CA/Browser Forum
Home » All CA/Browser Forum Posts » 2018-11-15 Minutes of the Server Certificate Working Group

2018-11-15 Minutes of the Server Certificate Working Group

Attendees (in alphabetical order)

Anna Weinberg (Apple), Arno Fiedler (D-TRUST), Ben Wilson (Digicert), Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Geoff Keating (Apple), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Kirk Hall (Entrust Datacard), Leo Grove (SSL.com), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Rich Smith (Sectigo), Robin Alden (Sectigo), Tim Callan (Sectigo), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance

2. Read Antitrust Statement

The Chair asked mr. Robin Alden to read the Antitrust Statement and asked if he could use a recording for future calls. Mr. Alden accepted.

3. Review Agenda

Today’s Agenda was approved.

4. Approval of Minutes of SCWG F2F Meeting of Oct. 17-18, 2018

The minutes were approved and will be posted to the Public web site and a link to those minutes will be posted to the Public mailing list.

5. Approval of Minutes of previous teleconference

The minutes of November 1, 2018 teleconference were approved and will be posted to the Public list and the Public web site.

6. Application of DarkMatter for SCWG Membership

The Application was approved under the “Certificate Issuer” type.

7. Validation Subcommittee Update

Wayne gave the update and informed the group that Ballot SC13 is in the Discussion Period which is almost over, and Tim would probably start the voting soon after. He encouraged Members that have not taken a look at that ballot to do so and make sure they don’t see any issues with it.

He also mentioned about Tim’s ballot to remove “any other method” in IP validation and will proceed similarly to the Domain validation by adding existing methods used by CAs regardless of how secure they think they are. There is some debate about one method a CA has proposed and they are not sure if it is well described to include in the BRs. That’s one of the reasons holding this ballot back. However, he expects this ballot to go forward soon.

Finally, he mentioned about a discussion that is taking place on the mailing list about the organizationIdentifier attribute in the subjectDN field in EV Certificates that was previously discussed in London and Shanghai, where ETSI has a technical standard that includes this identifier in the subjectDN of EV Certificates. There is some ambiguity in the EV Guidelines about whether this is permitted or not. The Validation Subcommittee is trying to decide how to go forward with that in a way that both the technical requirements of the CA/B Forum and hopefully allow ETSI to move forward with their use of that field.

Dimitris asked when the next Validation Subcommittee was scheduled to meet and Wayne replied that it would be December the 6th.

8. Network Security Subcommittee Update

Ben reported that the subcommittee is still looking for a date to schedule bi-weekly meetings. Most promising day is wednesday.

9. Ballot Status

Ballots in Discussion Period

Ballot SC13: CAA Contact Property and Associated E-mail Validation Methods (Tim H.) No comments were made.

Ballots in Voting Period

None

Ballots in Review Period

Ballot SC12 – Sunset of Underscores in dNSNames (Wayne)

Draft Ballots under Consideration

_Removing “any other method” for IP address (Tim H.)

Improvements for Method 6, website control (Tim H.) _ No comments were made.

10. Any Other Business

None.

11. Next call

November 29, 2018 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).