CA/Browser Forum posts
Posts by tag Minutes
2023-03-30 Minutes of the CA/Browser Forum Teleconference
March 30, 2023 by Ben WilsonAttendance: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Iñigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Jozef Nigut – (Disig), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Pedro Fuentes – (OISTE Foundation), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.
March 30, 2023 by Ben WilsonAttendance: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Iñigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Jozef Nigut – (Disig), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Pedro Fuentes – (OISTE Foundation), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.
2023-03-29 Minutes of the S/MIME Certificate Working Group
March 29, 2023 by Stephen DavidsonMinutes of SMCWG March 29, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller – (SwissSign), Andreas Henschel – (D-TRUST), Ashish Dhiman – (GlobalSign), Ben Wilson – (Mozilla), Chad Ehlers – (IdenTrust), Clint Wilson – (Apple), Dave Chin – (CPA Canada/WebTrust), Don Sheehy – (CPA Canada/WebTrust), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Judith Spencer – (CertiPath), Li-Chun Chen – (Chunghwa Telecom), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Mrugesh Chandarana – (IdenTrust), Pedro Fuentes – (OISTE Foundation), Pekka Lahtiharju – (Telia Company), Rebecca Kelley – (Apple), Renne Rodriguez – (Apple), Stefan Selbitschka – (rundQuadrat), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Tim Crawford – (CPA Canada/WebTrust), Tsung-Min Kuo – (Chunghwa Telecom), Wendy Brown – (US Federal PKI Management Authority)
March 29, 2023 by Stephen DavidsonMinutes of SMCWG March 29, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller – (SwissSign), Andreas Henschel – (D-TRUST), Ashish Dhiman – (GlobalSign), Ben Wilson – (Mozilla), Chad Ehlers – (IdenTrust), Clint Wilson – (Apple), Dave Chin – (CPA Canada/WebTrust), Don Sheehy – (CPA Canada/WebTrust), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Judith Spencer – (CertiPath), Li-Chun Chen – (Chunghwa Telecom), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Mrugesh Chandarana – (IdenTrust), Pedro Fuentes – (OISTE Foundation), Pekka Lahtiharju – (Telia Company), Rebecca Kelley – (Apple), Renne Rodriguez – (Apple), Stefan Selbitschka – (rundQuadrat), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Tim Crawford – (CPA Canada/WebTrust), Tsung-Min Kuo – (Chunghwa Telecom), Wendy Brown – (US Federal PKI Management Authority)
2023-03-23 Minutes of the Code Signing Certificate Working Group
March 23, 2023 by Corey BonnellAttendeesAtsushi Inaba (GlobalSign), Brianca Martin (Amazon), Bruce Morton (Entrust), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Roberto Quinones (Intel), Tim Hollebeek (DigiCert) MinutesAdministration Attendance and requests a minute taker Reads antitrust statement Waiting on minutes for two meeting prior to face to face Face to face minutes will be approved at next meeting Malware Based Revocation Ballot Ballot summary Taking approach BRs and SBRs are taking on revocation Removing CS specific suspect code reference Discuss 5 day revocation window, consider a 5 day and/or 7 day Bruce noted good to sync with the SSL BRs at 24 hours and 5 days, but ok with suspect code at 5 days and 7 days Discussion if we should have requirements defining a misused certificate compared to private key misuse Additional discussion of misused keys, compared to compromised keys, and signed code that is suspect Action point to consider defining misuse Discussion on proper time limit for known compromise and signing malware Discussion of the difference in timing requirements between key compromise and singing suspect code and back dating revocation Discussed the consideration that signing suspect code should be treated as a potential compromise of key and/or the subscriber does not have practices in place to detect suspect code Discussion of asking Microsoft as the main certificate consumer to weigh in on complicated use cases.
March 23, 2023 by Corey BonnellAttendeesAtsushi Inaba (GlobalSign), Brianca Martin (Amazon), Bruce Morton (Entrust), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Roberto Quinones (Intel), Tim Hollebeek (DigiCert) MinutesAdministration Attendance and requests a minute taker Reads antitrust statement Waiting on minutes for two meeting prior to face to face Face to face minutes will be approved at next meeting Malware Based Revocation Ballot Ballot summary Taking approach BRs and SBRs are taking on revocation Removing CS specific suspect code reference Discuss 5 day revocation window, consider a 5 day and/or 7 day Bruce noted good to sync with the SSL BRs at 24 hours and 5 days, but ok with suspect code at 5 days and 7 days Discussion if we should have requirements defining a misused certificate compared to private key misuse Additional discussion of misused keys, compared to compromised keys, and signed code that is suspect Action point to consider defining misuse Discussion on proper time limit for known compromise and signing malware Discussion of the difference in timing requirements between key compromise and singing suspect code and back dating revocation Discussed the consideration that signing suspect code should be treated as a potential compromise of key and/or the subscriber does not have practices in place to detect suspect code Discussion of asking Microsoft as the main certificate consumer to weigh in on complicated use cases.
2023-03-16 Minutes of CA/Browser Forum Teleconference
March 16, 2023 by Ben WilsonFinal Minutes of Teleconference March 16, 2023 Prepared by Tom Zermeno (SSL.com). Attendees: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Andrea Holland – (VikingCloud), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Christophe Bonjean – (GlobalSign), Clint Wilson – (Apple), Corey Rasmussen – (OATI), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.
March 16, 2023 by Ben WilsonFinal Minutes of Teleconference March 16, 2023 Prepared by Tom Zermeno (SSL.com). Attendees: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Andrea Holland – (VikingCloud), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Christophe Bonjean – (GlobalSign), Clint Wilson – (Apple), Corey Rasmussen – (OATI), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.
2023-03-15 Minutes of the S/MIME Certificate Working Group
March 15, 2023 by Stephen DavidsonMinutes of SMCWG March 15, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller (SwissSign), Andrea Holland (VikingCloud), Andreas Henschel (D-TRUST), Ashish Dhiman (GlobalSign), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chad Ehlers (IdenTrust), Clint Wilson (Apple), Corey Bonnell (DigiCert), Dave Chin (CPA Canada/WebTrust), Dimitris Zacharopoulos (HARICA), Don Sheehy (CPA Canada/WebTrust), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Judith Spencer (CertiPath), Martijn Katerbarg (Sectigo), Morad Abou Nasser (TeleTrust), Mrugesh Chandarana (IdenTrust), Nome Huang (TrustAsia Technologies, Inc.
March 15, 2023 by Stephen DavidsonMinutes of SMCWG March 15, 2023 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller (SwissSign), Andrea Holland (VikingCloud), Andreas Henschel (D-TRUST), Ashish Dhiman (GlobalSign), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chad Ehlers (IdenTrust), Clint Wilson (Apple), Corey Bonnell (DigiCert), Dave Chin (CPA Canada/WebTrust), Dimitris Zacharopoulos (HARICA), Don Sheehy (CPA Canada/WebTrust), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Judith Spencer (CertiPath), Martijn Katerbarg (Sectigo), Morad Abou Nasser (TeleTrust), Mrugesh Chandarana (IdenTrust), Nome Huang (TrustAsia Technologies, Inc.
2023-03-09 Minutes of the Code Signing Certificate Working Group
March 9, 2023 by Corey BonnellAttendeesAndrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Brianca Martin (Amazon), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Inigo Barriera (Sectigo), Janet Hines (VikingCloud), Rollin Yu (TrustAsia), Tim Hollebeek (DigiCert), Tomas Gustavsson (Keyfactor) Minutes Assign Minute taker (start recording) Brianca is taking minutes Antitrust Statement Dean reminded all participants that they must comply with the CA/Browser Forum anti-trust policy, code of conduct, and intellectual property rights agreement.
March 9, 2023 by Corey BonnellAttendeesAndrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Brianca Martin (Amazon), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Inigo Barriera (Sectigo), Janet Hines (VikingCloud), Rollin Yu (TrustAsia), Tim Hollebeek (DigiCert), Tomas Gustavsson (Keyfactor) Minutes Assign Minute taker (start recording) Brianca is taking minutes Antitrust Statement Dean reminded all participants that they must comply with the CA/Browser Forum anti-trust policy, code of conduct, and intellectual property rights agreement.
2023-02-16 Minutes of the Server Certificate Working Group
March 6, 2023 by Iñigo BarreiraMeeting of the Server Certificate Working Group** February 16, 2023 Attendees: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adrian Mueller – (SwissSign), Andrea Holland – (SecureTrust), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Daryn Wright – (GoDaddy), David Kluge – (Google), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.
March 6, 2023 by Iñigo BarreiraMeeting of the Server Certificate Working Group** February 16, 2023 Attendees: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adrian Mueller – (SwissSign), Andrea Holland – (SecureTrust), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Daryn Wright – (GoDaddy), David Kluge – (Google), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.
Minutes of the F2F 58 Meeting in Ottawa, Canada, 28 February – 1 March, 2023
March 2, 2023 by Ben WilsonTuesday, 28 February 2023 – CA/B Forum Meeting (Day 1)Attendees Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon Trust Services), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Aleksandra Kurosz (Asseco Data Systems S.A. (Certum)), Alison Titus (Entrust), Andrea Holland (VikingCloud), Andreas Henschel (D-TRUST), Aneta Wojtczak-Iwanicka (Microsoft), Anna-Marie Christian (CPA Canada), Arno Fiedler (D-TRUST), Arnold Essing (Telekom Security), Atsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Ben Wilson (Mozilla), Brianca Martin (Amazon), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Bruce Wei (TrustAsia Technologies, Inc.
March 2, 2023 by Ben WilsonTuesday, 28 February 2023 – CA/B Forum Meeting (Day 1)Attendees Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon Trust Services), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Aleksandra Kurosz (Asseco Data Systems S.A. (Certum)), Alison Titus (Entrust), Andrea Holland (VikingCloud), Andreas Henschel (D-TRUST), Aneta Wojtczak-Iwanicka (Microsoft), Anna-Marie Christian (CPA Canada), Arno Fiedler (D-TRUST), Arnold Essing (Telekom Security), Atsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Ben Wilson (Mozilla), Brianca Martin (Amazon), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Bruce Wei (TrustAsia Technologies, Inc.
Minutes of the F2F 58 Meeting in Ottawa, Canada, 28 Feb-2 March 2023 – Validation SC (2 March)
March 2, 2023 by Iñigo BarreiraValidation SubcommitteeCorey noted that the Antitrust Statement had been read and that attendance had been taken. The minutes of the meeting of Feb. 9, 2023, were approved. Corey recapped the status of the work accomplished by the Validation Subcommittee. First, since the Fall 2022 face-to-face meeting, the most notable accomplishment has been progress on the certificate profiles ballot. We also restarted the discussion of including LEIs in certificates, and we continued work on a review of “Applicant” and “Applicant Representative” in the Baseline Requirements (BRs).
March 2, 2023 by Iñigo BarreiraValidation SubcommitteeCorey noted that the Antitrust Statement had been read and that attendance had been taken. The minutes of the meeting of Feb. 9, 2023, were approved. Corey recapped the status of the work accomplished by the Validation Subcommittee. First, since the Fall 2022 face-to-face meeting, the most notable accomplishment has been progress on the certificate profiles ballot. We also restarted the discussion of including LEIs in certificates, and we continued work on a review of “Applicant” and “Applicant Representative” in the Baseline Requirements (BRs).
Minutes of the F2F 58 Meeting in Ottawa, Canada, 28 Feb-2 March 2023 – SCWG (2 March)
March 2, 2023 by Iñigo BarreiraMeeting of the Server Certificate Working GroupMarch 2, 2023 Attendees: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Andrea Holland – (VikingCloud), Andreas Henschel – (D-TRUST), Aneta Wojtczak-Iwanicka – (Microsoft), Ben Dewberry – (Keyfactor), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Brittany Randall – (GoDaddy), Bruce Morton – (Entrust), Bruce Wei – (TrustAsia Technologies, Inc.), Chris Clements – (Google), Chris Czajczyc – (Chris Czajczyc (Private Person)), Chris Kemmerer – (SSL.
March 2, 2023 by Iñigo BarreiraMeeting of the Server Certificate Working GroupMarch 2, 2023 Attendees: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Andrea Holland – (VikingCloud), Andreas Henschel – (D-TRUST), Aneta Wojtczak-Iwanicka – (Microsoft), Ben Dewberry – (Keyfactor), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Brittany Randall – (GoDaddy), Bruce Morton – (Entrust), Bruce Wei – (TrustAsia Technologies, Inc.), Chris Clements – (Google), Chris Czajczyc – (Chris Czajczyc (Private Person)), Chris Kemmerer – (SSL.