CA/Browser Forum posts
2023-02-16 Minutes of the CA/Browser Forum Teleconference
February 16, 2023 by Ben WilsonMeeting of the CA/Browser Forum February 16, 2023 Attendees: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adrian Mueller – (SwissSign), Andrea Holland – (SecureTrust), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Daryn Wright – (GoDaddy), David Kluge – (Google), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (SecureTrust), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (SecureTrust), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Roman Fischer – (SwissSign), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Steve Topletz – (Cisco Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Vijayakumar (Vijay) Manjunatha – (eMudhra), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)
February 16, 2023 by Ben WilsonMeeting of the CA/Browser Forum February 16, 2023 Attendees: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adrian Mueller – (SwissSign), Andrea Holland – (SecureTrust), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Daryn Wright – (GoDaddy), David Kluge – (Google), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (SecureTrust), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (SecureTrust), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Roman Fischer – (SwissSign), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Steve Topletz – (Cisco Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Vijayakumar (Vijay) Manjunatha – (eMudhra), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)
2023-02-15 Minutes of the S/MIME Certificate Working Group
February 15, 2023 by Stephen DavidsonMinutes of SMCWG February 15, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
February 15, 2023 by Stephen DavidsonMinutes of SMCWG February 15, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
2023-02-09 Minutes of the Code Signing Certificate Working Group
February 9, 2023 by Corey BonnellAttendeesAndrea Holland (VikingCloud), Atsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Brianca Martin (Amazon Trust Services), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Roberto Quinones (Intel), Rollin Yu (TrustAsia), Tim Crawford (WebTrust), Tim Hollebeek (DigiCert) Minutes Antitrust statement read Approval of minutes: Jan 26th minutes have not been sent out Ballot: Malware base revocation (Martijn) Received some pushback on the mailing list. Discussion from Martijn K., Bruce M., Ian M., and Tim H. around revamping the entire revocation section. Agreed to pull revocation sections from the TLS and SMIME BRs and removing unnecessary items and added necessary sections like backdating and revocation investigations. Ballot: Signing Service Update (Bruce) Previous action item was to change the definition of Signing Service to align what a signing service does and its models. Proposed definition- **Subscriber Key Protection Service**: An organization that generates the Key Pair and securely generates and manages the Private Key associated with a Subscriber’s Code Signing Certificate. Discussion from Bruce M., Tim H., Ian M., Inigo B., and Martijn K. on the requirements for signing service: who generates, who activates, who stores, how it is stored and how is it managed. Discussion around adjusting the name from Signing Service to Subscriber Key Protection Service as the focus of the Signing Service is on protection not the artifact being signed. Next step is to close out the comments, push through the new definition, get a second proposal, and effective date. Ballot: Remove SSL BR References – tabled discussion Other business – F2F prep Top 3 Goals are being worked on
February 9, 2023 by Corey BonnellAttendeesAndrea Holland (VikingCloud), Atsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Brianca Martin (Amazon Trust Services), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Roberto Quinones (Intel), Rollin Yu (TrustAsia), Tim Crawford (WebTrust), Tim Hollebeek (DigiCert) Minutes Antitrust statement read Approval of minutes: Jan 26th minutes have not been sent out Ballot: Malware base revocation (Martijn) Received some pushback on the mailing list. Discussion from Martijn K., Bruce M., Ian M., and Tim H. around revamping the entire revocation section. Agreed to pull revocation sections from the TLS and SMIME BRs and removing unnecessary items and added necessary sections like backdating and revocation investigations. Ballot: Signing Service Update (Bruce) Previous action item was to change the definition of Signing Service to align what a signing service does and its models. Proposed definition- **Subscriber Key Protection Service**: An organization that generates the Key Pair and securely generates and manages the Private Key associated with a Subscriber’s Code Signing Certificate. Discussion from Bruce M., Tim H., Ian M., Inigo B., and Martijn K. on the requirements for signing service: who generates, who activates, who stores, how it is stored and how is it managed. Discussion around adjusting the name from Signing Service to Subscriber Key Protection Service as the focus of the Signing Service is on protection not the artifact being signed. Next step is to close out the comments, push through the new definition, get a second proposal, and effective date. Ballot: Remove SSL BR References – tabled discussion Other business – F2F prep Top 3 Goals are being worked on
2023-02-02 Minutes of the CA/Browser Forum Teleconference
February 2, 2023 by Ben WilsonMeeting of the CA/Browser Forum February 2, 2023 Attendance: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Amanda Mendieta – (Apple), Andrea Holland – (SecureTrust), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (SecureTrust), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Marcelo Silva – (Visa), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (SecureTrust), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Ryan Dickson – (Google), Sissel Hoel – (Buypass AS), Stephen Davidson – (DigiCert), Steven Deitte – (GoDaddy), Steve Topletz – (Cisco Systems), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services).
February 2, 2023 by Ben WilsonMeeting of the CA/Browser Forum February 2, 2023 Attendance: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Amanda Mendieta – (Apple), Andrea Holland – (SecureTrust), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (SecureTrust), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Marcelo Silva – (Visa), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (SecureTrust), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Ryan Dickson – (Google), Sissel Hoel – (Buypass AS), Stephen Davidson – (DigiCert), Steven Deitte – (GoDaddy), Steve Topletz – (Cisco Systems), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services).
2023-02-02 Minutes of the Server Certificate Working Group
February 2, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting of February 2, 2023
February 2, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting of February 2, 2023
Ballot SC60: Membership of ZT Browser
February 1, 2023 by Iñigo BarreiraVoting Results Certificate Issuers 12 votes total, with 7 abstentions:
February 1, 2023 by Iñigo BarreiraVoting Results Certificate Issuers 12 votes total, with 7 abstentions:
2023-02-01 Minutes of the S/MIME Certificate Working Group
February 1, 2023 by Stephen DavidsonMinutes of SMCWG February 1, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
February 1, 2023 by Stephen DavidsonMinutes of SMCWG February 1, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
2023-01-26 Minutes of the Code Signing Certificate Working Group
January 26, 2023 by Corey BonnellAttendeesAndrea Holland (VikingCloud), Atsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Brianca Martin (Amazon Trust Services), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Janet Hines (VikingCloud), Martijn Katerbarg (Sectigo), Roberto Quinones (Intel), Tim Hollebeek (DigiCert), Trevoli (Amazon Trust Services) Minutes Antitrust statement read Approval of minutes: Minutes for 12 January 2023 approved Ballot: Malware base revocation (Martijn) Some discussion and need to get feedback into Github before the end of the week. Bruce stated he would endorse after review. Ian is the other endorser. Ballot: Signing Service Update (Bruce) Bruce is having difficulty with Github to move the ballot forward. Martijn volunteered to help out. Ben asked for the procedure to give feedback, which can be done in Github or the mailing list Tim H would like to see the mailing list used more often Dean will check status of Ben in the mailing list Ben started a discussion about multi-factor for Signing Service. We need to come up with a way to discuss how this can be done. Ian indicated that the proposed change allows for secure server-to-server communication, but does not provide details Ballot: Remove SSL BR References (Dimitris) Dimitris stated work has been done and has been reviewed with Martijn, now need to review with the group Dean suggested we add to the F2F meeting, but we decided to review in the meeting Dimitris added “Editor” notes for review Dimitris has imported text from SSL BRs where no text is in the CSBRs Inigo is concerned about conflicts between BRs, but Tim H advised that concerned CAs work in multiple working groups Bruce suggested that it would be good if we had the “BR of BRs” to cover common items There was discussion about updates to definitions and references Decided not to import 4.2.1 from SSL BRs There was a discussion about importing SubCA revocation and misalignment of paragraphs. It was suggested this could be fixed with the revocation ballot or another future ballot. Decided to add in OCSP “3600 seconds” change with an effective date For Suspension, decided to add “No stipulation” and address in a future ballot. Other business F2F we have 1.5 hours scheduled Try to make a plan for the year at F2F Next Meeting – 9 February 2023 Adjourn
January 26, 2023 by Corey BonnellAttendeesAndrea Holland (VikingCloud), Atsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Brianca Martin (Amazon Trust Services), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Janet Hines (VikingCloud), Martijn Katerbarg (Sectigo), Roberto Quinones (Intel), Tim Hollebeek (DigiCert), Trevoli (Amazon Trust Services) Minutes Antitrust statement read Approval of minutes: Minutes for 12 January 2023 approved Ballot: Malware base revocation (Martijn) Some discussion and need to get feedback into Github before the end of the week. Bruce stated he would endorse after review. Ian is the other endorser. Ballot: Signing Service Update (Bruce) Bruce is having difficulty with Github to move the ballot forward. Martijn volunteered to help out. Ben asked for the procedure to give feedback, which can be done in Github or the mailing list Tim H would like to see the mailing list used more often Dean will check status of Ben in the mailing list Ben started a discussion about multi-factor for Signing Service. We need to come up with a way to discuss how this can be done. Ian indicated that the proposed change allows for secure server-to-server communication, but does not provide details Ballot: Remove SSL BR References (Dimitris) Dimitris stated work has been done and has been reviewed with Martijn, now need to review with the group Dean suggested we add to the F2F meeting, but we decided to review in the meeting Dimitris added “Editor” notes for review Dimitris has imported text from SSL BRs where no text is in the CSBRs Inigo is concerned about conflicts between BRs, but Tim H advised that concerned CAs work in multiple working groups Bruce suggested that it would be good if we had the “BR of BRs” to cover common items There was discussion about updates to definitions and references Decided not to import 4.2.1 from SSL BRs There was a discussion about importing SubCA revocation and misalignment of paragraphs. It was suggested this could be fixed with the revocation ballot or another future ballot. Decided to add in OCSP “3600 seconds” change with an effective date For Suspension, decided to add “No stipulation” and address in a future ballot. Other business F2F we have 1.5 hours scheduled Try to make a plan for the year at F2F Next Meeting – 9 February 2023 Adjourn
2023-01-19 Minutes of the Server Certificate Working Group
January 19, 2023 by Ben WilsonServer Certificate Working Group Meeting of January 19, 2023
January 19, 2023 by Ben WilsonServer Certificate Working Group Meeting of January 19, 2023
2023-01-19 Minutes of the CA/Browser Forum Teleconference
January 19, 2023 by Ben WilsonMeeting of the CA/Browser Forum January 19, 2023 Attendance reviewed by Paul Van Brouwershaven: Aaron Poulsen – Amazon Trust Services, Adam Jones – Microsoft, Andrea Holland – VikingCloud, Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Ben Wilson – Mozilla, Chris Clements – Google Chrome, Chris Kemmerer – SSL.com, Cassie L’Heureux – GoDaddy, Clint Wilson – Apple, Corey Bonnell – DigiCert, Corey Rasmussen – OATI, Daryn Wright – GoDaddy, Doug Beattie – GlobalSign, Dustin Hollenback – Microsoft, Dimitris Zacharopoulos – HARICA, Ellie Lu – TrustAsia, Enrico Entschew – D-TRUST/ Bundesdruckerei, Lynn Jeun – VISA, Iñigo Barreira – Sectigo, Janet Hines – VikingCloud, Joanna Fox – TrustCor, Jozef Nigut – Disig, Karina Sirota Goodley – Microsoft, Kiran Tummala – Microsoft, Martijn Katerbarg – Sectigo, Michelle Coon – OATI, Miguel Sanchez – Google, Marco Schambach – IdenTrust, Marcelo Silva – Visa, Nargis Mannan – VikingCloud, Paul van Brouwershaven – Entrust, Pedro Fuentes – OISTE, Rebecca Kelley – Apple, Rollin Yu – TrustAsia, Ryan Dickson – Google Chrome, Steven Deitte – GoDaddy, Steve Topletz – Cisco, Tadahiko Ito – SECOM, Tim Hollebeek – DigiCert, Tobias Josefowitz – Opera, Trevoli Ponds-White – Amazon Trust Services, Wayne Thayer – Fastly, Fumi Yoneda – JPRS, and Yoshiro Yoneya – JPRS
January 19, 2023 by Ben WilsonMeeting of the CA/Browser Forum January 19, 2023 Attendance reviewed by Paul Van Brouwershaven: Aaron Poulsen – Amazon Trust Services, Adam Jones – Microsoft, Andrea Holland – VikingCloud, Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Ben Wilson – Mozilla, Chris Clements – Google Chrome, Chris Kemmerer – SSL.com, Cassie L’Heureux – GoDaddy, Clint Wilson – Apple, Corey Bonnell – DigiCert, Corey Rasmussen – OATI, Daryn Wright – GoDaddy, Doug Beattie – GlobalSign, Dustin Hollenback – Microsoft, Dimitris Zacharopoulos – HARICA, Ellie Lu – TrustAsia, Enrico Entschew – D-TRUST/ Bundesdruckerei, Lynn Jeun – VISA, Iñigo Barreira – Sectigo, Janet Hines – VikingCloud, Joanna Fox – TrustCor, Jozef Nigut – Disig, Karina Sirota Goodley – Microsoft, Kiran Tummala – Microsoft, Martijn Katerbarg – Sectigo, Michelle Coon – OATI, Miguel Sanchez – Google, Marco Schambach – IdenTrust, Marcelo Silva – Visa, Nargis Mannan – VikingCloud, Paul van Brouwershaven – Entrust, Pedro Fuentes – OISTE, Rebecca Kelley – Apple, Rollin Yu – TrustAsia, Ryan Dickson – Google Chrome, Steven Deitte – GoDaddy, Steve Topletz – Cisco, Tadahiko Ito – SECOM, Tim Hollebeek – DigiCert, Tobias Josefowitz – Opera, Trevoli Ponds-White – Amazon Trust Services, Wayne Thayer – Fastly, Fumi Yoneda – JPRS, and Yoshiro Yoneya – JPRS