CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-04-18 Minutes of the Server Certificate Working Group

2019-04-18 Minutes of the Server Certificate Working Group

Attendees (in alphabetical order)

Chris Kemmerer (SSL.com), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Frank Corday (SecureTrust), Geoff Keating (Apple), Inaba Atsushi (GlobalSign), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Michael Guenther (SwissSign), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rich Smith (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Shelley Brewer (Digicert), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Timo Schmitt (SwissSign), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Chair took attendance

2. Read Antitrust Statement

The Antitrust Statement was read

3. Review Agenda

The Agenda was approved.

4. Approval of minutes from F2F 46 and previous teleconference

The minutes from the previous teleconference were approved and will be circulated to the public list.

For the F2F 46 minutes, Dimitris sent the majority of the draft minutes for review on April 10th and was posting draft minutes for missing slots as they came in. He sent a final set of draft minutes for review on April 15th, three days before this teleconference. However, some last-minute notes came in minutes before this call.

Dimitris recommended approving the bulk set of minutes and posting those to the public web site with an indication that 2 slots are missing and would be updated once approved.

Google objected to that proposal and explained that the minutes should be approved holistically. Ryan noted that some members already struggle to review the minutes and it would be even harder if they had to review minutes in parts, as they come in. He appreciated the proposal and suggested we discuss this topic in an upcoming F2F and possibly re-examine how we do minutes in F2F meetings.

It was decided that the F2F 46 minutes will be considered for approval at the next scheduled teleconference.

5. Validation Subcommittee Update

Tim H. gave the update. The Validation Subcommittee went through the suggestions made for validation methods that hadn’t been reviewed yet since the Validation Summit. There weren’t any strong suggestions and decided to defer those methods until there is more work that needs to be done on those methods.

The subcommittee will continue discussions on improving two methods; the “http” and the “dns” change method. The EU/EV orgID ballot (SC17) was also discussed and a new version was posted yesterday. Dimitris already indicated some formatting errors that will be corrected in a new version soon to be released. If anyone else has any changes to suggest, please send them.

6. NetSec Subcommittee Update

Ben was not on the call and no other member was able to give a report so we recorded no updates from the NetSec Subcommittee.

7. Ballot Status

Ballots in Discussion Period

Ballot SC17: Alternative registration numbers for EU certificates (Tim H.)

Dimitris mentioned that since ballot SC16 is not in effect, there is no conflict in section 9.2 and probably the next version of SC17 will include a fresh redline against the latest EV Guidelines (1.6.9) that incorporate the changes of SC16.

Ballot SC18: Phone Contact with DNS CAA Phone Contact (Doug)

Doug submitted a new version correcting a typo, and reset the discussion period. He asked members if they have any other minor/major comment to come forward so we can wrap up this ballot.

Ballots in Voting Period

None

Ballots in Review Period

Draft Ballots under Consideration

Improvements for Method 6, website control (Tim H.)

No additional comments were made.

8. Any Other Business

None.

9. Next call

May 2, 2019 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).