign). Attendees Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Cade Cairns – (Google), Chad Ehlers – (IdenTrust), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Eva Vansteenberge – (GlobalSign), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Jamie Mackey – (US Federal PKI Management Authority), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Kyle Duren – (Yahoo Inc), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marco Schambach – (IdenTrust), Michelle Coon – (OATI), Miguel Sanchez – (Google), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Scott Rea – (eMudhra), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services).
2023-05-24 Minutes of the S/MIME Certificate Working Group
May 24, 2023 by Stephen DavidsonMinutes of SMCWG May 24, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
May 24, 2023 by Stephen DavidsonMinutes of SMCWG May 24, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
Ballot CSC-18: Update Revocation Requirements
May 24, 2023 by Corey BonnellResults of Review Period (Mailing list post is available here.)
May 24, 2023 by Corey BonnellResults of Review Period (Mailing list post is available here.)
2023-05-18 Minutes of the Code Signing Certificate Working Group
May 18, 2023 by Corey BonnellAttendeesAtsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Bianca Martin (Amazon), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Eva Van Steenberge (GlobalSign), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Roberto Quiñones (Intel), Rollin Yu (TrustAsia), Tim Crawford (BDO), Tim Hollebeek (DigiCert) Minutes The Antitrust statement was read Minutes from May 4th approved Ballot: CSC 18 – Malware base revocation (Martijn) In discussion period, voting period ending before meeting is over Dean: tracker shows quorum met Removing SSL BR References Martjin: About half docs reviewed for missing definitions. Removed 2 definitions that are not used. A couple may need to be added, will need to discuss Subject Name stability Email from new interested party (Mike Hearn) Ian: MSIX (Appx) does hash calculation of the publisher’s name value that is in the manifest and compares it to the full subject name value of signing certificate Was working fine when only used inside of store distribution. As its been rolled out broadly to allow MSI package into MSIX, they’ve run into this issue for companies that change their name or locale. New packages would validate fine but presents inability to update existing apps because it depends on Package Name alignment. This is Microsoft MSIX issue, not a broad certificate issuance problem. Tim: This is example of using [subject] name instead of global identifier and this has all the issues that are well known. Bruce: Even global identifier might change if company changes name, like with SSL and org ID Ian: Apple and Google offer ways to uniquely identify orgs. If Microsoft offered something similar, it would not be something that Public CAs should have to do. Ian will draft a response to this email June F2F is June 6th afternoon. Dean moves to cancel call scheduled for Jun 1st. No objections Agenda for F2F Time: 1:45pm to 3:45pm (nothing scheduled after this, so could keep going) Ian: no guest speaker for code signing workgroup. Roy Williams is going to talk about Secure Supply Chain Integrity, Trust and Transparency. Bruce: Spend some time reviewing time stamping changes Ian is proposing. Discuss EV Certificates. Continue discussion on Certificate Transparency Dean may not be able to attend in person, Bruce can facilitate
May 18, 2023 by Corey BonnellAttendeesAtsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Bianca Martin (Amazon), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Eva Van Steenberge (GlobalSign), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Roberto Quiñones (Intel), Rollin Yu (TrustAsia), Tim Crawford (BDO), Tim Hollebeek (DigiCert) Minutes The Antitrust statement was read Minutes from May 4th approved Ballot: CSC 18 – Malware base revocation (Martijn) In discussion period, voting period ending before meeting is over Dean: tracker shows quorum met Removing SSL BR References Martjin: About half docs reviewed for missing definitions. Removed 2 definitions that are not used. A couple may need to be added, will need to discuss Subject Name stability Email from new interested party (Mike Hearn) Ian: MSIX (Appx) does hash calculation of the publisher’s name value that is in the manifest and compares it to the full subject name value of signing certificate Was working fine when only used inside of store distribution. As its been rolled out broadly to allow MSI package into MSIX, they’ve run into this issue for companies that change their name or locale. New packages would validate fine but presents inability to update existing apps because it depends on Package Name alignment. This is Microsoft MSIX issue, not a broad certificate issuance problem. Tim: This is example of using [subject] name instead of global identifier and this has all the issues that are well known. Bruce: Even global identifier might change if company changes name, like with SSL and org ID Ian: Apple and Google offer ways to uniquely identify orgs. If Microsoft offered something similar, it would not be something that Public CAs should have to do. Ian will draft a response to this email June F2F is June 6th afternoon. Dean moves to cancel call scheduled for Jun 1st. No objections Agenda for F2F Time: 1:45pm to 3:45pm (nothing scheduled after this, so could keep going) Ian: no guest speaker for code signing workgroup. Roy Williams is going to talk about Secure Supply Chain Integrity, Trust and Transparency. Bruce: Spend some time reviewing time stamping changes Ian is proposing. Discuss EV Certificates. Continue discussion on Certificate Transparency Dean may not be able to attend in person, Bruce can facilitate
2023-03-30 Minutes of the Server Certificate Working Group
May 12, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting March 30, 2023Attendance: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Jozef Nigut – (Disig), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Pedro Fuentes – (OISTE Foundation), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Stephen Davidson – (DigiCert), Steven Deitte – (GoDaddy), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly)
May 12, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting March 30, 2023Attendance: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Jozef Nigut – (Disig), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Pedro Fuentes – (OISTE Foundation), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Stephen Davidson – (DigiCert), Steven Deitte – (GoDaddy), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly)
2023-05-11 Minutes of the CA/Browser Forum Teleconference
May 11, 2023 by Ben WilsonAttendees: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Bruce Morton – (Entrust), Chris Clements – (Google), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), RIch Smith – (DigiCert), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)
May 11, 2023 by Ben WilsonAttendees: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Bruce Morton – (Entrust), Chris Clements – (Google), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), RIch Smith – (DigiCert), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)
2023-05-10Minutes of the S/MIME Certificate Working Group
May 10, 2023 by Stephen DavidsonMinutes of SMCWG May 10, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
May 10, 2023 by Stephen DavidsonMinutes of SMCWG May 10, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
2023-05-04 Minutes of the Code Signing Certificate Working Group
May 4, 2023 by Corey BonnellAttendeesAtsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Eva Van Steenberge (GlobalSign), Ian McMillan (Microsoft), Janet Hines (VikingCloud), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Rollin Yu (TrustAsia), Tim Crawford (BDO), Tim Hollebeek (DigiCert) MinutesAntitrust statement: The Antitrust statement was read. Approval of minutes: Minutes for 26 January 2023 & 20 April 2023 approved Ballot: CSC 18 – Malware base revocation (Martijn) Sending out v2.1 soon Noted a few small changes Request from Ian Changed effective date to allow both using the new procedure right away or wait until the effective date (April 15, 2024) Tim will send around internally for review. Ballot: Remove SSL BR References (Dimitris was not present so Bruce gave update) Review of the capitalized terms has started but is not complete Looking for two endorsers F2F Agenda Topics Discussion Discussion around possible presentation from Microsoft but Ian is looking for some idea of the main topics Suggested there may be time to discuss signing services after the revocation and 3647 ballot but may need to wait for updates based other ballots Suggested to discuss Timestamping changes Suggested discussing removing text allowing for keys not stored in hw Bruce suggested discussing high risk items, and Tim mentioned that in previous discussions post June the plan was to remove high risk language, Bruce agreed. Bruce suggested potentially a clean-up ballot Ben suggested discussion around some of the proposed changes in the CSBRs and will think about specific topics for discussion Some side discussion between Bruce and Ian about the future of EV certificates, potential topic for MS to present on and/or have on the agenda at the F2F Ian suggested discussing certificate transparency for code signing certificates were there was discussion amongst the attendees that it was a good topic to add In summary; timestamping changes, high risk language, potentially some specific CSBR github discussion threads, EV/OV certificates, certificate transparency Other business Discussed request for new interested party participant from Hydraulic Software, Dean will connect with Wayne to accomplish. Next Meeting: May 18th 2023 Adjourn
May 4, 2023 by Corey BonnellAttendeesAtsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Eva Van Steenberge (GlobalSign), Ian McMillan (Microsoft), Janet Hines (VikingCloud), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Rollin Yu (TrustAsia), Tim Crawford (BDO), Tim Hollebeek (DigiCert) MinutesAntitrust statement: The Antitrust statement was read. Approval of minutes: Minutes for 26 January 2023 & 20 April 2023 approved Ballot: CSC 18 – Malware base revocation (Martijn) Sending out v2.1 soon Noted a few small changes Request from Ian Changed effective date to allow both using the new procedure right away or wait until the effective date (April 15, 2024) Tim will send around internally for review. Ballot: Remove SSL BR References (Dimitris was not present so Bruce gave update) Review of the capitalized terms has started but is not complete Looking for two endorsers F2F Agenda Topics Discussion Discussion around possible presentation from Microsoft but Ian is looking for some idea of the main topics Suggested there may be time to discuss signing services after the revocation and 3647 ballot but may need to wait for updates based other ballots Suggested to discuss Timestamping changes Suggested discussing removing text allowing for keys not stored in hw Bruce suggested discussing high risk items, and Tim mentioned that in previous discussions post June the plan was to remove high risk language, Bruce agreed. Bruce suggested potentially a clean-up ballot Ben suggested discussion around some of the proposed changes in the CSBRs and will think about specific topics for discussion Some side discussion between Bruce and Ian about the future of EV certificates, potential topic for MS to present on and/or have on the agenda at the F2F Ian suggested discussing certificate transparency for code signing certificates were there was discussion amongst the attendees that it was a good topic to add In summary; timestamping changes, high risk language, potentially some specific CSBR github discussion threads, EV/OV certificates, certificate transparency Other business Discussed request for new interested party participant from Hydraulic Software, Dean will connect with Wayne to accomplish. Next Meeting: May 18th 2023 Adjourn