CA/Browser Forum
Home » All CA/Browser Forum Posts » 2018-12-13 Minutes for Server Certificate Working Group Teleconference

2018-12-13 Minutes for Server Certificate Working Group Teleconference

Attendees (in alphabetical order)

Anna Weinberg (Apple), Ben Wilson (Digicert), Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Daymion Reynolds (GoDaddy), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Janet Hines (Trustwave), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Geoff Keating (Apple), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Iñigo Barreira (360 Browser), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Kirk Hall (Entrust Datacard), Mads Henriksveen (Buypass AS), Mahmud Khair (Trustwave), Marcelo Silva (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (Trustwave), Peter Miskovic (Disig), Robin Alden (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tim Shirley (Trustwave), Tomasz Nowak (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Chair played back the Antitrust Statement.

3. Review Agenda

Today’s Agenda was approved.

4. Approval of Minutes of previous teleconference

The minutes of November 29, 2018 teleconference were approved and will be posted to the Public list and the Public web site.

5. Validation Subcommittee Update

Ben gave the update as he was taking minutes for the last VSC meeting but didn’t have time to compile and send the minutes to the validation SC. He briefly mentioned that the Subcommittee discussed ballot SC13 and the email addresses presented in CAA and TXT DNS records. The organizationIdentifier field requested to be allowed in EV Certificates was also discussed. Nick Pope also participated on that call.

6. NetSec Subcommittee Update

Ben reported that the NetSec Subcommittee met and discussed several topics starting with the Charter. The SC discussed what would be considered minimum standards and what would be considered best practices. The previous work related to Root CA Management Systems was also discussed to see if it this approach can be expanded to other systems. Identifying the scope of work in terms of details was also mentioned, for example details related the supply chain threats or USB sticks being used, etc.

It was also suggested that we go though the variety of types of risks, rank them and see the highest risks (threat, likelihood, potential damage).

There was concern if we should divide layers for Root CAs vs other CAs vs aspects of the system and whether that would be confusing. That work would be reported back to the SCWG, but it might take a while. The SC also plans on starting to build a threat model

7. Ballot Status

Ballots in Discussion Period

Ballot SC13: CAA Contact Property and Associated E-mail Validation Methods (Tim H.) Tim will probably start the voting period on Monday Dec 17th.

Ballots in Review Period None

Draft Ballots under Consideration

Removing “any other method” for IP address (Tim H.) No comments were made.

Improvements for Method 6, website control (Tim H.) No comments were made.

8. Any Other Business

None.

9. Next call

January 10, 2019 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).