CA/Browser Forum
Home » All CA/Browser Forum Posts » 2018-12-13 Minutes for Server Certificate Working Group Teleconference

2018-12-13 Minutes for Server Certificate Working Group Teleconference

Attendees (in alphabetical order)

Anna Weinberg (Apple), Ben Wilson (Digicert), Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Daymion Reynolds (GoDaddy), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Janet Hines (Trustwave), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Geoff Keating (Apple), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Iñigo Barreira (360 Browser), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Kirk Hall (Entrust Datacard), Mads Henriksveen (Buypass AS), Mahmud Khair (Trustwave), Marcelo Silva (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (Trustwave), Peter Miskovic (Disig), Robin Alden (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tim Shirley (Trustwave), Tomasz Nowak (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Chair played back the Antitrust Statement.

3. Review Agenda

Today’s Agenda was approved.

4. Approval of Minutes of previous teleconference

The minutes of November 29, 2018 teleconference were approved and will be posted to the Public list and the Public web site.

5. Validation Subcommittee Update

Ben gave the update as he was taking minutes for the last VSC meeting but didn’t have time to compile and send the minutes to the validation SC. He briefly mentioned that the Subcommittee discussed ballot SC13 and the email addresses presented in CAA and TXT DNS records. The organizationIdentifier field requested to be allowed in EV Certificates was also discussed. Nick Pope also participated on that call.

6. NetSec Subcommittee Update

Ben reported that the NetSec Subcommittee met and discussed several topics starting with the Charter. The SC discussed what would be considered minimum standards and what would be considered best practices. The previous work related to Root CA Management Systems was also discussed to see if it this approach can be expanded to other systems. Identifying the scope of work in terms of details was also mentioned, for example details related the supply chain threats or USB sticks being used, etc.

It was also suggested that we go though the variety of types of risks, rank them and see the highest risks (threat, likelihood, potential damage).

There was concern if we should divide layers for Root CAs vs other CAs vs aspects of the system and whether that would be confusing. That work would be reported back to the SCWG, but it might take a while. The SC also plans on starting to build a threat model

7. Ballot Status

Ballots in Discussion Period

Ballot SC13: CAA Contact Property and Associated E-mail Validation Methods (Tim H.) Tim will probably start the voting period on Monday Dec 17th.

Ballots in Review Period None

Draft Ballots under Consideration

Removing “any other method” for IP address (Tim H.) No comments were made.

Improvements for Method 6, website control (Tim H.) No comments were made.

8. Any Other Business

None.

9. Next call

January 10, 2019 at 11:00 am Eastern Time.

Adjourned

Latest releases
Server Certificate Requirements
SC-081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods - May 21, 2025

BR v2.1.5

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.9 - Ballot SMC011 - May 14, 2025

This ballot allows the option to use a European Unique Identifier (EUID) as a Registration Reference in the NTR Registration Scheme. The EUID uniquely identifies officially-registered organizations, Legal Entities, and branch offices within the European Union or the European Economic Area. The EUID is specified in chapter 9 of the Annex contained in the Implementing Regulation (EU) 2021/1042 which describes rules for the application of Directive (EU) 2017/1132 “relating to certain aspects of company law (codification)”. The ballot also includes several editorial corrections, (e.g., reordering of References and regrouping of information from Appendix A to Section 7.1.4.2.2 (d)). This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Adrian Mueller (SwissSign) and Adriano Santoni (Actalis).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).