[cabfpub] Final Minutes for CA/Browser Forum Teleconference - May 14, 2020

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Mon Jun 1 18:38:49 UTC 2020

These are the Final Minutes of the Teleconference described in the 
subject of this message*.*

    Attendees (in alphabetical order)

Adam Clark (Visa), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce 
Morton (Entrust Datacard), Clint Wilson (Apple), Corey Bonnell 
(SecureTrust), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean 
Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie 
(GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), 
Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jos Purvis (Cisco 
Systems), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass 
AS), Michael Guenther (SwissSign), Mike Reilly (Microsoft), Neil Dunbar 
(TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe 
(GlobalSign), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), 
Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), 
Shelley Brewer (Digicert), Stephen Davidson (Quo Vadis), Taconis Lewis 
(US Federal PKI Management Authority), Thanos Vrachnos (SSL.com), Tim 
Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli 
Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal 
PKI Management Authority).


      1. Roll Call

The Chair took attendance.

      2. Read Antitrust Statement

The Antitrust Statement was read.

      3. Review Agenda

Accepted without changes. Enrico volunteered to take minutes on the next 

      4. Approval of minutes from previous teleconference

Accepted without objections.

      5. Forum Infrastructure Subcommittee update

Jos gave the reports.

  * On the issue of migrating the mailers and web site, the subcommittee
    will make progress with the web site first.
  * On the issue of pandoc formatted BRs, Jos will proceed with making
    changes to the "Travis" configuration to autobuild with the new pandoc.
  * WebEx demoing various options. Evaluated default and existing
    meeting options with Dimitris and tested various scenarios. We did
    not have a chance to evaluate other types of webex meetings because
    they were not available in our subscription.
  * Migration of webex. The URL is changing and cabf.cabforum.org is the
    new URL. Chairs and Vice Chairs of subcommittees should ask for an
    account and schedule new meetings. Don't forget to update the
    associated wiki page with the new meeting information.

Tim asked about the calendar invites on the old system. Jos replied that 
the old WebEx account will disappear in June.

The draft minutes of that particular Subcommittee meeting are available 
at the following URL:

  * https://lists.cabforum.org/pipermail/infrastructure/2020-May/000229.html

      6. Code Signing Working Group update

Dean: The merged document is ready to proceed. They also created a 
prioritized list of parking lot items, and will work with the top 5 
things. The SC added a code signing wiki page with this information. 
Draft document with mark-ups and parking lot items are added to that wiki.

Next plan is to put this document up for a ballot. Dimitris asked if 
this would be considered a new Guideline, thus requiring 60 days of IPR 
review or an update to an existing guideline, thus requiring 30 days of 
IPR review. Dean said they will add it to the agenda for next meeting. 
Tim proposed to update of one of the two. Dean will explore these 
options. Sunsetting one document makes sense and  Ryan thinks 30 days is 
ok with calling this "merge" a maintenance guideline.

      7.  New S/MIME WG Charter

This was now supposed to be in the discussion period but due to a 
technical issue with the ballot redline link, it is not a correct 
ballot. Tim will have to restart the discussion period by posting the 
proper "immutable" redline link, if this is supposed to be the normative 
ballot text.
Tim mentioned that there is one last thing being discussed about root 
certificates that are not publicly trusted and which should be out of 
scope. There are concerns raised by Ryan that he is trying to understand.

Ryan said that the way this is written, what seems to be documented as 
out of scope can easily be presented differently to be in scope. He 
asked what is it that we're trying to prevent. This language also 
prevents things we want to address. FPKI schemes and policy seems that 
they cannot be discussed. There was also a change in the introduction of 
the ballot.

Tim thinks that the current language does not prohibit that. The WG 
should not delete these things. Discuss for publicly-trusted.

Corey, asked to clarify the net result. This group would not produce 
standards that would be used exclusively on a private PKI.

Dimitris reminded the members about the codesigning WG charter where the 
Trusted third-party model was in scope and the non third-party model was 
out of scope.

Arno said that it's good to take existing standards into account like 
ETSI NCP, etc.

Tim will check Forum-11 for an immutable red-line link.

      8.  Discussion about F2F agenda

No new topics for the agenda. It will be finalized at the next meeting.

If anybody has an idea of a good topic to discuss on our virtual meeting 
send it to the public list or to Dimitris.

      9. Any Other Business

Doug mentioned that he assumes same virtual mode will be for a couple 
more F2F meetings. It is becoming very likely that F2F 51 will also need 
to be done virtually. The group agreed to wait another month to 6 weeks. 
Likely it will be cancelled due to International restrictions.

Trev: Some companies do not allow employees to travel
Doug: There is also an significant financial impact
Corey: Currently, US and Japan self-quaranteen for 2 weeks.

In relation to Forum-12: Update CA/B Forum Bylaws.
There has been no feedback and Dimitris intends to start the voting 
period as soon as the discussion period is over.

      10. Next call

May 28, 2020 at 11:30 am Eastern Time.


      *F2F Meeting Schedule: *

  * 2020: June 9-11 (Virtual Meeting), October 20-22 Tokyo (GlobalSign)
  * 2021: Feb-March San Jose, CA (Cisco), June – Poland (Asseco-Certum),
    October - Minneapolis (OATI)
  * 2022: Mar-April Dubai (DarkMatter) or New Delhi / Bengaluru
    (e-Mudhra), June - [Open], October - New Delhi / Bengaluru
    (e-Mudhra) or Dubai (DarkMatter)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20200601/62111032/attachment-0002.html>

More information about the Public mailing list