CA/Browser Forum posts
Posts by tag Minutes
2015-02-05 Minutes
February 5, 2015 by Ben WilsonAttendees: Dean (Symantec), Gerv (Mozilla), Jeremy (Digicert), Atsushi (Globalsign), Ben W (Digicert), Tim S (Trustwave), Davut (E-Tugra), Robin (Comodo), Doug (Globalsign), Patrick (OATI), Volkan (TurkTrust), Kubra (TurkTrust), Eddy (Startcom), Tim H (Trustwave), Anoosh (Microsoft), Wayne (GoDaddy), Chris (Trustwave), Jody (Microsoft), Peter (Disig), Ryan S (Google) Antitrust statement was read. Minutes of Jan 22, 2015 meeting were approved. Ballot updates: EV Working Group name change to Validation working group: Jeremy has proposed a ballot to change the name and scope of the working group to include other validations, not just for EV. There are 2 endorsers and the discussion period starts after the call. .Onion Ballot: Jeremy will circulate an update and the review period will start today. Robin asked if wildcard certificates will be allowed. Gerv sent out an explanation why they will be allowed as there is a single private key and so the idea of different mutually-untrusting entities owning and controlling different parts of the subdomain space doesn’t really make much sense for .onion. Eddy challenged this, saying the same thing would apply to normal webserver certificates. Gerv further explained why that is not the case since there is only 1 Tor private key for that domain. Further discussion ensued on wildcard certs in general and it was suggested that an additional topic be added to the face to face meeting on wildcard certs Additional ballots are coming out of EV working group on using attorney opinion letters and domain validation issues as well as operational existence for government entities. On the latter point, Jeremy said they would like for CAs to rely on the verification of the legal existence of the government entity to prove operational existence (instead of having to wait 3 years). Dean said we should wait on this ballot so we can keep it to only 2 active ballots at a time. Vivaldi: A new browser called Vivaldi was recently launched. Dean communicated with Yngve about having Vivaldi join the forum as a browser. Yngve stated they are currently focused on their project and can’t afford the distraction of the forum. Dean will follow-up with Yngve later this year. IPv6: Ryan is still soliciting feedback from CAs on this topic but hasn’t heard from many. Wayne (GoDaddy) is waiting for his network team to provide feedback on this proposal. Ryan stated that Rick (Symantec) had previously said IPv6 is already supported. Eddy asked why is this urgent. Ryan pointed him to the list for recent discussions. Ryan also emphasized the need for the information (transition period, large server operators). Wayne said that if the transition period is a year or longer, that would probably be ok (so that orgs can get into budget cycles). If it’s shorter, there may be pushback from CAs. Ryan stated that is reasonable. Dean suggested that he poll the CA Security Council, which is composed of the 7 largest SSL issuers, and provide a response to Ryan by next meeting. Ryan would like to know who is and is not IPv6 ready and what timeframe is reasonable. EV Working group update: See 3c above. Code Signing Working group: Final draft of BRs will be sent out after the call which incorporates comments from public, auditors and other CABF members. Asking for comments to be returned by March 6th. Expecting to have ballot ready for voting by face to face meeting in March. Policy Review Working group: meeting in Boston postponed due to blizzard. Held 2 hour call instead. Decided to put a ballot forward to change BRs to RFC 3647 format. Once that passes, we will continue to work the rest of the document and submit individual ballots on a section by section basis. Information Sharing Working group: Ben could not give an update during the call. Other business: 26 attendees signed up so far for face to face meeting. Received confirmation from Adrienne Porter-Felt that she will come and present her paper on SSL warnings. Kirk invited people from Oracle and they may come but nothing is firm yet. Kathleen Wilson (Mozilla) will also make a presentation. Microsoft has a separate slot but the topic hasn’t been solidified. June Zurich meeting. Gerv said he nor anyone from Mozilla can come that week. Dean said he would discuss with Kirk and Connie to see if a change is even possible. Next call Feb 19th. Dean Coclin
February 5, 2015 by Ben WilsonAttendees: Dean (Symantec), Gerv (Mozilla), Jeremy (Digicert), Atsushi (Globalsign), Ben W (Digicert), Tim S (Trustwave), Davut (E-Tugra), Robin (Comodo), Doug (Globalsign), Patrick (OATI), Volkan (TurkTrust), Kubra (TurkTrust), Eddy (Startcom), Tim H (Trustwave), Anoosh (Microsoft), Wayne (GoDaddy), Chris (Trustwave), Jody (Microsoft), Peter (Disig), Ryan S (Google) Antitrust statement was read. Minutes of Jan 22, 2015 meeting were approved. Ballot updates: EV Working Group name change to Validation working group: Jeremy has proposed a ballot to change the name and scope of the working group to include other validations, not just for EV. There are 2 endorsers and the discussion period starts after the call. .Onion Ballot: Jeremy will circulate an update and the review period will start today. Robin asked if wildcard certificates will be allowed. Gerv sent out an explanation why they will be allowed as there is a single private key and so the idea of different mutually-untrusting entities owning and controlling different parts of the subdomain space doesn’t really make much sense for .onion. Eddy challenged this, saying the same thing would apply to normal webserver certificates. Gerv further explained why that is not the case since there is only 1 Tor private key for that domain. Further discussion ensued on wildcard certs in general and it was suggested that an additional topic be added to the face to face meeting on wildcard certs Additional ballots are coming out of EV working group on using attorney opinion letters and domain validation issues as well as operational existence for government entities. On the latter point, Jeremy said they would like for CAs to rely on the verification of the legal existence of the government entity to prove operational existence (instead of having to wait 3 years). Dean said we should wait on this ballot so we can keep it to only 2 active ballots at a time. Vivaldi: A new browser called Vivaldi was recently launched. Dean communicated with Yngve about having Vivaldi join the forum as a browser. Yngve stated they are currently focused on their project and can’t afford the distraction of the forum. Dean will follow-up with Yngve later this year. IPv6: Ryan is still soliciting feedback from CAs on this topic but hasn’t heard from many. Wayne (GoDaddy) is waiting for his network team to provide feedback on this proposal. Ryan stated that Rick (Symantec) had previously said IPv6 is already supported. Eddy asked why is this urgent. Ryan pointed him to the list for recent discussions. Ryan also emphasized the need for the information (transition period, large server operators). Wayne said that if the transition period is a year or longer, that would probably be ok (so that orgs can get into budget cycles). If it’s shorter, there may be pushback from CAs. Ryan stated that is reasonable. Dean suggested that he poll the CA Security Council, which is composed of the 7 largest SSL issuers, and provide a response to Ryan by next meeting. Ryan would like to know who is and is not IPv6 ready and what timeframe is reasonable. EV Working group update: See 3c above. Code Signing Working group: Final draft of BRs will be sent out after the call which incorporates comments from public, auditors and other CABF members. Asking for comments to be returned by March 6th. Expecting to have ballot ready for voting by face to face meeting in March. Policy Review Working group: meeting in Boston postponed due to blizzard. Held 2 hour call instead. Decided to put a ballot forward to change BRs to RFC 3647 format. Once that passes, we will continue to work the rest of the document and submit individual ballots on a section by section basis. Information Sharing Working group: Ben could not give an update during the call. Other business: 26 attendees signed up so far for face to face meeting. Received confirmation from Adrienne Porter-Felt that she will come and present her paper on SSL warnings. Kirk invited people from Oracle and they may come but nothing is firm yet. Kathleen Wilson (Mozilla) will also make a presentation. Microsoft has a separate slot but the topic hasn’t been solidified. June Zurich meeting. Gerv said he nor anyone from Mozilla can come that week. Dean said he would discuss with Kirk and Connie to see if a change is even possible. Next call Feb 19th. Dean Coclin
2015-01-22 Minutes
January 22, 2015 by Ben WilsonCA-Browser Forum Conference Call – 22 January 2015 Antitrust Statement was read. Roll Call: Kirk Hall presided as Vice Chair, and took the roll call. Present at the meeting were: Kirk Hall (Trend Micro), Ben Wilson (DigiCert), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Doug Beattie (GlobalSign), Gerv Markham (Mozilla), Jeremy Rowley (DigiCert), Atilla Bilar (TurkTrust), Volkan Nergiz (TurkTrust), Robin Alden (Comodo), Eddy Nigg (Startcom), Stephen Davidson (Quo Vadis), Jody Coultier (Microsoft), Tim Hollebeek (Trustwave), Rick Andrews Symantec), Mads Henriksveen (Buypass), Anoosh Saboori (Microsoft), Peter Miškovič (Disig), Patrick Tronnier (OATI), and Wayne Thayer (GoDaddy), **Agenda reviewed. ** There were no changes to the Agenda. Minutes of 8 January 2015 The meeting minutes were approved by consent. Ben to post on website .Onion proposal update Kirk asked Jeremy for an update on his .onion draft ballot for allowing EV certs for .onion domains. Jeremy revised the ballot to permit multiple TorDescriptorHashes in the certificate. The modified ballot was posted yesterday. He noted he had one endorser (Google), and was still looking for a second endorser. Wayne said GoDaddy would be the second endorser. Jeremy said he will move forward with the ballot.
January 22, 2015 by Ben WilsonCA-Browser Forum Conference Call – 22 January 2015 Antitrust Statement was read. Roll Call: Kirk Hall presided as Vice Chair, and took the roll call. Present at the meeting were: Kirk Hall (Trend Micro), Ben Wilson (DigiCert), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Doug Beattie (GlobalSign), Gerv Markham (Mozilla), Jeremy Rowley (DigiCert), Atilla Bilar (TurkTrust), Volkan Nergiz (TurkTrust), Robin Alden (Comodo), Eddy Nigg (Startcom), Stephen Davidson (Quo Vadis), Jody Coultier (Microsoft), Tim Hollebeek (Trustwave), Rick Andrews Symantec), Mads Henriksveen (Buypass), Anoosh Saboori (Microsoft), Peter Miškovič (Disig), Patrick Tronnier (OATI), and Wayne Thayer (GoDaddy), **Agenda reviewed. ** There were no changes to the Agenda. Minutes of 8 January 2015 The meeting minutes were approved by consent. Ben to post on website .Onion proposal update Kirk asked Jeremy for an update on his .onion draft ballot for allowing EV certs for .onion domains. Jeremy revised the ballot to permit multiple TorDescriptorHashes in the certificate. The modified ballot was posted yesterday. He noted he had one endorser (Google), and was still looking for a second endorser. Wayne said GoDaddy would be the second endorser. Jeremy said he will move forward with the ballot.
2015-01-08 minutes
January 8, 2015 by Ben WilsonMinutes Jan. 8, 2015 Attendees: Dean, Davut, Patrick (OATI), Wayne, Atsushi, Ben, Kirk, Atilla, Gerv, Doug, Eddy, Jeremy, Tim H(Trustwave), Cecilia, Ryan S, Stephen, Chris (Trustwave), Kubra, Volkan (Turktrust), Robin, Bruce, Tim S (Trustwave), Sisel (Buypass), Peter (Disig), Rick Minutes of 12 December meeting were approved. These will be posted to the public list. .Onion proposal: Jeremy is looking for a 2nd The proposal is for EV vetting of .Onion domains, which provide the value as to who is operating the service (removing anonymity for the service provider). He is working with IANA to reserve a .onion name but this is progressing slowly and may not happen before it goes to ballot. Ballots 141/142: Kirk and Gerv have reposted the ballots and voting will begin next week. Stephen said he is opposed to removing the insurance requirement and that it’s not a meaningful barrier to entry to the CA business. It also sends the wrong message about the value of our services to the world. He believes the liability proposal from Trend is hard to define for many CAs and that they will ‘wing it’ which will weaken the current system. Kirk said the current EV insurance requirements don’t provide benefits to anyone. Eddy agreed that the current insurance is useless. Stephen said the complexity of ballot 141 would require CAs to do a lot of diligence with their management and legal teams which they may not be willing to do for this ballot. Dean suggested that CA’s be required to post the type of insurance they have in their CPS. Stephen said that’s fine but we’re trying to have consistency among all CAs.
January 8, 2015 by Ben WilsonMinutes Jan. 8, 2015 Attendees: Dean, Davut, Patrick (OATI), Wayne, Atsushi, Ben, Kirk, Atilla, Gerv, Doug, Eddy, Jeremy, Tim H(Trustwave), Cecilia, Ryan S, Stephen, Chris (Trustwave), Kubra, Volkan (Turktrust), Robin, Bruce, Tim S (Trustwave), Sisel (Buypass), Peter (Disig), Rick Minutes of 12 December meeting were approved. These will be posted to the public list. .Onion proposal: Jeremy is looking for a 2nd The proposal is for EV vetting of .Onion domains, which provide the value as to who is operating the service (removing anonymity for the service provider). He is working with IANA to reserve a .onion name but this is progressing slowly and may not happen before it goes to ballot. Ballots 141/142: Kirk and Gerv have reposted the ballots and voting will begin next week. Stephen said he is opposed to removing the insurance requirement and that it’s not a meaningful barrier to entry to the CA business. It also sends the wrong message about the value of our services to the world. He believes the liability proposal from Trend is hard to define for many CAs and that they will ‘wing it’ which will weaken the current system. Kirk said the current EV insurance requirements don’t provide benefits to anyone. Eddy agreed that the current insurance is useless. Stephen said the complexity of ballot 141 would require CAs to do a lot of diligence with their management and legal teams which they may not be willing to do for this ballot. Dean suggested that CA’s be required to post the type of insurance they have in their CPS. Stephen said that’s fine but we’re trying to have consistency among all CAs.
2014-12-12 Minutes
December 12, 2014 by Ben WilsonAttendees: Doug (GS), Rick (Symc), Ryan (Google), Atsushi (GS), Atilla + Volkan and Kubra (TurkTrust), Eddy (Startcom), Chris (Trustwave), Rich (Comodo), Davut (E-Turgra), Wayne (GoDaddy), Kirk (Trend), Mads (Buypass), Peter (Disig), Ben, Jeremy (Digicert), Kelvin (MSFT), Moudrick, Tim S. (Trustwave), Robin (Comodo), Candice (OATI), Tim H (Trustwave), Mat (Apple) Minutes of Nov 13th were approved. .Onion proposal Jeremy to post final version of his proposal/ballot. Will allow CAs to issue certs to .onion domains post the 2015 deprecation date. These are used in TOR networks which doesn’t use a traditional naming system. Instead part of the hash of the key is your name. Ryan Sleevi has offered to endorse.
December 12, 2014 by Ben WilsonAttendees: Doug (GS), Rick (Symc), Ryan (Google), Atsushi (GS), Atilla + Volkan and Kubra (TurkTrust), Eddy (Startcom), Chris (Trustwave), Rich (Comodo), Davut (E-Turgra), Wayne (GoDaddy), Kirk (Trend), Mads (Buypass), Peter (Disig), Ben, Jeremy (Digicert), Kelvin (MSFT), Moudrick, Tim S. (Trustwave), Robin (Comodo), Candice (OATI), Tim H (Trustwave), Mat (Apple) Minutes of Nov 13th were approved. .Onion proposal Jeremy to post final version of his proposal/ballot. Will allow CAs to issue certs to .onion domains post the 2015 deprecation date. These are used in TOR networks which doesn’t use a traditional naming system. Instead part of the hash of the key is your name. Ryan Sleevi has offered to endorse.
2014-11-13 Minutes
November 13, 2014 by Ben WilsonAntitrust Statement was read. Roll Call: Rick (Symantec), Bruce (Entrust), Atsushi (Globalsign), Jeremy (Digicert), Tim S (Trustwave), Kirk (Trend Micro), Wayne (GoDaddy), Gerv (Mozilla), Eddy (Startcom), Connie (Swisscom), Jody (Microsoft), Kelvin (Microsoft), Robin (Comodo), Rich (Comodo), and Davut (E-Tuğra) Agenda reviewed. There were no changes to the Agenda. Minutes of 30 October 2014 The meeting minutes (as previously corrected for name misspelling) were approved by consent. Ben to post on website
November 13, 2014 by Ben WilsonAntitrust Statement was read. Roll Call: Rick (Symantec), Bruce (Entrust), Atsushi (Globalsign), Jeremy (Digicert), Tim S (Trustwave), Kirk (Trend Micro), Wayne (GoDaddy), Gerv (Mozilla), Eddy (Startcom), Connie (Swisscom), Jody (Microsoft), Kelvin (Microsoft), Robin (Comodo), Rich (Comodo), and Davut (E-Tuğra) Agenda reviewed. There were no changes to the Agenda. Minutes of 30 October 2014 The meeting minutes (as previously corrected for name misspelling) were approved by consent. Ben to post on website
2014-10-30 Minutes
October 30, 2014 by Ben WilsonAntitrust Statement was read. Roll Call: Dean (Symantec), Rick (Symantec), Bruce (Entrust), Ben (Digicert), Atsushi (Globalsign), Atilla (TurkTrust), Jeremy (Digicert), Tim S (Trustwave), Tim H (Trustwave), Matt (Apple), Doug (Globalsign), Kirk (Trend Micro), Wayne (GoDaddy), Joe (Wells Fargo), Gerv (Mozilla), Erwann (OpenTrust), Eddy (Startcom), Patrick (Swisscom), Aaron (Microsoft), Kelvin (Microsoft) Agenda reviewed. Minutes of 16 October 2014 and Beijing F2F meeting were approved. Ben to post on website Ballot Review.
October 30, 2014 by Ben WilsonAntitrust Statement was read. Roll Call: Dean (Symantec), Rick (Symantec), Bruce (Entrust), Ben (Digicert), Atsushi (Globalsign), Atilla (TurkTrust), Jeremy (Digicert), Tim S (Trustwave), Tim H (Trustwave), Matt (Apple), Doug (Globalsign), Kirk (Trend Micro), Wayne (GoDaddy), Joe (Wells Fargo), Gerv (Mozilla), Erwann (OpenTrust), Eddy (Startcom), Patrick (Swisscom), Aaron (Microsoft), Kelvin (Microsoft) Agenda reviewed. Minutes of 16 October 2014 and Beijing F2F meeting were approved. Ben to post on website Ballot Review.
2014-10-16 Minutes
October 16, 2014 by Ben WilsonMinutes of CA/Browser Forum, 16 October 2014 Antitrust Statement was read. Roll Call: Aaron Kornblum, Atilla Biler, Ben Wilson, Dean Coclin, Atsushi Inaba, Phillip Hallam Baker, Doug Beattie, Eddy Nigg, Mads Henriksveen, Jeremy Rowley, Kelvin Yiu, Erwann Abalea, Robin Alden, Wayne Thayer, Tim Shirley, Gerv Markham, Patrick Tronnier and Tim Hollebeek Agenda reviewed. Minutes of 2 October 2014 were approved. Ballot Review. Ballot 136 – Dean Coclin of Symantec has been elected incoming Chair of the CA/B Forum. Dean and Ben will work together on the transition over the next few weeks. Please let Dean know if you would like to volunteer to help on any ongoing logistical items or CABF operations tasks.
October 16, 2014 by Ben WilsonMinutes of CA/Browser Forum, 16 October 2014 Antitrust Statement was read. Roll Call: Aaron Kornblum, Atilla Biler, Ben Wilson, Dean Coclin, Atsushi Inaba, Phillip Hallam Baker, Doug Beattie, Eddy Nigg, Mads Henriksveen, Jeremy Rowley, Kelvin Yiu, Erwann Abalea, Robin Alden, Wayne Thayer, Tim Shirley, Gerv Markham, Patrick Tronnier and Tim Hollebeek Agenda reviewed. Minutes of 2 October 2014 were approved. Ballot Review. Ballot 136 – Dean Coclin of Symantec has been elected incoming Chair of the CA/B Forum. Dean and Ben will work together on the transition over the next few weeks. Please let Dean know if you would like to volunteer to help on any ongoing logistical items or CABF operations tasks.
2014-10-02 Minutes
October 2, 2014 by Ben WilsonMinutes of CA/Browser Forum, 2 October 2014 1. Antitrust Statement was read.
October 2, 2014 by Ben WilsonMinutes of CA/Browser Forum, 2 October 2014 1. Antitrust Statement was read.
Minutes of the F2F 33 Meeting in Beijing, China, 16-18 September 2014
September 16, 2014 by Ben WilsonMeeting 33 – Beijing ChinaThe antitrust statement was read. Present: Annabel Lewis, Arno Fiedler, Atilla Biler, Atsushi Inaba, Ben Wilson, Blues Lin, Bruce Morton, Cecilia Kam, Chris Bailey, Cui Jiu Qiang, David Chen, Dean Coclin, Don Sheehy, Doug Beattie, Gervase Markham, Haochun Li, Iñigo Barreira, Jeremy Rowley, John Johansen, Kirk Hall, Li-Chun Chen, Moudrick Dadashov, Patricia Forsyth, Richard Wang, Rick Andrews, Ryan Sleevi (by telephone), Tom Albertson, Wayne Thayer, Hanrui Gao (Day 2)
September 16, 2014 by Ben WilsonMeeting 33 – Beijing ChinaThe antitrust statement was read. Present: Annabel Lewis, Arno Fiedler, Atilla Biler, Atsushi Inaba, Ben Wilson, Blues Lin, Bruce Morton, Cecilia Kam, Chris Bailey, Cui Jiu Qiang, David Chen, Dean Coclin, Don Sheehy, Doug Beattie, Gervase Markham, Haochun Li, Iñigo Barreira, Jeremy Rowley, John Johansen, Kirk Hall, Li-Chun Chen, Moudrick Dadashov, Patricia Forsyth, Richard Wang, Rick Andrews, Ryan Sleevi (by telephone), Tom Albertson, Wayne Thayer, Hanrui Gao (Day 2)
2014-09-04 Minutes
September 4, 2014 by Ben WilsonMinutes of CA/B Forum Teleconference – 4 Sept. 2014 1. Antitrust Statement: Read.
September 4, 2014 by Ben WilsonMinutes of CA/B Forum Teleconference – 4 Sept. 2014 1. Antitrust Statement: Read.