[cabfpub] Final Minutes of CA/Browser Forum Meeting - February 2, 2023
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Thu Feb 16 16:26:26 UTC 2023
These are the Final Minutes of the Teleconference described in the
subject of this message,
===============================
*Meeting of the CA/Browser Forum*
*February 2, 2023*
*Attendance*: Aaron Poulsen - (Amazon), Adam Jones - (Microsoft), Amanda
Mendieta - (Apple), Andrea Holland - (SecureTrust), Ben Wilson -
(Mozilla), Bruce Morton - (Entrust), Chad Ehlers - (IdenTrust), Chris
Clements - (Google), Chris Kemmerer - (SSL.com), Clint Wilson - (Apple),
Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), Daryn Wright -
(GoDaddy), Dean Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA),
Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Enrico
Entschew - (D-TRUST), Fumi Yoneda - (Japan Registry Services), Inaba
Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Janet Hines -
(SecureTrust), Joanna Fox - (TrustCor Systems), Johnny Reading -
(GoDaddy), Jos Purvis - (Fastly), Karina Sirota - (Microsoft), Kiran
Tummala - (Microsoft), Marcelo Silva - (Visa), Martijn Katerbarg -
(Sectigo), Michelle Coon - (OATI), Nargis Mannan - (SecureTrust), Paul
van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE Foundation), Peter
Miskovic - (Disig), Rebecca Kelley - (Apple), Ryan Dickson - (Google),
Sissel Hoel - (Buypass AS), Stephen Davidson - (DigiCert), Steven Deitte
- (GoDaddy), Steve Topletz - (Cisco Systems), Tadahiko Ito - (SECOM
Trust Systems), Thomas Zermeno - (SSL.com), Tim Hollebeek - (DigiCert),
Tobias Josefowitz - (Opera Software AS), Trevoli Ponds-White - (Amazon),
Wayne Thayer - (Fastly), Wendy Brown - (US Federal PKI Management
Authority), Yoshiro Yoneya - (Japan Registry Services).
*Antitrust Statement* read by Dimitris Zacharopoulos.
*Review of Agenda:* There were no additions.
*Approval of Minutes* from Last Call of January 19, 2023: minutes were
approved.
*Next minute-taker* – Chris Clements (February 16, 2023)
*Forum Infrastructure Subcommittee update *– Moving away from the
existing wiki and replace with a system called bookstack. Would like to
move the existing wiki to read only starting today, but it may be down
for a week. Since we are in the signup phase for the next F2F it was
decided to postpone the wiki change until after the F2F. Would like the
wiki back or available to do the minutes after the F2F.
*Code Signing Certificate Working Group update* – Working on 3 ballots.
One to change revocation requirements when suspect code is signed.
Second is updating signing service requirements. Third is to remove call
outs to SSL BRs, by including the same text or rationalizing the text to
make sense for code signing. Hoping to have these closed in the next few
months.
*S/MIME Certificate Working Group update* – Planning to have WebTrust
draft by the next F2F. There has been a meeting of ETSI working on ETSI
auditable plan for their next F2F in May. CAA may be extended to S/MIME
based on an Internet draft written by Corey. Would probably have an
effective date in 2024. Discussed whether existing issuing CAs can be
used or do new issuing CAs need to be created to meet the S/MIME BR
requirements. There was consensus that existing issuing CAs could be
used if they meet the S/MIME BRs. There was discussion of methods
available for Enterprise RAs to validate email addresses. Waiting to
hear confirmation back from certificate consumers about adopting the
S/MIME BRs. We understand the Mozilla community is kicking off an
inclusion discussion.
*Network Security Working Group update* – New meeting invite available
on the wiki or from Clint. Currently working on introductory paragraphs
to define desired outcomes of the sections and implementations.
*Bylaw Changes *– Dimitris and Tim Hollebeek working on updates to
bylaws. For example removing of reading anti-trust statement at before
each meeting. According to the existing Bylaws, the meeting we are
having right now is defined as a Teleconference and the antitrust
statement only needs to be read at the face to face meetings. There
should be a short statement read at the beginning of the Teleconference
and F2F meetings. There may be some members with antitrust issues in
there jurisdictions which they need to work through. It was suggested
that it would be of benefit to those with antitrust issues to have the
Bylaws changed. It was agreed that we would read a message similar to
this starting at the next meeting, “All participants are reminded that
they must comply with the CA/Browser Forum anti-trust policy, code of
conduct, and intellectual property rights agreement. Please contact the
chair with any comments or concerns about these policies.”
*F2F58 Draft Agenda *– We need to get the agenda finalized. Expect WG
chairs to finalize their agendas. Looking for input from Browsers and
Auditors for the time required. Everyone was asked to please register
for the next F2F. It was agreed that the Browsers time has appeared to
be too short, so the normal 10 minutes each was changed to 15 minutes
each. S/MIME BR Chair will ask if there are any interest of presentation
by the S/MIME certificate consumers.
*Lessons Learned SC60 *– Issue of ballot failing for a company that
qualified and met the requirements. Do we need to add anything else in
the membership application? Updates to clarify the requirements for
voting in new members – charter or the bylaws. What do we do if the
membership ballot fails? When can the applicant apply again? Do ballot
proposers need to publish ballot results? Disappointed there was no
ballot discussion, since there could have been an argument that the
applicant did not meet the requirements. There was some disagreement
about the ballot question. It was argued that a ballot failing is an
acceptable outcome of a vote. Tim stated the question “What’s the point
of having membership criteria if we arbitrarily reject people who meet
the membership criteria?” Plan to discuss at the next F2F. The
application process should not imply that a new applicant will be a new
member. It was stated that we should not be making assumptions when we
do not have enough information. Tobias wanted to voice his disagreement
about the interpretation of the charter; he stated that we need to work
to the charter and not bring in any other notions. Tobias is willing to
propose a ballot to change the charter so the a future application from
the same applicant can not be accepted for a year and the reasons for
failing are no longer present. Tim H. is concerned that there will be
many assumptions externally from the Forum, which could hurt the
reputation, so we next to explain what happened to a broader audience.
*Any other business: *None
*Next Meeting:* February 16, 2023
*Meeting adjourned.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20230216/0736a55d/attachment.html>
More information about the Public
mailing list