CA/Browser Forum
Home » All CA/Browser Forum Posts » 2018-08-23 Minutes of Server Certificate Working Group Teleconference

2018-08-23 Minutes of Server Certificate Working Group Teleconference

Attendees: Atsushi Inaba (GlobalSign), Ben Wilson (DigiCert), Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Corey Bonnell (Trustwave), Daymion Reynolds (GoDaddy), Dean Coclin (DigiCert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Frank Corday (Trustwave), Geoff Keating (Apple), India Donald (FPKI), Jeff Ward (BDO/WebTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco), Ken Myers (FPKI), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (BuyPass), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (Trustcor), Patrick Tronnier (OATI), Peter Miškovič (Disig), Rich Smith (ComodoCA), Ryan Sleevi (Google), Shelley Brewer (DigiCert), Tim Shirley (Trustwave), Tomasz Nowak (Opera), Trevoli Ponds-White (Amazon), and Wayne Thayer (Mozilla).

  1. Roll Call. The roll call occurred on the preceding Forum teleconference.
  2. Read Antitrust Statement. Reading of the Antitrust Statement occurred on the preceding Forum teleconference.
  3. Review Agenda. Agenda was approved.
  4. Approval of Minutes of teleconference of August 9, 2018. The Minutes were approved and will be posted to the Public list.
  5. Members and Associate Members are reminded to list all representatives (names and email addresses) on wiki or access and email posting privileges will be removed.
  6. Close of nomination period for SCWG Chair. Nominees are listed here –https://frozen.cabforum.org/Officer%20Elections. Discussion period runs through August 30 and then the voting period is August 30 through Sept. 6.
  7. Start of nomination period for SCWG Vice Chair. Period runs through Sept. 6. Nominees can be submitted here –https://frozen.cabforum.org/Officer%20Elections.
  8. Admission of Sony. Discussion postponed until full application packet has been received.
  9. Status of SCWG Ballots to create Subcommittees (Validation, NetSec, Certificate Policy/Policy Review). Dimitris said that status hasn’t really changed since our last call. Notes about the Validation and Network Security committees have been circulated in the past. There was some discussion on a previous call and on the list to add more concrete information about the proposed groups’ deliverables. However, we haven’t focused on describing those future efforts very well yet.
  10. Creation of New Working Groups. It was pointed out that this was not a Server Certificate WG issue. This item was tabled for Forum members to work on and discuss at large (and to be added as a topic to the Forum’s agenda in two weeks).
  11. Ballot Status.

SC4 – CAA Contact Property. No comments were made.

SC5 – Phone Validation. Doug mentioned that last Friday he sent out a pre-draft draft of SC5 language to address phone transfers and communications left on voicemail and how those should be handled. He would like any comments or suggestions. He has been waiting for the CAA ballot to work its way through a bit more so that we can get some language about contact information formatted correctly, which the phone validation ballot will leverage. Ben asked whether passage of the ballot would result in renumbering of the method in 3.2.2.4 to subsection 13 or whether it would be a clarification of the method 3? Doug noted that it is a manual procedure that CAs do, but if CAs are able to implement this during the IPR review period, then it’s not an issue. However, if CAs need time to change procedures and implement new methods for handling voicemails, transfers, etc., and if CAs need an effective date that’s later, then we may need to renumber the method. Doug would like comments on this issue, too.

SC6 – Revocation Time Extension. Wayne circulated a link to a version with revisions received thus far. He appreciates the feedback and encourages more people to provide comment within the next day or so because he will be starting a version 2 of the ballot and continue the discussion period and take it to a vote.

Ballots under Consideration / Updates from Validation Subcommittee

Validation Methods in new Certificate Extension. Wayne said that we have come up with a solution to encode the validation method in a bit string, but we’d like to have the section 3.2.2.5 IP validation methods updated prior to going forward with this ballot. (See next)

IP Address Validation – Remove Any Other Method. Tim has revised the IP address validation ballot on GitHub a few days ago and Wayne has commented on it. Wayne would like others to provide comments, too. Once any other method is removed from this section he’ll move forward with the Validation Methods in new Certificate Extension ballot (see above).

  1. Any Other Business. None.

  2. Next call: September 6, 2018 at 11:00 am Eastern Time.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).