CA/Browser Forum
Home » All CA/Browser Forum Posts » 2018-11-01 Minutes of the Server Certificate Working Group

2018-11-01 Minutes of the Server Certificate Working Group

Attendees (in alphabetical order)

Ben Wilson (Digicert), Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Geoff Keating (Apple), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom Co. Ltd.), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Ryan Sleevi (Google), Shelley Brewer (Digicert), Tim Callan (Comodo CA –> Sectigo), Tim Shirley (Trustwave), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Chair read the Antitrust Statement.

3. Review Agenda

Today’s Agenda was approved.

4. Approval of Minutes of previous teleconference

The minutes of CABF F2F Meeting 45 of Oct 17-18, 2018 were not approved because of missing minutes. We kindly ask the remaining minute takers to publish their minutes to the wiki or contact the Chair if there is a problem.

5. Follow-up items from SCWG F2F meeting

None.

6. Validation Subcommittee Update

The Subcommittee continued the discussion about the limitation of validation methods via CAA, considered the result of the discussion at the F2F meeting that there is not a lot of interest and decided to drop this work item. Another discussion item was BGP hijacking. Tim H. would raise the issue in IETF because the CA/B Forum can’t make any meaningful progress on that subject. The Subcommittee is also preparing some ballots:

  • The voting for the underscore ballot (SC12) will be initiated tomorrow night.
  • Ballot for removing “any other method” for IP address is under way
  • SC4 ballot going forward, which allows adding an email address for Domain Validation in DNS TXT or CAA records. Tim’s decision is to propose that both CAA and TXT is supported.

Finally, the Subcommittee discussed about possible improvements for Method 6, website control, and that’s the next item the Subcommittee will focus on.

7. NetSec Subcommittee Update

A Doodle poll was sent out to decide when the best meeting date/time is. Ben will check the results of that poll.

8. Ballot Status

Ballots in Discussion Period

  • Ballot SC4 version 5: CAA Contact Property and Associated E-mail Validation Method (Tim) - Tim was not on the call to discuss this ballot.
  • Ballot SC12 – Underscores, DNSNames, and SRVNames (Wayne) - This ballot was discussed during the Validation Subcommittee update.

Ballots in Voting Period

None.

Ballots in IP Review Period

None.

Draft Ballots under Consideration

None.

9. Any Other Business

Pending question in the questions list Kirk reminded the participants that we have a pending question to respond to in the questions list. Dean said that he needs some more help with a reply. He will draft a response and send it to Ryan for comments before proceeding.

Comodo CA changing to SECTIGO Dimitris mentioned that Comodo CA has changed its name to Sectigo and asked for comments from Comodo representatives. Tim Callan from Sectigo responded and informed the group about the new name and that the primary motivation was to avoid market confusion. He mentioned that it also helps the market to know that this is a different company, different ownership, different philosophy. Dimitris proposed that if the Bylaws don’t specify how to handle a Member changing its name, we should ask Sectigo to sign the IPR agreement under their new name. Kirk agreed that we probably need a new IPR agreement. Tim Callan gave us his email address so we can contact him for details about the IPR agreement.

10. Next call

November 15, 2018 at 11:00 am Eastern Time.

11. Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).