[cabfpub] Final Minutes of CA/B Forum meeting May 11, 2023

[Dimitris Zacharopoulos (HARICA)]

*Final Minutes of CA/B Forum meeting May 11, 2023*

**

 1. Attendees: Aaron Gable - (Let's Encrypt), Aaron Poulsen - (Amazon),
    Adam Jones - (Microsoft), Ben Wilson - (Mozilla), Brianca Martin -
    (Amazon), Bruce Morton - (Entrust), Chris Clements - (Google), Clint
    Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen -
    (OATI), Daryn Wright - (GoDaddy), David Kluge - (Google), Dean
    Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA), Doug Beattie
    - (GlobalSign), Dustin Hollenback - (Microsoft), Ellie Lu -
    (TrustAsia Technologies, Inc.), Enrico Entschew - (D-TRUST), Fumi
    Yoneda - (Japan Registry Services), Inaba Atsushi - (GlobalSign),
    Inigo Barreira - (Sectigo), Janet Hines - (VikingCloud), Joanna Fox
    - (TrustCor Systems), Jos Purvis - (Fastly), Karina Sirota -
    (Microsoft), Kiran Tummala - (Microsoft), Mads Henriksveen -
    (Buypass AS), Marcelo Silva - (Visa), Marco Schambach - (IdenTrust),
    Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Nargis Mannan
    - (VikingCloud), Nate Smith - (GoDaddy), Paul van Brouwershaven -
    (Entrust), Pedro Fuentes - (OISTE Foundation), Peter Miskovic -
    (Disig), Rebecca Kelley - (Apple), RIch Smith - (DigiCert), Rollin
    Yu - (TrustAsia Technologies, Inc.), Ryan Dickson - (Google),
    Stephen Davidson - (DigiCert), Tadahiko Ito - (SECOM Trust Systems),
    Thomas Zermeno - (SSL.com), Tim Hollebeek - (DigiCert), Tobias
    Josefowitz - (Opera Software AS), Wayne Thayer - (Fastly), Wendy
    Brown - (US Federal PKI Management Authority), Yoshiro Yoneya -
    (Japan Registry Services)
 2. The note-well was read by Paul
 3. No changes to the agenda
 4. Approval of April 27^th minutes: Haven’t been received so can’t be
    approved. Moved to next call
 5. Approval of March 30^th minutes: Approved
 6. SCWG update: A discussion was held on improvements to SC-62 but were
    not concluded. Also discussed was upcoming ballot SC-63 where
    discussions were held on the mailing list. In the validation
    subcommittee, there was a discussion of the ACME issuance workflow
    which spurned a discussion on whether or not one can delegate the
    domain validation to the CA. There was agreement that this should be
    allowed since it fosters automation. Next meeting will discuss how
    this will be tackled in the BRs.  There was also a discussion on
    improvements to EV guidelines around disclosures of QGIS and sources
    that CAs have to provide. There will be a follow-up discussion.
 7. CSCWG update: Finalized discussion on revocation reasons ballot,
    which is now in discussion period. Working on removal of references
    to the SSL BRs, which is getting close to ballot. Discussion on
    proposed topics for F2F meeting also took place.
 8. SMIME WG update: Corey Bonnell gave a presentation on PKI lint which
    DigiCert has created and released as an open source linter, focused
    on ASN.1, which can look at different types of PKI structures.
    Approx 150 lints have been implemented so far, from the SMIME BRs.
    However, it can be expanded to other security frameworks. There is
    an intent to implement the linter for the SC-62 ballot. It’s
    available in github. A discussion around Enterprise RAs also was a
    topic of the meeting and will likely come up in the F2F.
 9. Forum Infrastructure subcommittee: Brief meeting, nothing notable to
    report.
10. Netsec working group: The proposed ballot for updating section 4 of
    the NSRs was discussed in the WG meeting.
11. Bylaws changes: The necessary endorsers are in place and a ballot is
    expected soon. Tim Hollebeek stated he had submitted some changes to
    section 2.5 per the discussion on elections in Berlin and thought
    those could be done at the same time.
12. SCWG Charter update: Ben discussed proposed changes around
    probationary members or associate members (i.e. non-voting members).
    Although this is being discussed in the SCWG, it has to be voted at
    the Forum level. There is language around certificate consumers and
    participation. One proposal is that all members participate 30% in a
    6 month period (orgs, not individuals) and attend 1 F2F meeting in
    the 12 month period.  Another part of the changes is to define the
    criteria for certificate consumers.  A discussion has whittled down
    an initial list of 10 items to 4-5 items. These are detailed in a
    separate mailer and will be brought to the Forum soon. A
    recommendation to have a moratorium on new certificate consumer is
    being proposed (this will be discussed in the SCWG call).
13. F2F Meeting in Redmond: 61 people have registered in-person and 19
    remote.
14. F2F Agenda: A draft agenda is on the wiki. Regarding guest speakers,
    Karina stated that Aneta is confirming the 2 speakers. Signups
    should be closed by May 17^th .
15. Any other business: None
16. Next call May 25^th .
17. Meeting adjourned.

**

*
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20230525/b27ba45b/attachment.html>