[cabfpub] Final Minutes of CA/Browser Forum Meeting January 4, 2024

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Feb 15 17:15:01 UTC 2024 

These are the Final Minutes of the Teleconference described in the 
subject of this message, prepared by Kiran Tummala (Microsoft).


      1. Roll Call

Aaron Gable - (Let's Encrypt), Adam Jones - (Microsoft), Andrea Holland 
- (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Cade 
Cairns - (Google), Chris Clements - (Google), Christophe Bonjean - 
(GlobalSign), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey 
Rasmussen - (OATI), David Kluge - (Google), Dean Coclin - (DigiCert), 
Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin 
Hollenback - (Microsoft), Enrico Entschew - (D-TRUST), Inaba Atsushi - 
(GlobalSign), Johnny Reading - (GoDaddy), Karina Sirota - (Microsoft), 
Kiran Tummala - (Microsoft), Lucy Buecking - (IdenTrust), Lynn Jeun - 
(Visa), Mads Henriksveen - (Buypass AS), Marcelo Silva - (Visa), Marco 
Schambach - (IdenTrust), Mark Nelson - (IdenTrust), Martijn Katerbarg - 
(Sectigo), Michelle Coon - (OATI), Mrugesh Chandarana - (IdenTrust), 
Nargis Mannan - (VikingCloud), Nicol So - (CommScope), Nome Huang - 
(TrustAsia), Paul van Brouwershaven - (Entrust), Peter Miskovic - 
(Disig), Rebecca Kelley - (Apple), Rollin Yu - (TrustAsia), Roman 
Fischer - (SwissSign), Scott Rea - (eMudhra), Stephen Davidson - 
(DigiCert), Steven Deitte - (GoDaddy), Tadahiko Ito - (SECOM Trust 
Systems), Thomas Zermeno - (SSL.com), Tim Hollebeek - (DigiCert), 
Trevoli Ponds-White - (Amazon), Wayne Thayer - (Fastly), Wendy Brown - 
(US Federal PKI Management Authority), Yoshihiko Matsuo - (Japan 
Registry Services).


      2. Read note-well

Dimitris read the note-well


      3. Review of Agenda

Agenda was approved without modifications


      4. Approval of minutes from the December 7, 2023 Teleconference

Minutes were just distributed. They will be considered for approval at 
the next Teleconference


      5. Server Certificate Working Group update

No updates reported.

Validation Committee:

  * Met on Dec 16th.
  * Meeting minutes sent out; discussion on automating EV validation.
  * DNS-based validation method discussed for further automation.


      6. Code Signing Certificate Working Group update

  * Discussed signing service and high-risk check ballot.
  * Two ballots proposed simultaneously: signing service and high-risk
    check.
  * Discussion period ends on Jan 5th.


      7. S/MIME Certificate Working Group update

  * SMC 05 ballot in discussion period introducing CAA for publicly
    trusted S/MIME. Dates for adoption: Feb 15th, 2024, and March 15th,
    2025.
  * New ballot for RFC 9495 implementation.
  * SMC 06 ballot for clarification and corrections.
  * Reviewing language on Organization Identifier in the subject for EV.


      8. Forum Infrastructure Subcommittee update

???


      9. NetSec Working Group update

  * Met on Dec 19th.
  * Timeline for section 4 ballots.
  * Updates on the memorandum of understanding from Cloud Security
    Alliance expected soon.


      10. CSCWG charter update

???


      11. Survey for the separation of Forum and SCWG bi-weekly
      Teleconference

  * Received 21 votes; election closing on Monday.
  * Trustees (Wayne and Martijn) to process votes.


      12. Any Other Business

Dimitris highlighted the need to improve the Guidelines based on public 
incidents, namely incidents in Bugzilla.

  * Identified a recurring theme in several incidents, often stemming
    from a misunderstanding of the requirements.
  * Dimitris emphasized the rarity of deliberate violations and
    highlighted the need to raise awareness within the working groups.
  * Suggested proactively monitoring these incidents to identify
    repeated patterns and failures, with the goal of addressing
    misunderstandings.
  * Advocated for creating issues to facilitate a review and potential
    refinement of the language in those problematic areas.
  * Emphasized the importance of making language more accessible and
    understandable to reduce misunderstandings and potential issues for
    Certification Authorities (CAs).



Next call is January 18, 2024. Meeting adjourned.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20240215/e0049540/attachment.html>

More information about the Public mailing list