CA/Browser Forum posts
2022-07-28 Minutes of the Code Signing Certificate Working Group
July 28, 2022 by Corey BonnellAttendees Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Dean Coclin (DigiCert), Joanna Fox (TrustCor), Martijn Katerbarg (Sectigo), Michael Sykes (SSL.com), Mohit Kumar (GlobalSign), Tim Crawford (CPA Canada/WebTrust)
July 28, 2022 by Corey BonnellAttendees Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Dean Coclin (DigiCert), Joanna Fox (TrustCor), Martijn Katerbarg (Sectigo), Michael Sykes (SSL.com), Mohit Kumar (GlobalSign), Tim Crawford (CPA Canada/WebTrust)
2022-07-21 Minutes of the Server Certificate Working Group
July 21, 2022 by Jos PurvisAttendees Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hogeun Yoo (NAVER Cloud), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Lynn Jeun (Visa), Marcelo Silva (Visa), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Nicolas Lidzborski (Google), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
July 21, 2022 by Jos PurvisAttendees Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hogeun Yoo (NAVER Cloud), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Lynn Jeun (Visa), Marcelo Silva (Visa), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Nicolas Lidzborski (Google), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
2022-07-21 Minutes of the CA/Browser Forum Teleconference
July 21, 2022 by Ben WilsonAttendees: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hogeun Yoo (NAVER Cloud), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Lynn Jeun (Visa), Marcelo Silva (Visa), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Nicolas Lidzborski (Google), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
July 21, 2022 by Ben WilsonAttendees: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hogeun Yoo (NAVER Cloud), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Lynn Jeun (Visa), Marcelo Silva (Visa), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Nicolas Lidzborski (Google), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
2022-07-20 Minutes of SMIME Certificate Working Group
July 20, 2022 by Stephen DavidsonMinutes of SMCWG July 20, 2022 These are the Draft Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
July 20, 2022 by Stephen DavidsonMinutes of SMCWG July 20, 2022 These are the Draft Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
2022-07-19 Minutes of the Network Security Working Group
July 19, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance Aaron Poulsen – Amazon Adam Jones – Microsoft Amanda Mendieta – Apple Ben Wilson – Mozilla Bruce Morton – entrust Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – GoDaddy David Kluge – Google Trust Services Iñigo Barreira – Sectigo Janet Hines – SecureTrust Jillian Karner – Let’s Encrypt Jozef Nigut – Disig Marcelo Silva – Visa Prachi Jain – Fastly Rebecca Kelley – Apple Tobias Josefowitz – Opera Tony Seymour – Comsign Trevoli Ponds – Amazon Trust Services Minutes 1. Roll Call
July 19, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance Aaron Poulsen – Amazon Adam Jones – Microsoft Amanda Mendieta – Apple Ben Wilson – Mozilla Bruce Morton – entrust Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – GoDaddy David Kluge – Google Trust Services Iñigo Barreira – Sectigo Janet Hines – SecureTrust Jillian Karner – Let’s Encrypt Jozef Nigut – Disig Marcelo Silva – Visa Prachi Jain – Fastly Rebecca Kelley – Apple Tobias Josefowitz – Opera Tony Seymour – Comsign Trevoli Ponds – Amazon Trust Services Minutes 1. Roll Call
2022-07-14 Minutes of the Code Signing Certificate Working Group
July 14, 2022 by Corey BonnellAttendees Atsushi Inaba, Corey Bonnell, Dean Coclin, Inigo Barreira, Janet Hines, Joanna Fox, Michael Sykes, Roberto Quinones, Tim Crawford, and Tim Hollebeek
July 14, 2022 by Corey BonnellAttendees Atsushi Inaba, Corey Bonnell, Dean Coclin, Inigo Barreira, Janet Hines, Joanna Fox, Michael Sykes, Roberto Quinones, Tim Crawford, and Tim Hollebeek
2022-07-07 Minutes of the CA/Browser Forum Teleconference
July 7, 2022 by Jos Purvis1. Opening Procedures – Dean Coclin Roll Call Aaron Poulsen (Amazon), Adam Jones (Microsoft), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Vijay Kumar (eMuhdra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services) Read Antitrust Statement- Jos Purvis Review Agenda Approval of minutes of last call Available shortly after this call 2. Forum Infrastructure Subcommittee update given by Jos Purvis Met shortly and agreed to keep moving forward Ask for members to continue testing the membership tools 3. Code Signing Certificate Working Group update given by Corey Bonnell CSC 14 successfully passed IPR review and become effective last Wednesday Pushed back discussion on signing service requirements due to Bruce’s absense Discussion on clean up ballot with minor fixes because of PanDoc format Martin from Sectigo’s revocation requirements improvements ballot was discussed very briefly 4. SMIME working group update given by Stephen Davidson Canceled. No Update 5. NetSec Working Group given by Clint Wilson Discussed two membership applications- SSL.Com and Fastly. Both have been approved. Talked about Risk Assessment- still have some work to do on the first component of the risk assessment, but it’s getting closer. Once that is done, group will move forward to next component Talked about topics from the backburner Talked about redline on what cloud hosted infrastructure would mean and what the expectations are for airgapped CAs 6. Any Other Business Berlin page on Wiki is open for signups and details
July 7, 2022 by Jos Purvis1. Opening Procedures – Dean Coclin Roll Call Aaron Poulsen (Amazon), Adam Jones (Microsoft), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Vijay Kumar (eMuhdra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services) Read Antitrust Statement- Jos Purvis Review Agenda Approval of minutes of last call Available shortly after this call 2. Forum Infrastructure Subcommittee update given by Jos Purvis Met shortly and agreed to keep moving forward Ask for members to continue testing the membership tools 3. Code Signing Certificate Working Group update given by Corey Bonnell CSC 14 successfully passed IPR review and become effective last Wednesday Pushed back discussion on signing service requirements due to Bruce’s absense Discussion on clean up ballot with minor fixes because of PanDoc format Martin from Sectigo’s revocation requirements improvements ballot was discussed very briefly 4. SMIME working group update given by Stephen Davidson Canceled. No Update 5. NetSec Working Group given by Clint Wilson Discussed two membership applications- SSL.Com and Fastly. Both have been approved. Talked about Risk Assessment- still have some work to do on the first component of the risk assessment, but it’s getting closer. Once that is done, group will move forward to next component Talked about topics from the backburner Talked about redline on what cloud hosted infrastructure would mean and what the expectations are for airgapped CAs 6. Any Other Business Berlin page on Wiki is open for signups and details
2022-07-07 Minutes of the Server Certificate Working Group
July 7, 2022 by Jos PurvisAttendees Aaron Poulsen (Amazon), Adam Jones (Microsoft), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Vijay Kumar (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
July 7, 2022 by Jos PurvisAttendees Aaron Poulsen (Amazon), Adam Jones (Microsoft), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Vijay Kumar (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
2022-07-05 Minutes of the Network Security Working Group
July 5, 2022 by Ben WilsonNetwork Security Working Group – July 5, 2022 Antitrust Statement was read by Clint. Roll Call: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Ben Wilson (Mozilla), Clint Wilson (Apple), Corey Bonnell (DigiCert), David Kluge (Google), Jillian Karner (Let’s Encrypt), Paul van Brouwershaven (Entrust), Ruben Annemans (GlobalSign), Tim Crawford (CPA Canada/WebTrust), Tobias Josefowitz (Opera Software AS), Tony Seymour (Comsign) Membership Application Processing SSL.COM has applied to join the working group. They meet all the requirements and no objections were raised to their joining.
July 5, 2022 by Ben WilsonNetwork Security Working Group – July 5, 2022 Antitrust Statement was read by Clint. Roll Call: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Ben Wilson (Mozilla), Clint Wilson (Apple), Corey Bonnell (DigiCert), David Kluge (Google), Jillian Karner (Let’s Encrypt), Paul van Brouwershaven (Entrust), Ruben Annemans (GlobalSign), Tim Crawford (CPA Canada/WebTrust), Tobias Josefowitz (Opera Software AS), Tony Seymour (Comsign) Membership Application Processing SSL.COM has applied to join the working group. They meet all the requirements and no objections were raised to their joining.
2022-06-30 Minutes of the Code Signing Certificate Working Group
June 30, 2022 by Corey BonnellAttendees Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor), Martijn Katerbarg (Sectigo), Roberto Quinones (Intel), Tim Crawford (CPA Canada/WebTrust)
June 30, 2022 by Corey BonnellAttendees Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor), Martijn Katerbarg (Sectigo), Roberto Quinones (Intel), Tim Crawford (CPA Canada/WebTrust)