[cabfpub] Final minutes for CA/Browser Forum Teleconference - December 8, 2022
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Mon Jan 9 15:37:27 UTC 2023
These are thefinal minutes of the Teleconference described in the
subject of this message.
*Attendees (in alphabetical order)*
Adam Jones(Microsoft), Andrea Holland(SecureTrust), Atsushi
INABA(GlobalSign), Ben Wilson (Mozilla), Bruce Morton(Entrust), Cassie
L'Heureux(GoDaddy), Chris Clements (Google Chrome), Chris Kemmerer
(SSL.com), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey
Rasmussen(OATI), Daryn Wright(GoDaddy), Dean Coclin (DigiCert), Dimitris
Zacharopoulos (HARICA), Doug Beattie(GlobalSign), Dustin
Hollenback(Microsoft), Enrico Entschew (D-Trust), Fumi Yoneda (Japan
Registry Services), Joanna Fox(TrustCor), Johnny Reading (GoDaddy), Luis
Cervantes(GoDaddy), Lynn Jeun (VISA), Mads Henriksveen(Buypass),
Michelle Coon(OATI), Nargis Mannan (SecureTrust), Paul van
Brouwershaven(Entrust), Peter Miskovic(Disig), Rebecca Kelley (Apple),
Rollin Yu(TrustAsia), Stephen Davidson (DigiCert), Tadahiko Ito(SECOM),
Thomas Zermeno (SSL.com), Tim Hollebeek (DigiCert), Tobias
Josefowitz(Opera), Trevoli Ponds-White(Amazon), Tyler Myers(Godaddy),
Wendy Brown (FPKI), Yoshiro Yoneya(JPRS).
Minutes
*1. Roll call*
The Chair (Dimitris Zacharopoulos) took attendance
*2. Read Antitrust Statement***
The antitrust statement was read
*3. Review Agenda*
Today’s agenda was approved
*4. Approval of minutes of last call and F2F#57*
The minutes of the last call and of the F2F#57 were approved.
*5. Forum Infrastructure Subcommittee update*
Jos Purvis, I couldn't attend today and asked Ben Wilson to give the update:
* The Infrastructure Subcommittee is experimenting with a new wiki
based onBookStack <https://www.bookstackapp.com/>. Jos is working on
a script to import all content from the old wiki. Members can
contact Jos if they would like to test the new wiki.
* There is some work for the website, such as the minutes that need to
be updated to associate them with each of the working groups.
*6. Code Signing Certificate Working Group update***
Bruce Morton gave the update. The working group had a long meeting and
is working on three main items that have not completed yet:
* Updates to the PR for revocation due to a signature on malware
* Still working on updating the signing service item
* Working on a ballot to remove references to the SSL BR
Tim Hollebeek commented that he double checked and that there is no need
for a transition timeline for the signing service to require FIPS 140-2
level 3.
*7. S/MIME Certificate Working Group update***
Stephen Davidson joined late, and Tim Hollebeek agreed to provide the
update.
* The group discussed a proposal to move to a less frequent more
predictable schedule of effective dates. Maybe twice a year but with
the option to have emergency updates. Dimitris Zacharopoulos added
that we will discuss the same topic later in this call.
* Bruce Morton mentioned that the group talked about allowing the QIIS
for just a couple of items to help validate address and the reliable
method of communication. Tim Hollebeek added that there are
definitely some good discussion points there and that he is glad
Bruce spotted this.
* Stephen joined late and adding that some information about CAA has
been shared on the mailing list around the work that is happening in
the LAMPS working group of the IETF.
*8. NetSec Working group report*
Clint Wilson gave the update.
* The group talked about changing the meeting time as there are a few
people that have been unable to attend lately. A straw poll will be
sent out to see if there are people that would attend NetSec
meetings, if it was at a different time, and try to figure out if we
can find a schedule that works to allow us more folks to attend.
* We have been working on the red-lines ballot that Ben Wilson has
been spearheading, and we have spent a fair amount of time on the
fundamentals around offline CAs, powered off CAs, air gapped CAs,
what these different states mean, and what we can expect or should
be able to expect them to mean.
*9. 2022-2024 CA/B Forum Plans - Strategy - Tasks*
Dimitris Zacharopoulos explained that he took a lot of feedback at the
latest face to face meeting and had a couple of meetings with Paul van
Brouwershaven (the vice chair) and other folks to put together a couple
of slides for this call.
The slides can be reviewed here:
* https://cabforum.org/wp-content/uploads/CA_B-Forum-2022-2024.pdf
Dimitris presented the slides; the following items try to cover the
discussions:
* Issues with Bylaws and some of the working group Charters
o Discussion about how we notify people of their obligation to
comply with the forum policies such as the anti-trust statement
and code of conduct.
+ Dean Coclin reminded that we looked into having a splash
screen in WebEx like some other groups have but that our
subscription does not support this.
+ Dimitris suggested that he could show a slide at the
beginning of the meeting, Trevoli Ponds-White reminded that
call-in users would not be able to see this slide. Tim
Hollebeek commented that IETF uses a similar approach.
+ Trevoli suggested that we might also have it in the
description of the agenda item. Tim stated that this is the
only one that he has heard legal object to because nobody
reads meeting invites.
+ Bruce Morton stated that we might all agree but that this
might be a topic for a lawyer to look at.
* Some tasks for the Infrastructure subgroup
o Paul van Brouwershaven states that he had a conversation with
Martijn Katerbarg (wo could not be on the call) about the
management and automation of the ballot process in the new
member tools. Martijn agreed to investigate and estimate the work.
* Define specific release cycles for Guidelines
o Two dates per year (March 15, September 15)
o Emergency guidelines would allow bypassing the 6-moth limit
+ Tim and Trevoli argued that this could be covered in the
ballot and members could vote no if they think it’s not an
emergency. Corey Bonnell and Clint Wilson showed a thumbs up.
+ There was some discussion about a required discussion period
for emergency ballots.
o Paul suggested to look at software release life cycle management
best practices.
o Tim suggested that it would be beneficial if other root programs
align their effective dates with the odd months.
*10. Any other business*
* Dimitris created a minute takers rotation plan for the forum and
server certificates working group like the validation subcommittee.
The group has not shown any objections. Andrea Holland is the next
minute taker on the list.
* Reminder that people should not forget to sign-up for the next
face-to-face meeting in Ottawa, hosted by Entrust from February 28
until March 2, 2023, and is followed by a Post-Quantum Cryptography
from the PKI Consortium on Friday (3 March).
* We are waiting on a confirmation of the dates for the summer
face-to-face meeting hosted by Microsoft.
* The fall 2023 face-to-face meeting is hosted by GlobalSign on
October 11-13.
* It was decided to cancel the December 22 meeting.
*11. Next call*
Jan 5, 2023
*12.Adjourned*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20230109/19ac615b/attachment-0001.html>
More information about the Public
mailing list