[cabfpub] Final Minutes: 2023-08-03 CA/Browser Forum Plenary Teleconference
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Thu Aug 31 16:16:23 UTC 2023
*Attendance*
/Present:/*
*
* Aaron Gable - (Let's Encrypt)
* Aaron Poulsen - (Amazon)
* Adrian Mueller - (SwissSign)
* Andrea Holland - (VikingCloud)
* Brianca Martin - (Amazon)
* Bruce Morton - (Entrust)
* Clint Wilson - (Apple)
* Corey Bonnell - (DigiCert)
* Corey Rasmussen - (OATI)
* Daryn Wright - (GoDaddy)
* David Kluge - (Google)
* Dean Coclin - (DigiCert)
* Dimitris Zacharopoulos - (HARICA)
* Dustin Hollenback - (Microsoft)
* Enrico Entschew - (D-TRUST)
* Fumi Yoneda - (Japan Registry Services)
* Hannah Sokol - (Microsoft)
* Inaba Atsushi - (GlobalSign)
* Inigo Barreira - (Sectigo)
* Joanna Fox - (TrustCor Systems)
* Marco Schambach - (IdenTrust)
* Michelle Coon - (OATI)
* Nargis Mannan - (VikingCloud)
* Nate Smith - (GoDaddy)
* Nome Huang - (TrustAsia Technologies, Inc.)
* Paul van Brouwershaven - (Entrust)
* Pedro Fuentes - (OISTE Foundation)
* Peter Miskovic - (Disig)
* Rollin Yu - (TrustAsia Technologies, Inc.)
* Scott Rea - (eMudhra)
* Stephen Davidson - (DigiCert)
* Tadahiko Ito - (SECOM Trust Systems)
* Thomas Zermeno - (SSL.com)
* Tobias Josefowitz - (Opera Software AS)
* Wayne Thayer - (Fastly)
* Yashwanth TM - (eMudhra)
* Yoshiro Yoneya - (Japan Registry Services)
*1. Introductory**
*
* Dimitris read the roll for the call.
* The Notewell was read by the Chair.
* The agenda for the meeting was reviewed and no changes were made.
* The minutes from the 20 July meeting were approved.
*2. Working Group Updates**
*
*Server Certificate Working Group**
*
Inigo reported they had a standard meeting two weeks ago. They discussed
the open issues and pull requests on GitHub, in particular any items
identified for inclusion in a clean-up ballot. The EV Guidelines have
been converted to RFC3647 format and a pull request has been submitted
to update them in GitHub. Corey reported that there was no Validation
Subcommittee meeting the previous week, so they had no updates to report.
*Code Signing Certificate Working Group**
*
Bruce reported that they had a short meeting: Dimitris' ballot to remove
the SSL Server Cert references from the CSCWG Baseline Requirements has
passed and is now in IPR review. Based on that ballot, Bruce drafted
language that can be used for 3 more ballots in the future, updating the
guidelines to address code-signing services, high-risk requests, and
time-stamping (from the last Face-to-Face meeting). That draft text is
available from Bruce, but he'll need help getting those into GitHub to
get ballots in process. Dean was going to reach out to DigiCert to
follow up on getting a presentation on certificate transparency for
code-signing, but there isn't a status update on that yet. Dimitris
noted some discussions on the code-signing language about aligning
language to be consistent between the TLS Guidelines and the
Code-Signing language, but the group resolved these were actually about
aligning the TLS Guidelines with the Mozilla Root Store policy.
*S/MIME Certificate Working Group**
*
Stephen noted that SMC-03, the Clarifications and Corrections ballot,
emerges from IPR on 11 August (Friday), and encouraged members to review
for IPR conflicts. That should be contemporaneous with the issuance of
the S/MIME BRs on 1 September. Various audit groups have asked to review
the new BR version to update audit criteria. Ben Wilson also posted on
the Mozilla Wiki about the transitions for existing S/MIME issuing CAs:
Mozilla has released their guidance relating to the re-issuance of an
existing CA in order to bring it into compliance with the new S/MIME
BRs. Stephen noted that most CAs are very busy updating themselves into
compliance with the ballots and there have been many questions
requesting clarifications or interpretations of the BR text. He thanked
everyone for their perseverance and patience with the process, and
looked forward to a successful launch of the BRs, and the forthcoming
discussions of S/MIME ballot SMC-62.
*Forum Infrastructure Subcommittee**
*
There was no update from Infrastructure; there was no meeting held prior
to this call.
*Network Security Working Group**
*
David was not on the last call of the NSWG, but was on the Cloud
Services call. He and Dimitris offered from the Cloud Services
subcommittee that they were continuing with a ballot to adopt some
language from the Cloud Security Alliance's (CSA) Cloud Controls Matrix
into the NSWG Requirements, particularly into section 4. They are
preparing a memorandum of understanding with the CSA to sort out
licensing concerns and considerations and whether the two groups might
want to work together further in the future. Dimitris noted that this
was a new process for the Forum: while some language had been adopted
from ETSI in the past, this was the first time we were adopting language
from an entirely-outside organization. He recommended that they prepare
a Forum-level ballot to describe the memorandum and agreement and then
approve that and the language of the NSWG requirements updates, once a
stable draft was ready.
Aaron Poulsen volunteered that he had attended the NSWG meeting and
could provide an update. There's a lot of work going on in cleanup of
the NSRs: Clint has started going through section 1 and intends to
proceed through the whole requirements document to clean up language and
terminology and consolidate requirements. There is some discussion going
about whether to make those changes in an upcoming ballot around section
4 around vulnerability management. Hopefully updates will be presented
on this in the next few weeks. Dimitris noted that Clint had sent out
some proposed red-line changes to various sections of the NSRs, but felt
that more discussion needed to take place before those were ready for
inclusion. Aaron anticipates that the changes and cleanups will likely
fall into a separate ballot to isolate them from the section-4 changes
that are more focused on changes to specific requirements.
*3. Server Certificate Working Group Charter Changes**
*
Dimitris noted that there is a proposal afoot to change the charter of
the Server Certificate Working Group, proposed by Ben Wilson. Ben was
not on the call, so the group opted to move this discussion forward to
the next Plenary call.
*4. Any Other Business**
*
Dimitris said the next Forum call is on 17 August, but he will be unable
to attend. After discussion with Vice-Chair Paul van Brouwershaven,
Dimitris proposed cancelling the next meeting since many people will be
on vacation. The consensus of the group was to cancel the 17 August
meeting and resume on 31 August.
There were no further updates or business; Dimitris closed the meeting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20230831/840ab928/attachment.html>
More information about the Public
mailing list