CA/Browser Forum posts
Ballot CSC-17: Subscriber Private Key Extension
September 27, 2022 by Corey BonnellNotice of Review Period (Mailing list post is available here.) The IPR review period ended on October 28, 2022 and no exclusion notices were filed. The final documents, with the effective date being 2022-10-28, are available here. This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Maintenance Guideline (30 day Review Period). The complete Draft Guideline subject of this Review Notice is available here.
September 27, 2022 by Corey BonnellNotice of Review Period (Mailing list post is available here.) The IPR review period ended on October 28, 2022 and no exclusion notices were filed. The final documents, with the effective date being 2022-10-28, are available here. This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Maintenance Guideline (30 day Review Period). The complete Draft Guideline subject of this Review Notice is available here.
2022-09-27 Minutes of the Network Security Working Group
September 27, 2022 by Ben Wilson*Attendees:* Aaron Poulsen (Amazon), Adam Jones (Microsoft), Antti Backman (Telia Company), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), David Kluge (Google), Dustin Hollenback (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Jozef Nigut (Disig), Kiran Tummala (Microsoft), Marcelo Silva (Visa), Pedro Fuentes (OISTE Foundation), Rebecca Kelley (Apple), Tim Crawford (CPA Canada/WebTrust), Tim Hollebeek (DigiCert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wendy Brown (US Federal PKI Management Authority)
September 27, 2022 by Ben Wilson*Attendees:* Aaron Poulsen (Amazon), Adam Jones (Microsoft), Antti Backman (Telia Company), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), David Kluge (Google), Dustin Hollenback (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Jozef Nigut (Disig), Kiran Tummala (Microsoft), Marcelo Silva (Visa), Pedro Fuentes (OISTE Foundation), Rebecca Kelley (Apple), Tim Crawford (CPA Canada/WebTrust), Tim Hollebeek (DigiCert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wendy Brown (US Federal PKI Management Authority)
2022-09-22 Minutes of the Code Signing Certificate Working Group
September 22, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Ian McMillan, Joanna Fox, Martijn Katerbarg, Michael Sykes, Roberto Quiñones, Tim Crawford, Tim Hollebeek Minutes Dean read the anti-trust statement No objection to minutes from Aug 8, minutes approved. Will be sent to public list Information that the IPR review on CSC-15 ended and the ballot has been approved. The website has been updated. CSC-17, subscriber private key protection, is in voting period that closes September 23rd.
September 22, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Ian McMillan, Joanna Fox, Martijn Katerbarg, Michael Sykes, Roberto Quiñones, Tim Crawford, Tim Hollebeek Minutes Dean read the anti-trust statement No objection to minutes from Aug 8, minutes approved. Will be sent to public list Information that the IPR review on CSC-15 ended and the ballot has been approved. The website has been updated. CSC-17, subscriber private key protection, is in voting period that closes September 23rd.
2022-09-15 Minutes of the CA/Browser Forum Teleconference
September 15, 2022 by Ben WilsonAttendees: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services)
September 15, 2022 by Ben WilsonAttendees: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services)
2022-09-08 Minutes of the Code Signing Certificate Working Group
September 8, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Iñigo Barreira, Janet Hines, Joanna Fox, Martjin Katerbarg, Michael Sykes, Mohit Kumar, Roberto Quiñones, Tim Hollebeek, Tomas Gustavsson, Vijay eMudhra Minutes Dean read the anti-trust statement. No objection to minutes from Aug-25th, minutes approved. Will be sent to public list. Reminder on CSC 15 , IPR review ends on Sept 18th Malware Proposal from Martijn Nothing new to discuss at this time.
September 8, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Iñigo Barreira, Janet Hines, Joanna Fox, Martjin Katerbarg, Michael Sykes, Mohit Kumar, Roberto Quiñones, Tim Hollebeek, Tomas Gustavsson, Vijay eMudhra Minutes Dean read the anti-trust statement. No objection to minutes from Aug-25th, minutes approved. Will be sent to public list. Reminder on CSC 15 , IPR review ends on Sept 18th Malware Proposal from Martijn Nothing new to discuss at this time.
2022-09-01 Minutes of the Server Certificate Working Group
September 1, 2022 by Jos PurvisAttendees Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Jos Purvis (Fastly), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
September 1, 2022 by Jos PurvisAttendees Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Jos Purvis (Fastly), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
2022-09-01 Minutes of the CA/Browser Forum Teleconference
September 1, 2022 by Ben Wilson1. Roll call Attendees: Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Jos Purvis (Fastly), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
September 1, 2022 by Ben Wilson1. Roll call Attendees: Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Jos Purvis (Fastly), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
2022-08-31 Minutes of the S/MIME Certificate Working Group
August 31, 2022 by Stephen DavidsonMinutes of SMCWG August 31, 2022 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Andreas Henschel (D-TRUST), Ashish Dhiman (GlobalSign), Ben Wilson (Mozilla), Bruce Morton (Entrust), Christophe Bonjean (GlobalSign), Clint Wilson (Apple), Corey Bonnell (Digicert), Dimitris Zacharopoulos (HARICA), Don Sheehy (CPA Canada/WebTrust), Doug Beattie (GlobalSign), Eva Vansteenberge (GlobalSign), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Judith Spencer (CertiPath (Private Person)), Li-Chun Chen (Chunghwa Telecom), Martijn Katerbarg (Sectigo), Mauricio Fernandez (TeleTrust), Morad Abou Nasser (TeleTrust), Mrugesh Chandarana (IdenTrust), Patrycja Tulinska (PSW), Paul van Brouwershaven (Entrust), Pekka Lahtiharju (Telia Company), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Russ Housley (Russ Housley (Private Person)), Stefan Selbitschka (runQuadrat), Stephen Davidson (Digicert), Taavi Eomäe (Zone Media), Tadahiko Ito (SECOM Trust Systems), Tim Crawford (CPA Canada/WebTrust), Tsung-Min Kuo (Chunghwa Telecom), Wendy Brown (US Federal PKI Management Authority)
August 31, 2022 by Stephen DavidsonMinutes of SMCWG August 31, 2022 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Andreas Henschel (D-TRUST), Ashish Dhiman (GlobalSign), Ben Wilson (Mozilla), Bruce Morton (Entrust), Christophe Bonjean (GlobalSign), Clint Wilson (Apple), Corey Bonnell (Digicert), Dimitris Zacharopoulos (HARICA), Don Sheehy (CPA Canada/WebTrust), Doug Beattie (GlobalSign), Eva Vansteenberge (GlobalSign), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Judith Spencer (CertiPath (Private Person)), Li-Chun Chen (Chunghwa Telecom), Martijn Katerbarg (Sectigo), Mauricio Fernandez (TeleTrust), Morad Abou Nasser (TeleTrust), Mrugesh Chandarana (IdenTrust), Patrycja Tulinska (PSW), Paul van Brouwershaven (Entrust), Pekka Lahtiharju (Telia Company), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Russ Housley (Russ Housley (Private Person)), Stefan Selbitschka (runQuadrat), Stephen Davidson (Digicert), Taavi Eomäe (Zone Media), Tadahiko Ito (SECOM Trust Systems), Tim Crawford (CPA Canada/WebTrust), Tsung-Min Kuo (Chunghwa Telecom), Wendy Brown (US Federal PKI Management Authority)
2022-08-30 Minutes of the Network Security Working Group
August 30, 2022 by Clint WilsonNetwork Security Working Group – August 30, 2022 Antitrust Statement was read by Clint. Roll Call: Clint Wilson; Ben Wilson; Jozef Nigut – Disig; Tim Hollebeek; Adam Jones – Microsoft; Christophe Bonjean – GlobalSign; Joanna Fox – TrustCor; Corey Bonnell; Corey Rasmussen – OATI; Dustin Hollenback – Microsoft; Ruben Annemans – GlobalSign; Tobias Josefowitz – Opera; Aaron Poulsen – Amazon Trust Services; Jillian Karner – Let’s Encrypt / ISRG; Tobias Josefowitz; Paul van Brouwershaven – Entrust; Rebecca Kelley; Prachi Jain – Fastly; Tim Crawford – BDO; Daryn Wright – GoDaddy; David Kluge; Trevoli – Amazon Trust Services; Wendy Brown – FPKI; Iñigo Barreira – Sectigo; Kiran Tummala – Microsoft; Bruce Morton – Entrust; Pedro Fuentes – OISTE.
August 30, 2022 by Clint WilsonNetwork Security Working Group – August 30, 2022 Antitrust Statement was read by Clint. Roll Call: Clint Wilson; Ben Wilson; Jozef Nigut – Disig; Tim Hollebeek; Adam Jones – Microsoft; Christophe Bonjean – GlobalSign; Joanna Fox – TrustCor; Corey Bonnell; Corey Rasmussen – OATI; Dustin Hollenback – Microsoft; Ruben Annemans – GlobalSign; Tobias Josefowitz – Opera; Aaron Poulsen – Amazon Trust Services; Jillian Karner – Let’s Encrypt / ISRG; Tobias Josefowitz; Paul van Brouwershaven – Entrust; Rebecca Kelley; Prachi Jain – Fastly; Tim Crawford – BDO; Daryn Wright – GoDaddy; David Kluge; Trevoli – Amazon Trust Services; Wendy Brown – FPKI; Iñigo Barreira – Sectigo; Kiran Tummala – Microsoft; Bruce Morton – Entrust; Pedro Fuentes – OISTE.
2022-08-25 Minutes of the Code Signing Certificate Working Group
August 25, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Christophe Bonjean, Corey Bonnell, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Lynn Jeun, Martijn Katerbarg, Mohit Kumar, Tim Crawford, Tim Hollebeek Minutes Bruce read the anti-trust statement. Meeting minutes for 2022-08-11 were approved. Malware revocation ballot Martijn said there were updates in Github (https://github.com/cabforum/code-signing/pull/10). Christophe and Corey have been providing feedback. There was a discussion on the existing sentence “The CA SHOULD indicate whether its investigation found that the Suspect Code was a false positive or an inadvertent signing”.
August 25, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Christophe Bonjean, Corey Bonnell, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Lynn Jeun, Martijn Katerbarg, Mohit Kumar, Tim Crawford, Tim Hollebeek Minutes Bruce read the anti-trust statement. Meeting minutes for 2022-08-11 were approved. Malware revocation ballot Martijn said there were updates in Github (https://github.com/cabforum/code-signing/pull/10). Christophe and Corey have been providing feedback. There was a discussion on the existing sentence “The CA SHOULD indicate whether its investigation found that the Suspect Code was a false positive or an inadvertent signing”.