[cabfpub] Final Minutes for CA/Browser Forum Teleconference - September 3, 2020

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Fri Sep 18 08:55:57 UTC 2020

These are the Final Minutes of the Teleconference described in the 
subject of this message as prepared by Wayne Thayer (Mozilla).*

    Attendees (in alphabetical order)

Amanda Mendieta (Apple), Ben Wilson (Mozilla), Bruce Morton (Entrust 
Datacard), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris 
Kemmerer (SSL.com), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean 
Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback 
(Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), 
Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), Janet 
Hines (SecureTrust), Joanna Fox (GoDaddy), Johny Reading (GoDaddy), Jos 
Purvis (Cisco Systems), Karina Sirota (Microsoft), Kirk Hall (Entrust 
Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads 
Henriksveen (Buypass AS), Mayur Manchanda (Visa), Michelle Coon (OATI), 
Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter 
(SecureTrust), Peter Miskovic (Disig), Rae Ann Gonzales (Godaddy), 
Rebecca Kelley (Apple), Robin Alden (Sectigo), Ryan Sleevi (Google), 
Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tim Hollebeek 
(Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White 
(Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management 


      1. Roll Call

The Chair took attendance.

      2. Read Antitrust Statement

The Antitrust Statement was read.

      3. Review Agenda

No changes to the agenda were noted. It was noted that Wayne Thayer 
volunteered to take minutes for this teleconference and Dimitris will 
take minutes on the next one.

      4. Approval of minutes from previous teleconference

Accepted without objections.

      5. Forum Infrastructure Subcommittee update

Jos said that the subcommittee is still working on updates to the 
password archives. Discussed updates to the structure of the GitHub 
repository. We are fleshing out a plan to create separate repos for each 
working group. An issue was raised about where to host the NCSSRs. A 
proposal has been made to replicate them into each WG repo. This means 
that each WG can manage their own documents and pull requests can be 
handled by the WG chairs. GoDaddy has created a document that is a 
distillation of the BRs into a timing matrix of when things need to 
happen. GoDaddy asked if this document could be contributed to a CAB 
Forum repo. Discussed how to do that without creating the appearance 
that these are official CAB Forum docs. The solution we landed on was to 
host the document elsewhere and create a section for links to shared 
docs on the wiki and/or website that clearly indicates the status of the 
document and who owns it. This could also be useful references for 
things like CABLint and ZLint.


      6. Code Signing Working Group update

Dean said that he was not on the last call, but the document is finished 
and out for IPR review. Now the WG is going through parking lot items 
that were not addressed in the current version of the document. Looks 
like one big work item is to address EV requirements that should also 
apply to non-EV code signing certificates. Bruce is compiling a list of 
items to discuss at the next call. Also planning a discussion of high 
risk requests on Sept 24th.

Mike: that was an accurate summary of the discussion.

      7.  S/MIME Working Group update

Stephen said that the WG met yesterday. No additional members have 
joined. Mads Henriksveen from Buypass was confirmed as the Vice-Chair. 
The WG is trying to create a work product as soon as possible, and is 
focusing on a default certificate profile. This is requiring a lot of 
discussion because client software tends to be very forgiving. Also 
discussing the various use cases and deployment scenarios for S/MIME 
which are broader than for TLS. Some of this information has been posted 
to the public list, and we’re continuing to seek additional sources of 

      8.  Elections update

Dimitris said that we have one candidate for each chair position. This 
means we don’t need an elections committee. Dimitris will prepare 
confirmation ballots for the Forum and SCWG and sending them on Monday 
according to our schedule, and Bruce or Dean will do the same for the 
code signing WG.

Dean: Remind us when the Vice Chair nominations open?

Dimitris said that nominations for Vice Chair begin on Oct 7 according 
to the original schedule. We can probably start earlier because we don’t 
have an elections committee.

      9. Any Other Business

Dimitris said that the next F2F is scheduled for Oct 20. Should we start 

Dean: Yes, we should start.

Mike: Have we considered the time zone?

Dimitris: The prior meeting’s time zone was though to be most convenient 
for all. Plan would be for the same.

Dean: We tried to accommodate the global audience by doing it early 
morning West Coast time. We could better accommodate Asia by hosting the 
meetings later, but that is bad for Europe.

Mike: The times we used before were probably best for all.

      10. Next call

The next call will take place on September 17, 2020 at 11:30am Eastern Time.


      F2F Meeting Schedule:

  * 2020: October 20-22 (Virtual)
  * 2021: Feb-March San Jose, CA (Cisco), June – Poland (Asseco-Certum),
    October - Minneapolis (OATI)
  * 2022: Mar-April New Delhi / Bengaluru (e-Mudhra), June - [Open],
    October - [Open]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20200918/f690af18/attachment-0002.html>

More information about the Public mailing list