CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-02-07 Minutes of Server Certificate Working Group Teleconference

2019-02-07 Minutes of Server Certificate Working Group Teleconference

Attendees (in alphabetical order)

Arno Fiedler (D-TRUST), Bruce Morton (Entrust Datacard), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Fotis Loukos (SSL.com), Frank Corday (SecureTrust), Geoff Keating (Apple), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Kirk Hall (Entrust Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Mahmud Khair (SecureTrust), Marcelo Silva (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Sissel Hoel (Buypass AS), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance

2. Read Antitrust Statement

The Antitrust Statement was read

3. Review Agenda

The Agenda was approved.

4. Approval of Minutes of previous teleconference

The minutes of January 24, 2019 teleconference were approved and will be posted to the Public list and the Public web site..

5. Validation Subcommittee Update

The SC started working on method 6 (website control) and discussed whether to refer directly to the “http-01” method that came out of IETF. They also discussed about the TLS ALPN method (coming closer to a ballot) that will replace the highly ambiguous method 10.

The agenda for the F2F 46 meeting was also discussed with a goal to continue the discussions from the Validation Summit last year, since there are still half of the methods that need to be closely reviewed.

6. NetSec Subcommittee Update

Ben was not on the call and other Network Security Subcommittee members did not have something to report.

7. Ballot Status

Ballots in Discussion Period

None

Ballots in Voting Period

Ballot SC7: Update IP Address Validation Methods (Wayne) Wayne asked members to vote for the ballot as voting ends in one day and asked Members to be aware that they must start logging the validation method they use for validating IP addresses, just like they do for Domain validation. Members should be aware of the implications of this ballot and prepare accordingly.

Ballots in Review Period

Ballot SC14: Updated Phone Validation Methods (Doug)

Ballot SC15: Remove Validation Method Number 9 (Doug)

Draft Ballots under Consideration

Improvements for Method 6, website control (Tim H.)No additional comments were made.

8. Any Other Business

None.

9. Next call

February 21, 2019 at 11:00 am Eastern Time.

Adjourned

Latest releases
Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Minutes Server Certificates
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).