CA/Browser Forum posts
2023-05-04 Minutes of the Code Signing Certificate Working Group
May 4, 2023 by Corey BonnellAttendeesAtsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Eva Van Steenberge (GlobalSign), Ian McMillan (Microsoft), Janet Hines (VikingCloud), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Rollin Yu (TrustAsia), Tim Crawford (BDO), Tim Hollebeek (DigiCert) MinutesAntitrust statement: The Antitrust statement was read. Approval of minutes: Minutes for 26 January 2023 & 20 April 2023 approved Ballot: CSC 18 – Malware base revocation (Martijn) Sending out v2.1 soon Noted a few small changes Request from Ian Changed effective date to allow both using the new procedure right away or wait until the effective date (April 15, 2024) Tim will send around internally for review. Ballot: Remove SSL BR References (Dimitris was not present so Bruce gave update) Review of the capitalized terms has started but is not complete Looking for two endorsers F2F Agenda Topics Discussion Discussion around possible presentation from Microsoft but Ian is looking for some idea of the main topics Suggested there may be time to discuss signing services after the revocation and 3647 ballot but may need to wait for updates based other ballots Suggested to discuss Timestamping changes Suggested discussing removing text allowing for keys not stored in hw Bruce suggested discussing high risk items, and Tim mentioned that in previous discussions post June the plan was to remove high risk language, Bruce agreed. Bruce suggested potentially a clean-up ballot Ben suggested discussion around some of the proposed changes in the CSBRs and will think about specific topics for discussion Some side discussion between Bruce and Ian about the future of EV certificates, potential topic for MS to present on and/or have on the agenda at the F2F Ian suggested discussing certificate transparency for code signing certificates were there was discussion amongst the attendees that it was a good topic to add In summary; timestamping changes, high risk language, potentially some specific CSBR github discussion threads, EV/OV certificates, certificate transparency Other business Discussed request for new interested party participant from Hydraulic Software, Dean will connect with Wayne to accomplish. Next Meeting: May 18th 2023 Adjourn
May 4, 2023 by Corey BonnellAttendeesAtsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Eva Van Steenberge (GlobalSign), Ian McMillan (Microsoft), Janet Hines (VikingCloud), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Rollin Yu (TrustAsia), Tim Crawford (BDO), Tim Hollebeek (DigiCert) MinutesAntitrust statement: The Antitrust statement was read. Approval of minutes: Minutes for 26 January 2023 & 20 April 2023 approved Ballot: CSC 18 – Malware base revocation (Martijn) Sending out v2.1 soon Noted a few small changes Request from Ian Changed effective date to allow both using the new procedure right away or wait until the effective date (April 15, 2024) Tim will send around internally for review. Ballot: Remove SSL BR References (Dimitris was not present so Bruce gave update) Review of the capitalized terms has started but is not complete Looking for two endorsers F2F Agenda Topics Discussion Discussion around possible presentation from Microsoft but Ian is looking for some idea of the main topics Suggested there may be time to discuss signing services after the revocation and 3647 ballot but may need to wait for updates based other ballots Suggested to discuss Timestamping changes Suggested discussing removing text allowing for keys not stored in hw Bruce suggested discussing high risk items, and Tim mentioned that in previous discussions post June the plan was to remove high risk language, Bruce agreed. Bruce suggested potentially a clean-up ballot Ben suggested discussion around some of the proposed changes in the CSBRs and will think about specific topics for discussion Some side discussion between Bruce and Ian about the future of EV certificates, potential topic for MS to present on and/or have on the agenda at the F2F Ian suggested discussing certificate transparency for code signing certificates were there was discussion amongst the attendees that it was a good topic to add In summary; timestamping changes, high risk language, potentially some specific CSBR github discussion threads, EV/OV certificates, certificate transparency Other business Discussed request for new interested party participant from Hydraulic Software, Dean will connect with Wayne to accomplish. Next Meeting: May 18th 2023 Adjourn
2023-04-27 Minutes of the CA/Browser Forum Teleconference
April 27, 2023 by Ben WilsonAttendees: Aaron Gable – (Let’s Encrypt), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Clint Wilson – (Apple), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Hogeun Yoo – (NAVER Cloud), Inigo Barreira – (Sectigo), Jamie Mackey – (US Federal PKI Management Authority), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Ryan Dickson – (Google), Sissel Hoel – (Buypass AS), Sooyoung Eo – (NAVER Cloud), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Tsung-Min Kuo – (Chunghwa Telecom), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services).
April 27, 2023 by Ben WilsonAttendees: Aaron Gable – (Let’s Encrypt), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Clint Wilson – (Apple), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Hogeun Yoo – (NAVER Cloud), Inigo Barreira – (Sectigo), Jamie Mackey – (US Federal PKI Management Authority), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Ryan Dickson – (Google), Sissel Hoel – (Buypass AS), Sooyoung Eo – (NAVER Cloud), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Tsung-Min Kuo – (Chunghwa Telecom), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services).
2023-04-26 Minutes of the S/MIME Certificate Working Group
April 26, 2023 by Stephen DavidsonMinutes of SMCWG April 26, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
April 26, 2023 by Stephen DavidsonMinutes of SMCWG April 26, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
2023-04-20 Minutes of the Code Signing Certificate Working Group
April 20, 2023 by Corey BonnellAttendeesBruce Morton – (Entrust), Corey Bonnell – (DigiCert), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Ian McMillan – (Microsoft), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Martijn Katerbarg – (Sectigo), Tim Crawford – (CPA Canada/WebTrust) MinutesNote Well: The Note Well was read. Approval of Minutes: April 6th minutes are approved. January 26th minutes are pending. Bruce will take over writing these minutes. Ballot Status CSC-18 – In discussion period. A few additional items were mentioned which are being added: Request from Application Software Suppliers to not revoke a certificate when requested by them Effective Date. During the call it was discussed to set April 15th 2024 as the effective date, also adding language that will allow CAs to start using the new way earlier. A v2 ballot will be started soon Incorporating BR references No changes since the last meeting. Still need to review and go over definitions Signing Service No changes here. Also waiting on the other two ballots to complete first RFC for Key Attestation Mike from Entrust is trying to put together an RFC around Key Attestation. Information was circulated on the public list for anyone wanting to assist
April 20, 2023 by Corey BonnellAttendeesBruce Morton – (Entrust), Corey Bonnell – (DigiCert), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Ian McMillan – (Microsoft), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Martijn Katerbarg – (Sectigo), Tim Crawford – (CPA Canada/WebTrust) MinutesNote Well: The Note Well was read. Approval of Minutes: April 6th minutes are approved. January 26th minutes are pending. Bruce will take over writing these minutes. Ballot Status CSC-18 – In discussion period. A few additional items were mentioned which are being added: Request from Application Software Suppliers to not revoke a certificate when requested by them Effective Date. During the call it was discussed to set April 15th 2024 as the effective date, also adding language that will allow CAs to start using the new way earlier. A v2 ballot will be started soon Incorporating BR references No changes since the last meeting. Still need to review and go over definitions Signing Service No changes here. Also waiting on the other two ballots to complete first RFC for Key Attestation Mike from Entrust is trying to put together an RFC around Key Attestation. Information was circulated on the public list for anyone wanting to assist
2023-04-13 Minutes of the CA/Browser Forum Teleconference
April 13, 2023 by Ben WilsonAttendees Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Iñigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)
April 13, 2023 by Ben WilsonAttendees Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Iñigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)
2023-04-13 Minutes of the Server Certificate Working Group
April 13, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting April 13, 2023Attendees Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)
April 13, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting April 13, 2023Attendees Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)
2023-04-12 Minutes of the S/MIME Certificate Working Group
April 12, 2023 by Stephen DavidsonMinutes of SMCWG April 12, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
April 12, 2023 by Stephen DavidsonMinutes of SMCWG April 12, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
2023-04-06 Minutes of the Code Signing Certificate Working Group
April 6, 2023 by Corey BonnellAttendeesAtsushi Inaba (Globalsign), Ben Dewberry (Keyfactor), Brianca Martin (Amazon), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Janet Hines (Viking Cloud), Martijn Karterbarg (Sectigo), Mohit Kumar (Globalsign), Tim Crawford (BDO), Tomas Gustavson (Keyfactor) MinutesMinute taker: Dean Coclin The Anti-Trust summary was read Three sets of prior meeting minutes were approved: F2F, March 9 and March 23. Malware based revocation: Martijn stated that this was ready for ballot. The PR on github has been created. CSCWG 18 is the ballot number. Martijn will send out a summary and proposed ballot. Signing Service Update: Bruce was unable to attend, hence this topic was tabled until the next call Removing SSL BR references: Dimitris reviewed some of the changes to the BRs. Martijn agreed to help divide the upcoming work. Various sections were reviewed and updated in the document which Dimitris is maintaining on Git. All the modifications can be found on the Git repository. We expect to consider the import of the BRs at the next meeting. Following this, we will work on the references to the EV guidelines. Next meeting on April 20th.
April 6, 2023 by Corey BonnellAttendeesAtsushi Inaba (Globalsign), Ben Dewberry (Keyfactor), Brianca Martin (Amazon), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Janet Hines (Viking Cloud), Martijn Karterbarg (Sectigo), Mohit Kumar (Globalsign), Tim Crawford (BDO), Tomas Gustavson (Keyfactor) MinutesMinute taker: Dean Coclin The Anti-Trust summary was read Three sets of prior meeting minutes were approved: F2F, March 9 and March 23. Malware based revocation: Martijn stated that this was ready for ballot. The PR on github has been created. CSCWG 18 is the ballot number. Martijn will send out a summary and proposed ballot. Signing Service Update: Bruce was unable to attend, hence this topic was tabled until the next call Removing SSL BR references: Dimitris reviewed some of the changes to the BRs. Martijn agreed to help divide the upcoming work. Various sections were reviewed and updated in the document which Dimitris is maintaining on Git. All the modifications can be found on the Git repository. We expect to consider the import of the BRs at the next meeting. Following this, we will work on the references to the EV guidelines. Next meeting on April 20th.
2023-03-30 Minutes of the CA/Browser Forum Teleconference
March 30, 2023 by Ben WilsonAttendance: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Iñigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Jozef Nigut – (Disig), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Pedro Fuentes – (OISTE Foundation), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Stephen Davidson – (DigiCert), Steven Deitte – (GoDaddy), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly).
March 30, 2023 by Ben WilsonAttendance: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Iñigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Jozef Nigut – (Disig), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Pedro Fuentes – (OISTE Foundation), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Stephen Davidson – (DigiCert), Steven Deitte – (GoDaddy), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly).
2023-03-29 Minutes of the S/MIME Certificate Working Group
March 29, 2023 by Stephen DavidsonMinutes of SMCWG March 29, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
March 29, 2023 by Stephen DavidsonMinutes of SMCWG March 29, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.