CA/Browser Forum
Home » All CA/Browser Forum Posts » 2018-07-12 Server Certificate Working Group Minutes

2018-07-12 Server Certificate Working Group Minutes

Attendees: Arno Fiedler (D-TRUST), Atsushi Inaba (GlobalSign), Ben Wilson (DigiCert), Bruce Morton (Entrust), Cecilia Kam, (GlobalSign), Corey Bonnell (Trustwave),Curt Spann (Apple), Daymion Reynolds (GoDaddy), Dean Coclin (DigiCert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Enrico Entschew (D-TRUST), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Geoff Keating (Apple), Iñigo Barreria (360 Group), Joanna Fox (GoDaddy), Josselin Allemandou (DHIMYOTIS), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Michele Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (Trustcor), Pascal Merlin (DHIMYOTIS),Patrick Tronnier (OATI), Phillip Hallam-Baker (Comodo Security Services), Ramiro Muñoz (AC Camerfirma)Rich Smith (ComodoCA), Romain Delval (DHIMYOTIS), Shelley Brewer (DigiCert),Tim Hollebeek (DigiCert), Tim Shirley (Trustwave), Tomasz Nowak (Opera), Trevoli Ponds-White (Amazon), Virginia Fournier (Apple), Wayne Thayer (Mozilla).

  • Roll Call. The roll call occurred on the previous Forum teleconference.
  • Read Antitrust Statement. Reading of the Antitrust Statement occurred on the previous Forum teleconference.
  • Review Agenda. Agenda was approved.
  • Organization of SCWG, Approval of Initial Members, Associate Members, and Interested Parties. Kirk noted that this was the organizational meeting of the Server Certificate Working Group (SCWG), and the first order of business was to confirm who were Members, Associate Members, and Interested Parties of the SCWG. This would be limited to those who had both signed the IPR Agreement v1.3 and also indicated their participation in SCWG – both are required. Kirk referred to his email dated July 11 that divided potential Members, Associate Members, and Interested Parties into 10 sections – those in Sections A, B, C, and D appeared eligible to participate in the Forum and the SCWG. Kirk asked if there were objections to any of the names listed in Sections A-D, and there were no objections. Therefore, the initial Members, Associate Members, and Interested Parties eligible to participate in the Forum and SCWG under the new governance structure are as follows:
  • CERTIFICATION AUTHORITY MEMBERS:* AC Camerfirma, Actalis, Amazon, ASSECO, Buypass, Certigna, CFCA, Chunghwa Telecom, Comodo CA Ltd., Comsign (Comda), D-Trust, DigiCert, Disig, a.s., E-Tugra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, Izenpe, Kamu Sertifikasyon Merkezi, KPN, Let’s Encrypt, Logius PKIoverheid, Network Solutions, OATI CA, První certifikační autorita, a.s., QuoVadis, Secom Trust Systems, SHECA, SK ID Solutions AS, SSC, SSL.com, TrustCor Systems, Trustwave, TURKTRUST Inc., TWCA, Visa
  • BROWSER MEMBERS:* Apple, Brave, Cisco, Comodo Security Solutions, Inc., Google, Microsoft, Mozilla, Opera Software AS, 360.
  • ASSOCIATE MEMBERS:* ACAB’c, CPA Canada, ETSI (Letter of cooperation), ICANN, tScheme, U.S. Federal PKI Management Authority
  • *INTERESTED PARTIES: ** Individuals: Andrew Ayer, James Burton, Christopher Czajczyc, Arno Fiedler, Benedikt Heintel, Carl Mehner, Eric Mill, Patrick Nohe, Scott Rea, Jonathan Rudenberg, Quirin Scheitle
  • Organizations:* Accredited Conformity Assessment Bodies’ Council (ACAB’C), Certizen, Dark Matter, Electronic Frontier Foundation (EFF), PSW Group GmbH Kirk noted there were other organizations and individuals who had signed the IPR Agreement v1.3 but had not yet indicated they planned to participate in the SCWG, and he would contact them individually. Likewise, there are a small number of prior Members who have not yet signed the IPR Agreement, and they will also be contacted individually. The Forum will use this approved SCWG participation list, plus any changes, to confirm the current Forum membership as well on its July 26 teleconference.
  • Election of SCWG Officers (Chair, Vice Chair) under Bylaw 4.1. The SCWG Charter provides as follows:
  • Initial chairs and contacts*: Chair, Kirk Hall, ; Vice Chair, Ben Wilson, ; terms to run concurrently with their terms as Chair and Vice Chair of the Forum, respectively, unless otherwise voted upon by the Working Group. The Forum’s Governance Change Working Group had met earlier in the week and agreed that the SCWG should follow the current procedures for election of officers as stated in Bylaw 4.1 and used for electing Forum officers. The issue for decision by the SCWG is, what should initial terms for SCWG officer elections be? There are three main choices:
  • a) Random terms, to start from the date of election and continue for 24 months (out of sync with Forum officer terms)
  • b) Terms that are synced with the current officer terms of the Forum, which would be Oct. 22, 2018 through Oct. 21, 2020
  • c) Terms that are synced with the current officer terms of the Forum, but with the terms for both to be realigned to always come after the Fall F2F meeting, such as Nov. 1, 2018 – Oct. 31, 2020.

Tim thought the SCWG officer terms should not be synced with the Forum officer terms. Phillip thought they should be synced, which would make it easier if someone wants to shift from one officer role to another. Virginia said the SCWG should just focus on its own officer terms, and not try to set general rules that would apply to new Chartered Working Groups in the future. Dimitris noted that the SCWG charter does say that the initial SCWG officer terms for Kirk and Ben will “run concurrently with their terms as Chair and Vice Chair of the Forum, respectively”, which suggests terms should be synced. Kirk said he favored synced terms that start November 1 to avoid having the officers change just before the Fall F2F meeting in a given year. Kirk said he will post a Doodle poll offering these three alternatives, and the SCWG members can review poll results and make a decision at their next meeting.

  • Conversion of old Forum “Working Groups” to new SCWG “Subcommittees.” Ballot 206 sunsetted existing Working Groups of the Forum, but allowed new Subcommittees to be created by new Chartered Working Groups, which could cover the same topics. Bylaw 5.3.1(e) provides as follows: (e) CWGs may establish any number of subcommittees within its own Working Group to address any of such CWG’s business (each, a “Subcommittee”). A CWG-created Subcommittee needs to be approved by the CWG itself according to the approval process set forth in the CWG charter, but approval of the Forum is not necessary. Subcommittees must exist under an approved CWG. Kirk noted there were four existing Forum Working Groups, but probably only three were good candidates for becoming Subcommittees of the SCWG:
  • a) Validation Working Group
  • b) Network Security Working Group
  • c) Policy Review Working Group

The Forum’s existing Governance Change Working Group was probably not a good candidate for becoming a SCWG Subcommittee, but instead should probably continue as a Working Group of the Forum to deal with remaining Ballot 206 issues until its expiration on October 3, 2018. The problem is, neither the Bylaws nor the SCWG charter indicate the procedure for creating a new Subcommittee, and Kirk asked for suggestions. Tim thought the SCWG should just create Subcommittees through consensus, which he recalled as the intent of Ballot 206. Ben noted that originally the Forum created Working Groups by consensus, but later started using Ballots to better define the WG scope and its duration. Kirk asked how scope and duration could be defined if Subcommittees were created by consensus only. Ben said Subcommittees could instead be created by SCWG ballot. Wayne said allowing new Subcommittees to be formed just by informal consensus was a new way of doing things – using a ballot would show the SCWG wants people to work on a specific task, whereas consensus alone could mean that any SCWG group can do what they want. Tim thought this problem would not arise, because a Chartered Working Group Chair could help avoid too much informality in creating Subcommittees. Curt asked if Tim was proposing that it would only require the agreement of the CWG Chair to approve creation of a new Subcommittee. Tim said the Chair would have the power but it would require consensus of the SCWG so if a single member objected it wouldn’t happen. Rick said maybe the best course was to require consensus, but if any member objected a Ballot would be required. Tim disagreed, saying that would allow any single member to hold the creation of a new Subcommittee hostage to a single member. Rich said no, the single member couldn’t prevent creation of the Subcommittee, only push it to a Ballot. Dimitris again noted that new Bylaw 5.3.1(e) did not provide for a method for creating Subcommittees, and maybe the Bylaws or Charter should be amended to provide a method, and Wayne agreed. Kirk said he would create a Doodle poll with the options for creating a Subcommittee listed, and the SCWG members can review poll results and make a decision at their next meeting.

  1. SCWG Ballots. Kirk said the Forum’s Governance Change Working Group had met earlier in the week and agreed that the SCWG should follow the current procedures for Ballots as stated in Bylaws 2.3 and 2.4 and as used for Forum Ballots. He suggested the SCWG start a new “SCWG Ballots” page on the wiki under the SCWG tab, and keep track of SCWG Ballots in same manner as Forum Ballots – Ben said he had already created the page. Kirk suggested the SCWG adopt a new numbering system for SCWG Ballots such as Ballot SC1, Ballot SC2, etc. Tim agreed, and said he had already reserved Ballots SC2 and SC3 for certain proposals – Ballot SC1 is effectively reserved for any initial governance-type ballot the SCWG needs.
  2. SCWG Mailing Lists. The Members then discussed how to transition from the Forum’s current Public mailing list to a SCWG mailing list for SCWG matters (the Public list would still be used for Forum matters, and the Management list could probably be used for both the Forum and the SCWG). Different transition plans were discussed, and members agreed we should not simply assume that all current subscribers to the Public list wanted to be on the SCWG list and copy the addresses there – we should instead send each Public list subscriber an automated invitation to subscribe to the new SCWG list if they want to (some current Public list subscribers may no longer have interest in the Forum, and may drop out). Requiring people to specifically subscribe to a new SCWG list will also be a good way to scrub emails from people at Member, Associate Member, and Interested Party organizations who are no longer interested. The Members noted that we would still need to make decisions on who could post to the new SCWG list (not just read messages). Ben said it was sometimes hard to tell who could post based on an email address alone, as it might not reflect the name of a Member organization, etc. We may need to ask Members, Associate Members, and Interested Parties for a list of which individuals at their organizations are authorized to post messages. There was agreement that the Forum and SCWG need to come up with a transition plan for mailing lists. Tim said in the interim he planned to cross-post his Ballot messages to the new SCWG list (where not everyone will receive the messages yet) and the Public list.
  3. Application of IPR Agreement v1.3 to SCWG Ballots; Review Procedures. Kirk said at some point the SCWG should review how it will comply with the IPR Agreement v1.3 for SCWG Ballots, as this is a somewhat new procedure for Forum Working Groups, but there was not enough time on this call. Dimitris asked if Kirk had any specific concerns, and Kirk said no. Virginia said the Governance Change Working Group had considered that when revising the IPR Agreement, and thought the procedure should be the same as it had been for the Forum.
  4. Any Other Business. There was no other business. Kirk thanked the Governance Change Working Group members for their two years of hard work leading to creation of the SCWG, and congratulated the Members on this successful organizational meeting.
  5. Next call: July 26, 2018 at 11:00 am Eastern upon adjournment of Forum teleconference
  6. Adjourn
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).