Final minutes for the 2025-11-06 Forum Plenary Teleconference

[Dean Coclin]

# Minutes for CA/B Forum Plenary Teleconference 2025-11-06


## Roll call

Aaron Gable (Let's Encrypt), Aaron Poulsen (Amazon), Adam Jones
(Microsoft), Adrian Mueller (SwissSign), Alvin Wang (SHECA), Antti
Backman (Telia Company), Ben Wilson (Mozilla), Chris Clements (Google),
Clint Wilson (Apple), Daryn Wright (Apple), Dean Coclin (DigiCert),
Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin
Hollenback (Apple), Enrico Entschew (D-TRUST), Gurleen Grewal (Google),
Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign),
Jeanette Snook (Visa), Jos Purvis (Fastly), Jun Okura (Cybertrust
Japan), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Lilia
Dubko (CPA Canada/WebTrust), Lucy Buecking (IdenTrust), Luis Cervantes
(SSL.com), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust),
Masaru Sakamoto (Cybertrust Japan), Matthew McPherrin (Let's Encrypt),
Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nargis Mannan
(VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang
(TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig),
Rebecca Kelly (SSL.com), Rollin Yu (TrustAsia), Roman Fischer
(SwissSign), Ryan Dickson (Google), Sean Huang (TWCA), Stephen Davidson
(DigiCert), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker
(IdenTrust), Thomas Zermeno (SSL.com), Tobias Josefowitz (Opera Software
AS), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management
Authority).


## Antitrust statement

The Notewell was read at the server certificate WG.

## Approval of previous meetings

- April 10, 2025 Dean explained that these minutes were not drafted and
the recording has been deleted due to the default retention period
setting. There will be no minutes. Roman proposed to post a message to
the mailing list that there are no minutes, and also on the website.
- September 11, 2025 Approved
- September 25, 2025 Approved

## Server Certificate WG

Dimitris gave an update from the last F2F

- Ben described Mozilla's proposal for updating revocation reason codes.
- Ryan did a presentation about Technically Constrained subCAs and how
rarely they are in the current ecosystem. He proposed removing those
profiles for simplicity.
- Dimitris continued the conversation from the previous F2F meeting
regarding a modified revocation timeline for CP/CPS discrepancies that
are not in violation of the BRs.
- Finally, the WG discussed the upcoming ballots and spent significant
time on the ADN clarification ballot. Several corner cases were
discussed that will be in the minutes for Members to analyze, and then
follow-up discussions can take place on the public mailing list. There
is an alternative proposal by Let's Encrypt to be discussed
https://github.com/cabforum/servercert/pull/627.

Validation Subcommittee
No update.


## Code Signing WG

Tom gave the update.

Nate is still reaching out to Karina regarding OCSP concerns from Microsoft.

WG Members are encouraged to reach out to anti malware vendors for
discussions on certificate information that can assist malware detection.

The WG is also considering replacing the JoI field with an organization
identifier like the LEI or similar.

There is also work regarding PQC code signing.

The group is also considering moving the meeting once every month.

## S/MIME WG

Stephen gave the update

The S/MIME WG has been working on a draft to rely on Mobile Driver's
License for personal identity validation. Soon be bringing a ballot on
that. Could be used in other CABF standards.

A number of ballots pending relating to reduction of Domain vetting in
the TLS BRs. They are incorporated by reference for Enterprise RA and
S/MIME Certificate validations. Discuss if this is a potential issue and
the general sentiment is that it is not an issue. The DNS method is the
most frequently used so no objections raised so far.

## NetSec WG

Met on Tuesday. D-Trust joined as a new member, following up from the
F2F discussed about a summit to re-write the NetSec. Miguel will draft a
proposal to share.

## Definitions and Glossary Working Group

No update

## Forum Infrastructure Subcommittee

No update

## Intellectual Property Rights Subcommittee

No update. It can be removed from the agenda. The subcommittee still has
work to do but will not be meeting.

## Any Other business

### Reduction of F2F frequency

Dean proposed having 2 F2F meetings a year, eliminate the summer meeting
which is closest to the spring meeting. There is a lot of administrative
overhead and preparation work.

Dimitris proposed 2 all-hands meetings but keep the third option for 1
or 2-day meeting on special topics. For example, a NetSec summit or a
SCWG special meeting to work on specific open issues, drafting language
to address issues that are otherwise stale.

For large group meetings, the plan should be announced 6-8 months in
advance. For smaller groups, it would be easier to host with a shorter
notice.

Tom with regards to New York, ask GTS to be the last F2F meeting because
they may have done preparations already. According to Dean, GTS has not
done any preparations and could probably cancel the meeting.

Chris: From a planning perspective, proceed with 2 a year and stand up
summits like in the past.


## Next call
Next scheduled call is on November 10, 2025.

Meeting adjourned.