[cabfpub] Final minutes for the CA/B Forum Teleconference - June 6, 2024

Fri Jun 21 06:57:44 UTC 2024

These are the Final Minutes of the Teleconference described in the 
subject of this message, prepared by Chris Clements.

Meeting Date: 2024-06-06

Attendees:

Aaron Gable - (Let's Encrypt), Aaron Poulsen - (Amazon), Abdul Hakeem 
Putra - (MSC Trustgate Sdn Bhd), Adam Jones - (Microsoft), Andrea 
Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin - 
(Amazon), Chad Dandar - (Cisco Systems), Chris Clements - (Google), 
Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - 
(OATI), Dean Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA), 
Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Enrico 
Entschew - (D-TRUST), Gregory Tomko - (GlobalSign), Inaba Atsushi - 
(GlobalSign), Jaime Hablutzel - (OISTE Foundation), Janet Hines - 
(VikingCloud), Jos Purvis - (Fastly), Mads Henriksveen - (Buypass AS), 
Mahua Chaudhuri - (Microsoft), Marco Schambach - (IdenTrust), Martijn 
Katerbarg - (Sectigo), Michelle Coon - (OATI), Nate Smith - (GoDaddy), 
Nicol So - (CommScope), Nome Huang - (TrustAsia), Paul van Brouwershaven 
- (Entrust), Pedro Fuentes - (OISTE Foundation), Peter Miskovic - 
(Disig), Rebecca Kelly - (SSL.com), Rich Smith - (DigiCert), Rollin Yu - 
(TrustAsia), Ryan Dickson - (Google), Sandy Balzer - (SwissSign), Scott 
Rea - (eMudhra), Sissel Hoel - (Buypass AS), Stephen Davidson - 
(DigiCert), Tadahiko Ito - (SECOM Trust Systems), Tathan Thacker - 
(IdenTrust), Thomas Zermeno - (SSL.com), Tobias Josefowitz - (Opera 
Software AS), Trevoli Ponds-White - (Amazon), Wendy Brown - (US Federal 
PKI Management Authority)

1. Begin Recording - Roll Call

- Dimitris Zacharopoulos opened the meeting.

2. Read note-well

- Dimitris read the note-well. He also included a new note stating the 
“meeting is being recorded”, for anyone who was not previously aware.

- We will use WebEx to capture participant names.

3. Review of Agenda

- The only suggested change was to add discussion of the open question 
on the CA/B Forum list.

4. Approval of minutes from the May 23, 2024 Teleconference (minutes 
were already approved at F2F#62)

- There are no minutes to approve as they were approved at the F2F.

5. Server Certificate Working Group update (Inigo)

- Inigo summarized the four presentations from the F2F. One from Rob 
Stradling from Sectigo regarding linting in the certificate issuance 
pipeline and a tool called pkimetal. We had another presentation from 
SwissSign discussing the complexity of some requirements and additional 
fields that may not be used by the browsers. We also had another 
presentation from Martijn Katerbarg from Sectigo about the differences 
between the TLS BRs and the EVGs regarding DBA. The final presentation 
was from himself and discussed how to release different versions of the 
documents, where they are not done by approval but instead by specific 
dates and gathering all ballots for approval. This is something that 
needs to be checked with the Bylaws. There were also several GitHub 
issues that were discussed.

- Corey provided the Validation Subcommittee update and stated the 
primary discussion was focused on changing the Subcommittee to be a full 
fledged Working Group because there are a lot of cross sharing of 
validation requirements across the Working Groups. No strong consensus 
on that approach and the suggested next step was to create a charter and 
then the group can discuss the merits of the actual concrete change. The 
second agenda topic was a proposed ballot to improve the EVG language 
around registration numbers, but they did not have time to discuss given 
timing constraints of last week.

6. Code Signing Certificate Working Group update (Bruce/Dean)

- Corey stated 6 to 8 different things were covered at the F2F meeting, 
but not in any significant detail. They covered the imported EVGs, 
certificate transparency for code signing, next steps on the deprecation 
of the EV code signing certificates, the ballot about the timestamping 
key protection requirements that recently failed, and discussed 
resurrecting that ballot. Dean stated they also touched on the elections 
for the fall and searching for other candidates that might be interested.

7. S/MIME Certificate Working Group update (Stephen)

- Stephen stated the most important element to highlight is that they 
will be moving forward with a ballot to deprecate the legacy generation 
of S/MIME profiles. Currently the text included has a cease issuance 
date of June 15, 2025. There was also a discussion that there is still 
time to consider an additional ballot if people want to propose 
extending a validity period for certificates that are issued on tokens, 
because the shorter validity period seems to be the biggest sticking 
point for those large issuance communities. If this is something that 
people are interested in then the group can carry it forward as a 
separate effort. The other thing to note is that SMC-07 is currently 
live for voting. This is the ballot that introduces updates to bring the 
S/MIME BRs up to parity with the TLS BR changes that passed recently. It 
also includes a minor clarification relating to the escrow of keys past 
the expiry date of a certificate.

8. NetSec Working Group update (Clint)

- Clint stated they met on Tuesday, where they spent time finalizing 
what they discussed at the F2F. At the F2F they spent time discussing 
NS-3 which is in IPR. They moved on to NS-4 and reached a rough 
consensus around some updates that modify section 4 of the NCSSRs. They 
then went through some of the issues in GitHub and went through a 
backlog of future work items for the NetSec requirements and the NetSec 
Working Group. They assigned a number of those out for people to 
investigate further and bring back to the Working Group. NS-4 is moving 
forward and then they will continue to work on all of the future work 
topic areas and seeing what everybody ends up coming up with as far as 
next step proposals on each of those.

9. Definitions and Glossary Working Group (Tim H.)

- Neither chair was present in today's meeting. Dimitris highlighted 
that at F2F 62 there was a timeblock for this Working Group and during 
this time they confirmed the chair positions. Ben is working on some 
changes to the website to include a section for this group. Martijn 
announced that there is a new GitHub repository.

10. Forum Infrastructure Subcommittee update (Jos)

- Jos stated the group has not met since the F2F meeting so there is not 
much of an update. Martijn has been working on the migration to Google 
groups. He sent an update about the status and upcoming changes and Jos 
encourages everyone to read the message and raise any questions or concerns.

11. Intellectual Property Rights Subcommittee (Ben)

- Ben stated they have started a list using the new Google groups and he 
has sent an initial email. He received some comments on potential 
meeting dates and he still needs to send an official meeting announcement.

12. Bylaws update preparation (Dimitris)

- After the F2F, Dimitris created a couple issues in GitHub. One issue 
includes clarifying that the quorum is measured when tailing the votes. 
Another issue was when we have a conflict between the charter and the 
bylaws, which one takes precedence? Dimitris has assigned this issue to 
Tim H. Dimitris encouraged others to submit issues to him directly or 
add them to the GitHub repository.

13. Any Other Business

- Dimitris summarized the other business topic as a recent question that 
came to the Forum list.

    - Dean provided an overview of the question from someone related to 
banking in Texas. The question was “we seek the opinion of the CA/B 
Forum on this matter. Do you feel the Let's Encrypt policy represents 
the matter correctly?”. Dean drafted a response and tried to be minimal 
in the wording but also trying to be helpful. People have responded to 
that draft and a subsequent draft. We’re at the point now where we can 
go either direction (minimal or more elaborate).

    - Aaron added that although he’s been promoting sharing more 
takedown resources with this individual, he is also okay with the 
minimal approach since this individual has already reviewed the Let’s 
Encrypt FAQ.

    - Dimitris prefers to stick to the CA/B Forum mission and be as 
neutral as possible. He would like to keep the messaging minimal. CAs 
are under the supervision of browsers, but some CAs may also be 
supervised at the national level depending on the jurisdiction.

    - Nicol So agrees with the minimum approach and thinks we should 
clarify the intent of the Forum and that there are other mechanisms. 
Dean suggested the reader may want to know what the other mechanisms 
are. Nicol stated he’s not familiar with takedown services and would 
hesitate to recommend them. Dean clarified that takedown services 
confirm the issue and then communicate with the ISP and convince them to 
take it down. Outcome: go the minimal approach and Dean will distribute 
another draft for review prior to responding to the original requestor.

- Dimitris stated the recording for F2F 62 has been distributed to the 
management list so all minute takers should have it. He will try to work 
on the ether pad minutes next week and migrate them to the wiki. He’s 
also collected a good percentage of the presentations that were shared 
during the F2F but he is still waiting for one or two presentations.

14. Next call: June 20, 2024

15. Adjourn

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20240621/39f7f30f/attachment-0001.html>