[cabfpub] Final Minutes of CA/Browser Forum Meeting - February 2, 2023

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Feb 16 16:26:26 UTC 2023


These are the Final Minutes of the Teleconference described in the 
subject of this message,

===============================

*Meeting of the CA/Browser Forum*

*February 2, 2023*

*Attendance*: Aaron Poulsen - (Amazon), Adam Jones - (Microsoft), Amanda 
Mendieta - (Apple), Andrea Holland - (SecureTrust), Ben Wilson - 
(Mozilla), Bruce Morton - (Entrust), Chad Ehlers - (IdenTrust), Chris 
Clements - (Google), Chris Kemmerer - (SSL.com), Clint Wilson - (Apple), 
Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), Daryn Wright - 
(GoDaddy), Dean Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA), 
Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Enrico 
Entschew - (D-TRUST), Fumi Yoneda - (Japan Registry Services), Inaba 
Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Janet Hines - 
(SecureTrust), Joanna Fox - (TrustCor Systems), Johnny Reading - 
(GoDaddy), Jos Purvis - (Fastly), Karina Sirota - (Microsoft), Kiran 
Tummala - (Microsoft), Marcelo Silva - (Visa), Martijn Katerbarg - 
(Sectigo), Michelle Coon - (OATI), Nargis Mannan - (SecureTrust), Paul 
van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE Foundation), Peter 
Miskovic - (Disig), Rebecca Kelley - (Apple), Ryan Dickson - (Google), 
Sissel Hoel - (Buypass AS), Stephen Davidson - (DigiCert), Steven Deitte 
- (GoDaddy), Steve Topletz - (Cisco Systems), Tadahiko Ito - (SECOM 
Trust Systems), Thomas Zermeno - (SSL.com), Tim Hollebeek - (DigiCert), 
Tobias Josefowitz - (Opera Software AS), Trevoli Ponds-White - (Amazon), 
Wayne Thayer - (Fastly), Wendy Brown - (US Federal PKI Management 
Authority), Yoshiro Yoneya - (Japan Registry Services).


*Antitrust Statement* read by Dimitris Zacharopoulos.

*Review of Agenda:*  There were no additions.

*Approval of Minutes* from Last Call of January 19, 2023:  minutes were 
approved.

*Next minute-taker* – Chris Clements (February 16, 2023)

*Forum Infrastructure Subcommittee update *– Moving away from the 
existing wiki and replace with a system called bookstack. Would like to 
move the existing wiki to read only starting today, but it may be down 
for a week. Since we are in the signup phase for the next F2F it was 
decided to postpone the wiki change until after the F2F. Would like the 
wiki back or available to do the minutes after the F2F.

*Code Signing Certificate Working Group update* – Working on 3 ballots. 
One to change revocation requirements when suspect code is signed. 
Second is updating signing service requirements. Third is to remove call 
outs to SSL BRs, by including the same text or rationalizing the text to 
make sense for code signing. Hoping to have these closed in the next few 
months.

*S/MIME Certificate Working Group update* – Planning to have WebTrust 
draft by the next F2F. There has been a meeting of ETSI working on ETSI 
auditable plan for their next F2F in May. CAA may be extended to S/MIME 
based on an Internet draft written by Corey. Would probably have an 
effective date in 2024. Discussed whether existing issuing CAs can be 
used or do new issuing CAs need to be created to meet the S/MIME BR 
requirements. There was consensus that existing issuing CAs could be 
used if they meet the S/MIME BRs. There was discussion of methods 
available for Enterprise RAs to validate email addresses. Waiting to 
hear confirmation back from certificate consumers about adopting the 
S/MIME BRs. We understand the Mozilla community is kicking off an 
inclusion discussion.

*Network Security Working Group update* – New meeting invite available 
on the wiki or from Clint. Currently working on introductory paragraphs 
to define desired outcomes of the sections and implementations.

*Bylaw Changes *– Dimitris and Tim Hollebeek working on updates to 
bylaws. For example removing of reading anti-trust statement at before 
each meeting. According to the existing Bylaws, the meeting we are 
having right now is defined as a Teleconference and the antitrust 
statement only needs to be read at the face to face meetings. There 
should be a short statement read at the beginning of the Teleconference 
and F2F meetings. There may be some members with antitrust issues in 
there jurisdictions which they need to work through. It was suggested 
that it would be of benefit to those with antitrust issues to have the 
Bylaws changed. It was agreed that we would read a message similar to 
this starting at the next meeting, “All participants are reminded that 
they must comply with the CA/Browser Forum anti-trust policy, code of 
conduct, and intellectual property rights agreement. Please contact the 
chair with any comments or concerns about these policies.”

*F2F58 Draft Agenda *– We need to get the agenda finalized. Expect WG 
chairs to finalize their agendas. Looking for input from Browsers and 
Auditors for the time required. Everyone was asked to please register 
for the next F2F. It was agreed that the Browsers time has appeared to 
be too short, so the normal 10 minutes each was changed to 15 minutes 
each. S/MIME BR Chair will ask if there are any interest of presentation 
by the S/MIME certificate consumers.

*Lessons Learned SC60 *– Issue of ballot failing for a company that 
qualified and met the requirements. Do we need to add anything else in 
the membership application? Updates to clarify the requirements for 
voting in new members – charter or the bylaws. What do we do if the 
membership ballot fails? When can the applicant apply again? Do ballot 
proposers need to publish ballot results? Disappointed there was no 
ballot discussion, since there could have been an argument that the 
applicant did not meet the requirements. There was some disagreement 
about the ballot question. It was argued that a ballot failing is an 
acceptable outcome of a vote. Tim stated the question “What’s the point 
of having membership criteria if we arbitrarily reject people who meet 
the membership criteria?” Plan to discuss at the next F2F. The 
application process should not imply that a new applicant will be a new 
member. It was stated that we should not be making assumptions when we 
do not have enough information. Tobias wanted to voice his disagreement 
about the interpretation of the charter; he stated that we need to work 
to the charter and not bring in any other notions. Tobias is willing to 
propose a ballot to change the charter so the a future application from 
the same applicant can not be accepted for a year and the reasons for 
failing are no longer present. Tim H. is concerned that there will be 
many assumptions externally from the Forum, which could hurt the 
reputation, so we next to explain what happened to a broader audience.

*Any other business: *None

*Next Meeting:*  February 16, 2023

*Meeting adjourned.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20230216/0736a55d/attachment.html>


More information about the Public mailing list