[cabfpub] Final Minutes of CA/B Forum Call April 15, 2021

Dean Coclin dean.coclin at digicert.com
Thu Apr 29 21:03:02 UTC 2021

Here are the approved minutes of the subject call.



Attendees: Adrian Mueller (SwissSign), Ali Gholami (Telia), Ben Wilson
(Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson
(Apple), Corey Bonnell (DigiCert), Curt Spann (Apple), David Kluge (Google),
Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie
(GlobalSign), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate),
Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jeff Ward (CPA
Canada/WebTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems),
Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Michelle Coon
(OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko
Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Paul van Brouwershaven
(Entrust), Pedro Fuentes (OISTE Foundation), Rebecca Kelley (Apple), Ryan
Sleevi (Google), Sebastian Schulz (GlobalSign), Stephen Davidson (Digicert),
Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS),
Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority)


1. Anti-Trust statement was read

2. The Agenda was reviewed

3. Minutes of the last call were approved. Still awaiting minutes from March
15th call. Karina said she would finish them.

4. Forum Infrastructure working group: Jos gave the update:

*	Discussions on what's left to do to update github. Now with the
passing of SC41, changes will be made to update the old infrastructure. 
*	Some changes were requested from validation subgroup on cert profile
updates (look and feel). A style guide is being worked for producing
documents including a markdown linter. 
*	A docker image method was also being worked. 
*	SMTP is being setup to forward updates from github to the various
*	Issues section being added for submission of issues to CA/B Forum. 
*	The website is still being hosted on GoDaddy on WordPress. Working
on getting a clone setup for testing. 
*	Discussed archiving older content (old ballots, minutes, media
files) and staticly linking them to the website. 
*	Membership management-new spreadsheet being created. New CA/B Forum
level google account established which can own documents for CA/B Forum,
helpful for transition to new chairs. 

5. Code Signing working group update: Bruce gave the update:

*	Intel will become an Interested Party
*	CSCWG-8 has passed and in IPR review.
*	Cleanup ballot in progress on some open items
*	Discussions from F2F on dedicated roots
*	Current requirements for test sites points to SSL BRs which doesn't
make sense for code signing
*	Discussion on Common Criteria and HSM requirements for code
*	CP OIDs: There is no CP OID for a timestamping cert. Would like to
create one. Ryan asked if this is within the scope of the charter. Bruce
said that codesigning does issue timestamps and would like to connect to the
TS OID in order to comply to a CA/B Forum document. Ryan said he was
concerned if the WG is adopting something out of the scope of the charter
and suggested that someone propose to the forum the addition of this task,
if properly scoped. Dean said that the group would need to look at that.
Dimitris thought that this was added as part of 1a in the charter. This
states that the requirements for EV CS include timestamping and hence are
grandfathered. It's just a logical next step of something already updates.
Ryan suggested we continue on the list. There had been discussion in
Infrastructure WG to clean up our OID registry
(https://cabforum.org/object-registry/). Dean will put this on the agenda
for the CSWG. 

6. S/MIME working group update: Stephen gave the update:

*	Discussion on reusing the Audit section (8) from the TLS Baseline
Requirements. Question on acceptable audit criteria 8.4, govt audits: will
this option still be acceptable to root stores?
*	Discussion on reusing Net Sec requirements
*	Everything is in github repository for review. Looking for feedback
*	Algorithms from TLS BRs moved over to SMIME

7. Any other business: None

8. Next call: April 29th


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20210429/7b985c5f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20210429/7b985c5f/attachment-0001.p7s>

More information about the Public mailing list