<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body style="word-wrap:break-word" vlink="#954F72" link="#0563C1"
lang="EN-US">
<br>
These are the Final Minutes of the Teleconference described in the
subject of this message,<br>
<div class="moz-forward-container"> <span lang="EN-GB"><br>
<o:p></o:p></span>
<div class="WordSection1">
<div>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:105%"><span
lang="EN-GB">===============================<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Meeting of
the CA/Browser Forum</b><o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>February 2,
2023</b><o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Attendance</b>:
Aaron Poulsen - (Amazon), Adam Jones - (Microsoft), Amanda
Mendieta - (Apple), Andrea Holland - (SecureTrust), Ben
Wilson - (Mozilla), Bruce Morton - (Entrust), Chad Ehlers -
(IdenTrust), Chris Clements - (Google), Chris Kemmerer -
(SSL.com), Clint Wilson - (Apple), Corey Bonnell -
(DigiCert), Corey Rasmussen - (OATI), Daryn Wright -
(GoDaddy), Dean Coclin - (DigiCert), Dimitris Zacharopoulos
- (HARICA), Doug Beattie - (GlobalSign), Dustin Hollenback -
(Microsoft), Enrico Entschew - (D-TRUST), Fumi Yoneda -
(Japan Registry Services), Inaba Atsushi - (GlobalSign),
Inigo Barreira - (Sectigo), Janet Hines - (SecureTrust),
Joanna Fox - (TrustCor Systems), Johnny Reading - (GoDaddy),
Jos Purvis - (Fastly), Karina Sirota - (Microsoft), Kiran
Tummala - (Microsoft), Marcelo Silva - (Visa), Martijn
Katerbarg - (Sectigo), Michelle Coon - (OATI), Nargis Mannan
- (SecureTrust), Paul van Brouwershaven - (Entrust), Pedro
Fuentes - (OISTE Foundation), Peter Miskovic - (Disig),
Rebecca Kelley - (Apple), Ryan Dickson - (Google), Sissel
Hoel - (Buypass AS), Stephen Davidson - (DigiCert), Steven
Deitte - (GoDaddy), Steve Topletz - (Cisco Systems),
Tadahiko Ito - (SECOM Trust Systems), Thomas Zermeno -
(SSL.com), Tim Hollebeek - (DigiCert), Tobias Josefowitz -
(Opera Software AS), Trevoli Ponds-White - (Amazon), Wayne
Thayer - (Fastly), Wendy Brown - (US Federal PKI Management
Authority), Yoshiro Yoneya - (Japan Registry Services).<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><br>
<b>Antitrust Statement</b> read by Dimitris Zacharopoulos.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Review of
Agenda:</b> There were no additions.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Approval of
Minutes</b> from Last Call of January 19, 2023: minutes
were approved.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Next
minute-taker</b> – Chris Clements (February 16, 2023)<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Forum
Infrastructure Subcommittee update </b>– Moving away from
the existing wiki and replace with a system called
bookstack. Would like to move the existing wiki to read only
starting today, but it may be down for a week. Since we are
in the signup phase for the next F2F it was decided to
postpone the wiki change until after the F2F. Would like the
wiki back or available to do the minutes after the F2F.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Code Signing
Certificate Working Group update</b> – Working on 3
ballots. One to change revocation requirements when suspect
code is signed. Second is updating signing service
requirements. Third is to remove call outs to SSL BRs, by
including the same text or rationalizing the text to make
sense for code signing. Hoping to have these closed in the
next few months.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>S/MIME
Certificate Working Group update</b> – Planning to have
WebTrust draft by the next F2F. There has been a meeting of
ETSI working on ETSI auditable plan for their next F2F in
May. CAA may be extended to S/MIME based on an Internet
draft written by Corey. Would probably have an effective
date in 2024. Discussed whether existing issuing CAs can be
used or do new issuing CAs need to be created to meet the
S/MIME BR requirements. There was consensus that existing
issuing CAs could be used if they meet the S/MIME BRs. There
was discussion of methods available for Enterprise RAs to
validate email addresses. Waiting to hear confirmation back
from certificate consumers about adopting the S/MIME BRs. We
understand the Mozilla community is kicking off an inclusion
discussion.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Network
Security Working Group update</b> – New meeting invite
available on the wiki or from Clint. Currently working on
introductory paragraphs to define desired outcomes of the
sections and implementations.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Bylaw
Changes </b>– Dimitris and Tim Hollebeek working on
updates to bylaws. For example removing of reading
anti-trust statement at before each meeting. According to
the existing Bylaws, the meeting we are having right now is
defined as a Teleconference and the antitrust statement only
needs to be read at the face to face meetings. There should
be a short statement read at the beginning of the
Teleconference and F2F meetings. There may be some members
with antitrust issues in there jurisdictions which they need
to work through. It was suggested that it would be of
benefit to those with antitrust issues to have the Bylaws
changed. It was agreed that we would read a message similar
to this starting at the next meeting, “All participants are
reminded that they must comply with the CA/Browser Forum
anti-trust policy, code of conduct, and intellectual
property rights agreement. Please contact the chair with any
comments or concerns about these policies.”<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>F2F58 Draft
Agenda </b>– We need to get the agenda finalized. Expect
WG chairs to finalize their agendas. Looking for input from
Browsers and Auditors for the time required. Everyone was
asked to please register for the next F2F. It was agreed
that the Browsers time has appeared to be too short, so the
normal 10 minutes each was changed to 15 minutes each.
S/MIME BR Chair will ask if there are any interest of
presentation by the S/MIME certificate consumers.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Lessons
Learned SC60 </b>– Issue of ballot failing for a company
that qualified and met the requirements. Do we need to add
anything else in the membership application? Updates to
clarify the requirements for voting in new members – charter
or the bylaws. What do we do if the membership ballot fails?
When can the applicant apply again? Do ballot proposers need
to publish ballot results? Disappointed there was no ballot
discussion, since there could have been an argument that the
applicant did not meet the requirements. There was some
disagreement about the ballot question. It was argued that a
ballot failing is an acceptable outcome of a vote. Tim
stated the question “What’s the point of having membership
criteria if we arbitrarily reject people who meet the
membership criteria?” Plan to discuss at the next F2F. The
application process should not imply that a new applicant
will be a new member. It was stated that we should not be
making assumptions when we do not have enough information.
Tobias wanted to voice his disagreement about the
interpretation of the charter; he stated that we need to
work to the charter and not bring in any other notions.
Tobias is willing to propose a ballot to change the charter
so the a future application from the same applicant can not
be accepted for a year and the reasons for failing are no
longer present. Tim H. is concerned that there will be many
assumptions externally from the Forum, which could hurt the
reputation, so we next to explain what happened to a broader
audience.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Any other
business: </b>None<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Next
Meeting:</b> February 16, 2023<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:106%"><b>Meeting
adjourned.</b></p>
</div>
</div>
</div>
</body>
</html>