[cabfpub] Final Minutes of the CA/B Forum meeting August 5, 2021

Dean Coclin dean.coclin at digicert.com
Thu Aug 19 16:11:58 UTC 2021 

Attendees: Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson
(Mozilla), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell
(Digicert), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug
Beattie (GlobalSign), Hazhar Ismail (MSC Trustgate), Inaba Atsushi
(GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Johnny
Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads
Henriksveen (Buypass AS), Mike Reilly (Microsoft), Niko Carpenter
(SecureTrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig),
Rebecca Kelley (Apple), Ryan Sleevi (Google), Shelley Brewer (Digicert),
Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tobias
Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer
(Mozilla), Wendy Brown (US Federal PKI Management Authority), Natalia
Kotliarsky (SecureTrust), Brittany Randall (GoDaddy), Tyler Myers (GoDaddy),
Fumihiko Yoneda (Japan Registry Services), Yoshiro Yoney  a (Japan Registry
Services), Mike Min (GoDaddy), Rachel McPherson (Trustcor), Jose Guzman
(GoDaddy)

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Roll Call

Dean Coclin read the roll.

3. Review Agenda

No changes were made to the agenda.

4. Approval of minutes from last teleconference

*       July 8 minutes were approved
*       July 22 minutes were approved

5. Forum Infrastructure Subcommittee update

*       Met on 28 July.  Covered version packet implemented in GitHub.
Gives ability to see which pull request made changes to a document.  Tags go
back only a few versions for documents but will be complete going forward.
*       Redlines is the next thing they are digging into for ballot process.
Moving to an automated process.  In recent ballot had some redline problems
with how MSWord was functioning.

6. Code Signing Certificate Working Group update

*       CSC 9 in voting period.  Ends today and looks like it will pass
*       CSC 10 will go to ballot shorting which will clarify WebTrust
version 2 audit criteria
*       Discussed moving the CS BRs to the new format.  Dimitris created a
Google doc to help map the migration from old to new format
*       Moving out next session on signing services to September

7. S/MIME Certificate Working Group update

*       Met on 4 Aug.  Over past two sessions clarifying direction on
profiles, common terminology, etc.  This is resetting the certificate
profiles.  How Corporate certs were being used was complicating the approach
for profiles.  Resetting the terminology will help move forward.  Profile
will include:

        *       Mailbox
        *       Legal person
        *       Natural person

*       Good, positive discussion in the last two meetings.

8. REMINDER: Fall F2F Dates: Oct 12-14

*       Reminder of the dates for upcoming f2f.  Once Karina is back the
sign up page will be set up and ready to go
*       Keeping an eye on the COVID situation for future F2F meeting impacts

9. Any Other Business

Yoshiro Yoneya asked if anyone had attended the IETF meetings last week.
Any updates?

Ryan stated that Google, DigiCert (Tim Hollebeek) were involved in the LAMPS
discussion. ACME was covered.  DigiCert is working in the LAMPS group.
Document signing EKU creation was discussed.  Google is not supportive for
many reasons.  Long discussions on this topic in the IETF meeting and best
to review the minutes: (https://datatracker.ietf.org/doc/minutes-111-acme/)

Where CABF comes in?  Ryan doesn't think this EKU makes sense and he's
advocated that if this is important for the CABF (e.g. SMIME Working Group)
then there is an opportunity for orgs (e.g. ETSI) or CABF to charter a work
group to define what a document signing cert would look like and how would
it be used. IETF has not adopted anything at this point so the question is
if the CABF needs to adopt a position.

Tadahiko Ito stated there is a demand to have a public document signing EKU
for not using emailProtection certs for (non-email)document signing.  There
might be different ways of realizing EKUs for that purpose.

UTA (Using TLS in Applications) is also a topic being discussed in IETF.
Details can be found in the IETF minutes

10. Next call: August 19th, 2021 at 11AM Eastern

Adjourn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20210819/f1c10c30/attachment.p7s>

More information about the Public mailing list