Final Minutes for CA/Browser Forum Teleconference 8 December 2016
Attendees: Andrew Whalley (Google), Atsushi Inaba (Globalsign), Ben Wilson (Digicertificate), Bruce Morton (Entrust), Christopher Kemmerer (SSL.com), Curt Spann (Apple), Dean Coclin (Symantec), Dimitris Zacharopoulos (Harica), Doug Beattie (Globalsign), Gervase Markham (Mozilla), Jeremy Rowley (Digicertificate), Ken Myers (US PKI), Kirk Hall (Entrust), Li-Chun Chen (Chunghwa Telecom), Peter Bowen (Amazon), Peter Miscovic, (Disig), Rich Smith (Comodo), Rick Andrews (Symantec), Robin Alden (Comodo), Ryan Sleevi (Google), Stephen Davidson (QuoVadis), Steve Medin (Symantec), Tarah Wheeler (Symantec), Wayne Thayer (GoDaddy), Wendy Brown (FPKI).
1 Roll Call
2 Read Antitrust Statement
3 Review Agenda – there were no changes to the Agenda.
4 Approval of Minutes. The following minutes were approved: F2F Meeting Oct. 19-20, 2016, teleconferences of Oct. 27 and Nov. 10, 2016
5 New Interested Party. Kirk noted that Scott Rea (DarkMatter, former DigiCert) is now an Interested Party, and has a pending question to questions@ list. He stated he had provided a private response to Scott, but asked Dean to consider a formal response on behalf of the Forum.
6 Governance Change Working Group update. Results of last call. Dean said the WG continued to discuss whether the CABF should organize as a formal organization. This discussion related in part to ETSI’s requirement that other groups be formal organizations for full collaboration. However, Virginia pointed out that ETSI’s policy also required other groups to have IP policies similar to ETSI’s, which was not true for the Forum. This was a deciding factor in the WG’s decision not to call for incorporation of the CABF. Also, the costs, potential legal liability, etc. from incorporating weigh against that as well.
The WG continued going through the new structure document. There is one more WG meeting this year, after which the WG will circulate the draft to the Forum for comment in January. After that, the next step is to write the Bylaws, but this only makes sense once the WG determines there is support in the Forum for the changes.
7 Validation Working Group update. Results of last call. Jeremy said there are a few items the WG is working on. The WG reviewed two pending ballots, including the CNAME validation ballot and the SRV certificate ballot. The group is also working on an IP address validation ballot, a ballot on the subject information in the BRs and EVGL as to how it’s presented and described, and better ways to describe what are acceptable subject identity verification data bases to be used by CAs. The WG also discussed some of the ambiguities in Ballot 169 on domain validation and how to fix some of the typos – some terms are out of place or not used correctly.
8 Policy Review Working Group update. Results of last call. Ben said the WG is working on a ballot to clarify the use of the word “CA” in the BRs and EVGL, such as the term “issuing CA” – is it being used consistently, does it refer to an organization or to the system that issues the certificate, or both? The term “issuing CA” should probably mean the organization, and so changes may need to be made.
9 Interpretation of 12/31/2016 sunset in BR 7.1.3. Kirk noted the following provision of BR 7.1.3, and said there had been some confusion among CAs on its interpretation, which could be discussed: “CAs MAY continue to sign certificates to verify OCSP responses using SHA1 until 1 January 2017.”
Curt said Peter or Wayne may have mentioned they were creating new long-lived SHA-1 OCSP signing certificates. Peter said Amazon’s understanding of this requirement was that CAs (i.e., roots) could not sign with SHA-1 but that if a CA was using a delegated certificate (off a root) then the CA was not the one signing. Curt asked if that meant for using SHA-1 there had to be a compatibility of clients – did the SHA-1 signing certificate itself have to be SHA-1?
Rick said the spec seemed to say that any new OCSP responder certificates created after Jan. 1, 2017 had to be SHA-2, but SHA-1 certificates created before that date could continue to be used. Wayne agreed with that interpretation, saying the logic for that was that SHA-1 end entity certificates in the wild today won’t be trusted by any modern browsers in 2017, but to the extent SHA-1 certificates continue to be used, they are likely to be used on legacy systems that don’t support SHA-2. There are SHA-1 certificates out there that won’t expire for some time, so it makes sense to provide revocation responses in a format the clients can support. Wayne couldn’t provide a list of such legacy systems, but Windows XP could be one example. Steve noted that code signing certificates might have a lifetime of 10 years after their expiration, which is a case for long-term SHA-1 OCSP signing certificates.
Peter stated the rules had said that as of Dec. 31, 2015 CAs could issue SHA-1 certificates good for up to 39 months, and some did. The question here is can we issue SHA-1 OCSP responses signed in some manner for at least 39 months after the Dec. 31, 2015 cutoff date. Curt said there is a question of the signature on the response being signed by some algorithm, but in addition the certificate that was signing it – what was the signing algorithm on that?
Curt said one of the reasons he brought this up was that if we have OCSP signing certificates that are SHA-1, typically OCSP signing certificates have a “no-check” where you don’t check revocation on them, so basically they are long-lived key pairs that cannot be revoked in a traditional sense. We have to keep in mind protection of those signing keys typically kept online because they can’t be revoked. CAs who plan on creating long-lived signing certificates this month should keep those security issues in mind. Wayne agreed, but noted the current drawn out IPR policy discussion plus the inability to pass new ballots now leaves CAs with no choice but to create long-lived OCSP SHA-1 signing certificates. Peter noted that Microsoft’s rules are already pretty clear – you can continue to sign OCSP responses with SHA-1 signatures as long as the key signing it is a delegated key as opposed to the CA (root) key.
Wayne agreed that Microsoft’s rules entirely permit this, but the BRs don’t. Kirk asked Wayne if he would want to change BR 7.1.3 if he could move forward with a ballot now. Wayne said he had already proposed that in a ballot, which started the current debate. Kirk asked Wayne what his proposed ballot had been, and Wayne said it was to continue to allow CAs to sign SHA-1 OCSP responses with delegated signing certificates, which was discussed at the last F2F meeting.
10 Continuing the discussion on CT – new Mozilla CT policy. [Jeremy made a comment at this point which was related to the CAA ballot proposal, not Mozilla’s CT policy, so his comment has been included in the next section.] Peter noted Gerv had asked for Mozilla’s policy to be discussed on the CT list. Gerv said the policy was still in flux and would be discussed this week at the Mozilla get-together, so nothing should be considered final. Gerv thought the Mozilla CT list was the best place to discuss it. Kirk noted there would be a CT conference in New York that Google would be sponsoring, and asked if there were any details as to dates and location. Gerv said he had received some tentative dates, but suggested people contact Ryan Hurst for details. There are no final dates as yet.
11 Continuing the discussion on CAA. Jeremy asked if Gerv could circulate the CAA ballot proposal one more time for final review, as it seemed it was pretty close to being final. Gerv said his ballot was on the back burner while he deals with the fact that Mozilla is having a big meeting this week. Most of the draft is agreed, the only question is whether there will be any further exceptions related to enterprise accounts. Gerv will decide whether or not to include exceptions for that, and then we’ll see what happens with a vote.
12 IPR Policy Task Force Update. Ben said the Task Force had a call, and he had sent the draft Minutes of the meeting to the Management list, so people should look there for details. The TF is making progress. Dean asked for a verbal summary of where we are. Kirk said he was not on the last call, but his understanding is that a proposal and draft ballot from the TF is coming. Gerv said Virginia is producing a compromise proposal which she has circulated for comment and people are still considering the proposal. Virginia’s proposal has an official vote to go forward before the period of IP review and then a final vote to approve a ballot afterwards.
Jeremy thought Amazon’s attorney Chris on the last call and Virginia were going to get together and try to reconcile the two proposals. Gerv said he thought the version being circulated was the reconciled version, with two votes in it. Jeremy asked when the compromise proposal had been sent. Peter clarified that the last call was the first time his colleague Chris [Amazon’s IP lawyer] had joined to discuss the issue, so he was just going to synch up with Virginia to understand a little more of the background. The last update Peter saw was that Virginia sent around the draft, but he didn’t think Amazon’s counsel had anything to do with the draft.
Gerv said that it appears the compromise is Virginia’s own proposal, and it appears to have gone to some people at Mozilla, Amazon, Google, and Microsoft, so it appears to be a limited circulation to test the water. Gerv has not had a chance to take a look at it. He noted Virginia had written that the sooner the parties could reach agreement, the sooner the Forum could get back to its regular business. Off the top of his head Gerv thought that having two votes 30 days apart was unfortunate, but that could be that’s where we end up.
Ben said as a practical matter, one of the things that came out of the conversation is that we are still going forward with the Ballots 180-182 to try and clean up things. Gerv noted it was up to the sponsor and endorsers of the ballots to withdraw them if they wanted, and they haven’t done so. If people feel the process is not valid and would not solve the IPR problem, the thing they have been told to do is vote no in January, but Gerv had no idea how many people (if any) are thinking about doing that.
13 Ballot Status. Kirk noted the following ballots are underway (Ballots 180-182) or are in the queue waiting to begin:
Ballots 180-182 (Kirk, Virginia, Peter) – Review Period ends 12/31/2016, voting starts 1/1/2017
Ballot 176: BR 188.8.131.52 – CNAME verification (Jeremy)
Ballot 179: BR 6.1.7 – Root signing time stamping certificates (Dimitris)
BR 7.1.3: OCSP responder certificates (Wayne)
BR 184.108.40.206.2 and EVGL 9.2.5 and 9.2.7 (Li-Chun)
SRV names in certificates (Jeremy)
CAA (Gerv) – see prior CAA topic
Reuse of domain validation data after Ballot 169 effective date (Wayne)
Kirk asked if anything should be added to the list. Dimitris said he was wondering how members write ballots that are ready to be distributed to the list, and he found a document on the wiki that lists the balloting process, and this procedure requires members to write the pre-ballot information on the wiki so people can have a look at it during the queuing process. He wondered if the Forum was familiar with this process and had agreed on it. Gerv asked where Dimitris had found the document, and was told on the wiki. Gerv asked for the document to be circulated on the mailing list so it could be reviewed again and we can discuss. Dimitris agreed to do that (and sent the link during the call).
Kirk said he had recommended to Virginia and the IPR Policy Task Force to also come up with a procedure by which members can start new ballots now, so we don’t have to wait until January 7 when voting is complete on Ballots 180-182. Is there some way to start a process for the queued ballots now?
14 Next F2F meetings: Kirk noted again that the next Face to Face meeting was scheduled for 21-23 March 2017 at Research Triangle Park, NC (hosted by Cisco), and reminded members who planned to attend to sign up now on the wiki to help provide a headcount. He noted that Arno Fiedler of D-Trust had asked for confirmation of the dates for the mid-year meeting, 20-23 June 2017 in Berlin. Dean said he would post a Doodle poll on dates in June. Kirk said Arno seemed to want those specific dates, so maybe the poll should just cover that week. Dean said he would check with Arno and then post the poll.
15 Any Other Business. Kirk mentioned that he had participated as CABF Chair in the first day of a two-day meeting called by the WebTrust auditors to discuss new audit guidelines and related issues. Andrew noted that at one point an auditor expressed surprise that a CA had wanted to engage in two period-of-time audits that were exactly abutting if the first audit was a qualified audit [because that meant the second audit would likely also be qualified until the CA was able to remedy the situation causing the qualification of the first audit]. Andrew went on to remind everyone that a continuous audit regime [no gaps] is required, at least by some of the browser programs here.
Gerv said he had a question – it appears the WebTrust auditors had produced a new version of the BR audit guidelines (2.1). The previous BR audit guidelines incorporated BRs version 1.1.6, and the new audit guidelines incorporates BR version 1.4.1. The problem is version 1.4.1 is under an IPR cloud, and also contains the domain validation requirements of Ballot 169 limiting CAs to 10 methods only. BR WebTrust v2.1 also says it applies to audit periods commencing on or after Dec. 1, 2016. Will this pose a problem? Mozilla does not presently require an audit to BR WebTrust v2.1 and Gerv’s present thought is Mozilla will not do so until the IPR status of the domain validation methods which are required to be used by that version of BR WebTrust is properly known. Do the WebTrust auditors see a problem?
Kirk said that was a good question, and he suspected individual WebTrust auditors will have to answer to WebTrust the organization, and so will have to do whatever the organization tells them to do on this matter (e.g., which version of the audit guidelines to follow). Gerv said that could be a problem for CAs that are using “any other method” for domain validation because those will not pass an audit under BR WebTrust version 2.1. Jeremy said the biggest problem could be for people not using the required website “well-known” path for domain validation by posting content on the customer’s webpage if they fail to switch by the deadline; we’ll have to see how the IPR falls out. Peter said the new BR WebTrust criteria do have an Appendix D that says CAs can continue to use the previous domain validation methods until March 1, 2017 (even for BR audits that straddle that date), so we don’t have a break yet, but this becomes an issue for CAs on March 1.
Gerv said that sounds like for this specific section (BR 220.127.116.11) there is a later deadline than Dec. 1, 2016. Gerv said even if we manage to sort out the IPR Policy situation by mid-January, that’s still a short deadline for switching – should we ask the WebTrust people to issue an erratum? Kirk asked what would be in the erratum. Gerv said the erratum would be to change the effective date in Appendix D to something later in the year – that might be the easiest fix.
Ryan though that would be inadvisable, and noted that as discussed at the F2F, these are the only desired methods used after the date of March 1, 2017, and Google’s expectation is that will happen. If some CAs are uncomfortable with some of the domain validation methods because of IP encumbrance, they should transition away from those methods. Ryan would be happy to discuss this with Gerv offline.
Gerv noted all methods could potentially be IP encumbered. Ryan disagreed. Gerv said if we’ve never had the proper IP review, we don’t know for certain, and the whole point for Ballots 180-182 is to try to discover all potential IP encumbrances. Ryan disagreed that was an accurate statement of how we got here or what the risks are. Gerv discussed the content of the three ballots. Ryan said it was the expectation that CAs would review the ten methods of Ballot 169 for what are acceptable methods for domain validation and will adopt one or more of those methods, and that the goal of Ballots 180-182 was so the members of the Forum could operate in a way with no ambiguities. We should avoid any advice that can be misconstrued, but certainly the expectation is that these ten methods are the only ones that will be employed moving forward in March. Gerv asked Ryan to explain why he thought we had both a Ballot 180 and 181, and why we don’t just have a Ballot 181. Rich said he agreed with Gerv’s reasoning. Ryan declined to answer questions about someone else’s ballots.
Gerv asked Ryan if he had constructed the ballots, would there only be a Ballot 181? Or does Ryan believe there’s no reason for a Ballot 181, but no harm in having it? Ryan did not agree with how the question was phrased, but offered to follow up on the list in a more precise manner, but not on this call. Gerv said a follow up on the list would be helpful, but suggested the amount of dancing people are having to do suggests there may be IP questions as to all of the ten domain validation methods until we complete the ballot process. Gerv said he was personally unhappy with requiring CAs to adopt domain validation methods without them knowing their IPR status. Ryan said the IPR status would be unresolved even with the conclusion of Ballot 182 for non-members; because of that it doesn’t make a material difference whether we are discussing members’ IP contributions versus non-member IP contributions because the same due diligence will become necessary by CAs regardless of the methods they employ. Gerv agreed, and said it seems that WebTrust-audited CAs have until March 1 to switch.
Dean said CAs are in a real dilemma trying to figure out what to do, given all the discussion we’ve just heard. Ryan asked what a CA would do if Ballot 182 passes – would a CA work with its IP counsel and do the due diligence to explore the possibility that a non-member of the Forum has IP that might govern – it would seem that that risk would remain the same. The Forum’s IPR Policy only makes statements with respect to a member’s contributions and activities in the Forum; beyond that, you still have the potential of having IP in that space, so whatever method you are employing, you either do your due diligence or you enter into an unknown with whatever reasonable level of risk or assurances you have. So we have information, but whether it’s complete information is part of what Ballot’s 180-182 are attempting to determine with respect to the Forum, but that issue still remains any FUD would not be resolved by Ballot 182 if your concern is potential infringement.
Jeremy noted that if the Forum actually appoints a Patent Advisory Group (PAG) as required by the IPR Policy, it would resolve a lot of the FUD around it because there would be an outside opinion saying whether a domain validation method was or was not infringing – that’s the role of the PAG, and not having the PAG has created the FUD. Ryan said a PAG is an outside opinion and does not resolve it, and CAs will still have to work with their counsel. Jeremy disagreed, saying the PAG outside opinion changes the way damages on infringement work, which significantly affects the risk factor. Ryan said the Forum is not an external party, not an incorporated entity, so a PAG may not reduce the risk. The expectation from Google is that by March the parties will have adopted one of the ten domain validation methods because regardless of whether the scope of the IP is to members or non-members of the Forum, CAs can still do their due diligence and implement one of those ten methods.
Kirk stated that the reason the three ballots were set up the way they were (based on Peter Bowen’s recommendation) was so that Ballot 180 would get everything passed except for domain validation methods under BR 18.104.22.168, Ballot 181 picked the four domain validation methods we think do not have IP claims, and Ballot 182 covers the remaining six domain validations where IP claims were asserted in the past. Assuming Ballots 180 and 181 pass, and Ballot 182 attracts any Exclusion Notices (which is likely), a PAG will be appointed for Ballot 182 and Ballot 182 will not take effect until the PAG finishes its work and the Ballot is approved by a vote of the members.
Kirk said that under both Ballots 180 and 181, the “any other method” for domain validation is still allowed for CAs to use. He guessed that WebTrust will probably take note of that and will probably modify the BR WebTrust audit guidelines to reflect that, and not require the CAs to use just the ten validation methods of Ballot 169. Kirk said that when Ryan mentions an expectation by Google, it should be noted that the BRs by March 1 will still allow “any other method” because of Ballots 180 and 181 changing BR 22.214.171.124 to allow that. It’s only after we have finished with the PAG, the PAG has made a report, and we figure out what to do that we will possibly be back to Ballot 169 and again eliminate the “any other method” domain validation.
Gerv noted there is a difference between what the BRs say and what any particular root program may require on an issue (and Ryan has that option), but it is true that for a small period of time the BRs used to require only the ten validation methods be used starting March 1, but then the BRs no longer require that, and WebTrust has in effect frozen the BRs for that period of time. The Forum may say to WebTrust, “you have frozen the BRs to a moment in time, but there has been this really significant change, can we take note of the fact that there has been this change?”
Peter said that with respect to WebTrust in the past, they have said they do realize they are freezing a specific version of the BRs but auditors have flexibility to realize that the BRs sometimes do move forward faster than the WebTrust criteria, and that a CA may be compliant with the current version even if that causes non-compliance with the version memorialized in the WebTrust criteria – that’s not just for Ballots 180-182, but how the auditors have been treating this for years. Wayne agreed and said that was his understanding. Kirk guessed that this change to BR 126.96.36.199 might be important enough that WebTrust might issue some sort of supplementary guidance to the auditors.
Peter said he had not been aware until this call that WebTrust had been issuing a new revision of the BR WebTrust criteria, and asked if anyone had received a notice on this. Gerv had not been aware. Peter said on the WebTrust website there was a list of drafts of other new criteria, and asked if anyone knew if those drafts had been circulated. Gerv said that maybe the Forum should give feedback to Don Sheehy that communication in this area could be improved. Dean suggested Jeff Ward may be the better contact now as Don is retiring. Peter said there may be new revisions of the WebTrust criteria for the EV Guidelines and Code Signing Guidelines not yet published on the WebTrust website. Kirk said he would ask Don and Jeff to make a presentation on this on the Forum teleconference two weeks from now.
16 Next call on Thursday, Dec. 22, 2016