[cabfpub] Draft Agenda for CA-Browser Forum conference call on January 7th

Thu Jan 7 08:28:23 UTC 2016

Some background on the misissuance ballot, before the discussion in the
meeting today.

This proposal has several intended benefits, and publication of
misissued certificates is key to achieving these:
* Openness and transparency benefits the industry at large, in
particular in getting the public to trust it.
* Full details allows researchers to look for patterns and find weak
spots, or tempting targets.
* It allows e.g. browsers to implement targeted protections.
* It allows stakeholders to better understand what happened, and ask
relevant follow-up questions.
* It allows CAs to learn from each other, which will strengthen the
overall industry.
* It gives CAs a real incentive to avoid misissuance.
* It gives subscribers a way to check on CAs past history.
* It gives subscribers an incentive to pick secure CAs over cheap CAs.

The ballot proposal:

2.2.1 Notification of incorrect issuance

In the event that a CA issues a certificate in violation of these
requirements, the CA SHALL publicly disclose a report within one week of
becoming aware of the violation.

public at cabforum.org SHALL be informed about the report. If the CA cannot
post directly, it SHALL inform questions at cabforum.org, and the CA/B
Forum chair SHALL forward to the list.

The report SHALL publicize details about what the error was, what caused
the error, time of issuance and discovery, and public certificates for
all issuer certificates in the trust chain.

The report SHALL publicize the full public certificate, with the
following exception: For certificates issued prior to 01-Mar-16 the
report MAY truncate Subject Distinguished Name fields and subjectAltName
extension values to the registerable domain name.

The report SHALL be made available to the CAs Qualified Auditor for the
next Audit Report.

On 06-Jan-16 18:43, Dean Coclin wrote:
> I’ve added one item to the agenda during the former open slot.
> 
> 
> Dean
> 
>  
> 
> *From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org]
> *On Behalf Of *Dean Coclin
> *Sent:* Tuesday, January 05, 2016 10:10 AM
> *To:* CABFPub <public at cabforum.org>
> *Subject:* [cabfpub] Draft Agenda for CA-Browser Forum conference call
> on January 7th
> 
>  
> 
> Here is the agenda for the first Forum call of 2016. We have one open
> slot if someone has anything new to discuss.
> 
>  
> 
> *Note: Please announce yourself when dialing in. This helps in
> documenting attendance when recording is played back later.*
> 
>  
> 
> /Antitrust Statement/: As you know, this meeting includes companies that
> compete against one another. This meeting is intended to discuss
> technical standards related to the provision of existing and new types
> of digital certificates without restricting competition in developing
> and marketing such certificates. This meeting is not intended to share
> competitively-sensitive information among competitors, and therefore all
> participants agree not to discuss or exchange information related to:
> 
> (a)  Pricing policies, pricing formulas, prices or other terms of sale;
> 
> (b)  Costs, cost structures, profit margins,
> 
> (c)   Pending or planned service offerings,
> 
> (d)  Customers, business, or marketing plans; or
> 
> (e)  The allocation of customers, territories, or products in any way.
> 
>  
> 
>  
> 
> * *
> 
> *Here is the proposed agenda:*
> 
> / /
> 
>  
> 
> *Time*
> 
> 	
> 
> *Start(UTC)*
> 
> 	
> 
> *Stop*
> 
> 	
> 
> *Slot*
> 
> 	
> 
> *Description*
> 
> 	
> 
> *Notes / Presenters*
> 
> *(Thur) 7th January 2016*
> 
> 	
> 
>  
> 
> 0:01
> 
> 	
> 
> 16:00
> 
> 	
> 
> 16:01
> 
> 	
> 
> 1
> 
> 	
> 
> *Read Antitrust Statement *
> 
> 	
> 
> Robin
> 
> 0:02
> 
> 	
> 
> 16:01
> 
> 	
> 
> 16:03
> 
> 	
> 
> 2
> 
> 	
> 
> *Roll Call*
> 
> 	
> 
> Dean
> 
> 0:01
> 
> 	
> 
> 16:03
> 
> 	
> 
> 16:04
> 
> 	
> 
> 3
> 
> 	
> 
> *Review Agenda*
> 
> 	
> 
> Dean
> 
> 0:01
> 
> 	
> 
> 16:04
> 
> 	
> 
> 16:05
> 
> 	
> 
> 4
> 
> 	
> 
> *Approve Minutes of 10 Dec 2015*
> 
> 	
> 
> Sent by Dean on Dec 21st
> 
> 0:05
> 
> 	
> 
> 16:05
> 
> 	
> 
> 16:10
> 
> 	
> 
> 5
> 
> 	
> 
> *Upcoming Policy WG Ballots*
> 
> 	
> 
> Ben
> 
> 0:15
> 
> 	
> 
> 16:10
> 
> 	
> 
> 16:25
> 
> 	
> 
> 6
> 
> 	
> 
> *Any further discussion on LV certs?*
> 
> 	
> 
> Jeremy and potential guest speaker
> 
> 0:10
> 
> 	
> 
> 16:25
> 
> 	
> 
> 16:35
> 
> 	
> 
> 7
> 
> 	
> 
> *Proposed “Mis-issuance” Ballot from Opera*
> 
> 	
> 
> Sigbjorn
> 
> 0:05
> 
> 	
> 
> 16:35
> 
> 	
> 
> 16:40
> 
> 	
> 
> 8
> 
> 	
> 
> *Discussion of “generic names” as mentioned in BR 7.1.2.2.h*
> 
> 	
> 
> *Dean*
> 
> 0:05
> 
> 	
> 
> 16:40
> 
> 	
> 
> 16:45
> 
> 	
> 
> 9
> 
> 	
> 
> *PAG Status? and upcoming ballot*
> 
> 	
> 
> Ben
> 
> 0:05
> 
> 	
> 
> 16:45
> 
> 	
> 
> 16:50
> 
> 	
> 
> 10
> 
> 	
> 
> *Validation Working Group* *Status Update and proposed ballots*
> 
> 	
> 
> Jeremy/Kirk
> 
> 0:02
> 
> 	
> 
> 16:50
> 
> 	
> 
> 16:52
> 
> 	
> 
> 11
> 
> 	
> 
> *Code Signing Working Group* *Status: Ballot results and next steps*
> 
> 	
> 
> Dean
> 
> 0:02
> 
> 	
> 
> 16:52
> 
> 	
> 
> 16:54
> 
> 	
> 
> 12
> 
> 	
> 
> *Policy Review Working Group Status Update*
> 
> 	
> 
> Ben
> 
> 0:02
> 
> 	
> 
> 16:54
> 
> 	
> 
> 16:56
> 
> 	
> 
> 13
> 
> 	
> 
> *Information Sharing Working Group Update*
> 
> 	
> 
> Ben
> 
> 0:03
> 
> 	
> 
> 16:56
> 
> 	
> 
> 16:59
> 
> 	
> 
> 14
> 
> 	
> 
> *Any Other Business – Bilbao date adjustment, update on Feb F2F meeting*
> 
> 	
> 
> Dean
> 
> 0:00
> 
> 	
> 
> 17:00
> 
> 	
> 
> 17:00
> 
> 	
> 
> 15
> 
> 	
> 
> *Next teleconference scheduled for Jan 21st.  *
> 
> 	
> 
> 0:00
> 
> 	
> 
> 17:00
> 
> 	
> 
> 17:00
> 
> 	
> 
> 16
> 
> 	
> 
> *Adjourn*
> 
> 	
> 
> 
>  
> 
> 
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> 

-- 
Sigbjørn Vik
Opera Software