From dean.coclin at digicert.com Wed Mar 3 19:17:34 2021 From: dean.coclin at digicert.com (Dean Coclin) Date: Wed, 3 Mar 2021 19:17:34 +0000 Subject: [cabfpub] Final Minutes of CA/B Forum Meeting Feb 18, 2021 Message-ID: Here are the final minutes of the subject meeting: 1. Attendance: Aaron Gable (Let's Encrypt), Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Sebastian Schulz (GlobalSign), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority) 2. Anti-Trust statement read 3. Forum Infrastructure - Ben Wilson gave the update a. Looking at how do a redesign of the website i. Make things easier for people to find ii. Make things categorized by working groups and have the documents page be the key landing page. 4. Code Signing Working group update -Bruce Morton gave the update a. Designated people to take minutes for 3 months ahead b. Finished approving ballot CSWG-07 and now on IPR agreement review through March 5th. c. Considering using the Pandoc versions of the document for the new version of the document. i. Change format to RFC 3637 format before doing Pandoc version d. Discussed OCSP time-signing certificates i. Are these CA or subscriber certs? ii. Is OCSP required for time stamping certificates? and other discussions on validity period and key protection. e. Still working on ballot for subscriber key protection to make sure that all subscribers keys are protected in an HSM. The base is FIPS-140 level 2 and what other equivalents there are. Protection level would ideally be the same on-prem or in the cloud. How do we audit that it has the same protection level? f. Working on ballot for high risk CS requests and how we should be weeding out bad actors and etc. g. Moving to minimum 3072-bit RSA key in June 1 but don't have a list of subscriber tokens that would meet our requirements. Need to get this list to move forward. h. Next meeting will be on Feb 25. 5. SMIME Working Group- Stephen Davidson a. New members: Apple as a certificate consumer and Camerfirma as a certificate issuer. Total count of membership is 42. b. Engaged in discussion for leaf certificate profile and fulfilling the basic confirmations for certificates and advancing drafting relevant BR sections c. Group will have a greater discussion on frameworks in the f2f meeting, primarily on fields that are discouraged but permitted for S/MIME. d. Group will be reaching to infrastructure group to move to GitHub. 6. F2F 52 a. Only ~50 sign-ups, less than before b. James Burton, who is not a member of the CA/B Forum but was previously an interested party, wants to attend the guest speaker portions. No general objections. c. Mr. Dustin Moody from NIST speaking about Crypto in a post-quantum world. d. Dr. Natalia Stakhanova is a professor at a university in Canada, speaking the story of your cryptographic keys, the source attribution of your keys. e. Agenda is online with open slots available with flexible times if needed. 7. Pending Application update a. AT&T membership- they are reviewing and will get back to Dean 8. Any other business- none. 9. Meeting Adjourned Minutes taken by Karina Sirota -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4916 bytes Desc: not available URL: From jopurvis at cisco.com Wed Mar 3 20:57:06 2021 From: jopurvis at cisco.com (Jos Purvis (jopurvis)) Date: Wed, 3 Mar 2021 20:57:06 +0000 Subject: [cabfpub] Final Minutes of CA/B Forum Meeting Feb 18, 2021 Message-ID: <42CAC51B-19FE-4AE6-804B-4C4E29CF6BE6@cisco.com> Published -- Jos Purvis (jopurvis at cisco.com) .:|:.:|:. cisco systems | Cryptographic Services PGP: 0xFD802FEE07D19105 | Controls and Trust Verification From: Public on behalf of CA/B Forum Public List Reply-To: Dean Coclin , CA/B Forum Public List Date: Wednesday, March 3, 2021 at 2:41 PM To: CA/B Forum Public List Subject: [cabfpub] Final Minutes of CA/B Forum Meeting Feb 18, 2021 Here are the final minutes of the subject meeting: 1. Attendance: Aaron Gable (Let's Encrypt), Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Sebastian Schulz (GlobalSign), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority) 2. Anti-Trust statement read 3. Forum Infrastructure - Ben Wilson gave the update a. Looking at how do a redesign of the website i. Make things easier for people to find ii. Make things categorized by working groups and have the documents page be the key landing page. 4. Code Signing Working group update -Bruce Morton gave the update a. Designated people to take minutes for 3 months ahead b. Finished approving ballot CSWG-07 and now on IPR agreement review through March 5th. c. Considering using the Pandoc versions of the document for the new version of the document. i. Change format to RFC 3637 format before doing Pandoc version d. Discussed OCSP time-signing certificates i. Are these CA or subscriber certs? ii. Is OCSP required for time stamping certificates? and other discussions on validity period and key protection. e. Still working on ballot for subscriber key protection to make sure that all subscribers keys are protected in an HSM. The base is FIPS-140 level 2 and what other equivalents there are. Protection level would ideally be the same on-prem or in the cloud. How do we audit that it has the same protection level? f. Working on ballot for high risk CS requests and how we should be weeding out bad actors and etc. g. Moving to minimum 3072-bit RSA key in June 1 but don't have a list of subscriber tokens that would meet our requirements. Need to get this list to move forward. h. Next meeting will be on Feb 25. 5. SMIME Working Group- Stephen Davidson a. New members: Apple as a certificate consumer and Camerfirma as a certificate issuer. Total count of membership is 42. b. Engaged in discussion for leaf certificate profile and fulfilling the basic confirmations for certificates and advancing drafting relevant BR sections c. Group will have a greater discussion on frameworks in the f2f meeting, primarily on fields that are discouraged but permitted for S/MIME. d. Group will be reaching to infrastructure group to move to GitHub. 6. F2F 52 a. Only ~50 sign-ups, less than before b. James Burton, who is not a member of the CA/B Forum but was previously an interested party, wants to attend the guest speaker portions. No general objections. c. Mr. Dustin Moody from NIST speaking about Crypto in a post-quantum world. d. Dr. Natalia Stakhanova is a professor at a university in Canada, speaking the story of your cryptographic keys, the source attribution of your keys. e. Agenda is online with open slots available with flexible times if needed. 7. Pending Application update a. AT&T membership- they are reviewing and will get back to Dean 8. Any other business- none. 9. Meeting Adjourned Minutes taken by Karina Sirota -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3699 bytes Desc: not available URL: From dean.coclin at digicert.com Sun Mar 14 20:44:12 2021 From: dean.coclin at digicert.com (Dean Coclin) Date: Sun, 14 Mar 2021 20:44:12 +0000 Subject: [cabfpub] Draft CA/Browser Forum agenda - Thursday, March 18, 2021 at 11:30 am Eastern Time Message-ID: Here is the draft CA/B Forum agenda for the teleconference described in the subject of this message. CA/Browser Forum Agenda Time Start(ET) Stop Item Description Presenters 0:02 11:30 11:32 1. Roll Call Dean 0:01 11:32 11:33 2. Read Antitrust Statement 0:01 11:33 11:34 3. Review Agenda 0:01 11:34 11:35 4. Approval of minutes of last call, F2F meeting minutes Dean 0:05 11:35 11:40 5. Forum Infrastructure Subcommittee update Jos 0:05 11:40 11:45 6. Code Signing Certificate Working Group update Bruce 0:05 11:45 11:50 7. S/MIME Certificate Working Group update Stephen 0:05 11:50 11:55 8. Summer Doodle Poll results Dean 0:04 11:55 11:59 9 Any Other Business - pending membership application updates 0:01 11:59 12:00 10. Next call: April 1st Adjourn; F2F Meeting Schedule: * 2021: June - Virtual, October - Minneapolis (OATI) * 2022: Mar-April - TBD, June - [Open], Sept - Berlin -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4916 bytes Desc: not available URL: From dean.coclin at digicert.com Tue Mar 16 12:04:09 2021 From: dean.coclin at digicert.com (Dean Coclin) Date: Tue, 16 Mar 2021 12:04:09 +0000 Subject: [cabfpub] Final CA/Browser Forum agenda - Thursday, March 18, 2021 at 11:30 am Eastern Time Message-ID: Here is the final CA/B Forum agenda for the teleconference described in the subject of this message. CA/Browser Forum Agenda Time Start(ET) Stop Item Description Presenters 0:02 11:30 11:32 1. Roll Call Dean 0:01 11:32 11:33 2. Read Antitrust Statement 0:01 11:33 11:34 3. Review Agenda 0:01 11:34 11:35 4. Approval of minutes of last call, F2F meeting minutes Dean 0:05 11:35 11:40 5. Forum Infrastructure Subcommittee update Jos 0:05 11:40 11:45 6. Code Signing Certificate Working Group update Bruce 0:05 11:45 11:50 7. S/MIME Certificate Working Group update Stephen 0:05 11:50 11:55 8. Summer Doodle Poll results Dean 0:04 11:55 11:59 9 Any Other Business - pending membership application updates 0:01 11:59 12:00 10. Next call: April 1st Adjourn; F2F Meeting Schedule: * 2021: June - Virtual, October - Minneapolis (OATI) * 2022: Mar-April - TBD, June - [Open], Sept - Berlin -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4916 bytes Desc: not available URL: From dean.coclin at digicert.com Tue Mar 30 22:09:10 2021 From: dean.coclin at digicert.com (Dean Coclin) Date: Tue, 30 Mar 2021 22:09:10 +0000 Subject: [cabfpub] Final CA/Browser Forum agenda - Thursday, April 1, 2021 at 11:30 am Eastern Time Message-ID: Here is the Final CA/B Forum agenda for the teleconference described in the subject of this message. CA/Browser Forum Agenda Time Start(ET) Stop Item Description Presenters 0:02 11:30 11:32 1. Roll Call Dean 0:01 11:32 11:33 2. Read Antitrust Statement 0:01 11:33 11:34 3. Review Agenda 0:01 11:34 11:35 4. Approval of minutes of last call and F2F meeting minutes Dean 0:05 11:35 11:40 5. Forum Infrastructure Subcommittee update Jos 0:05 11:40 11:45 6. Code Signing Certificate Working Group update Bruce 0:05 11:45 11:50 7. S/MIME Certificate Working Group update Stephen 0:05 11:50 11:55 8. Reminder of Summer meeting dates Dean 0:04 11:55 11:59 9 Any Other Business - pending membership application updates 0:01 11:59 12:00 10. Next call: April 15th Adjourn; F2F Meeting Schedule: * 2021: June 15-17- Virtual, October - Minneapolis (OATI) * 2022: Mar-April - TBD, June - [Open], Sept - Berlin -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4916 bytes Desc: not available URL: