CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-08-08 Minutes of the Server Certificate Working Group

2019-08-08 Minutes of the Server Certificate Working Group

Attendees (in alphabetical order)

Arno Fiedler (D-TRUST), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Joanna Fox (GoDaddy), Jos Purvis (Cisco), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alen (Sectigo), Ryan Sleevi (Google), Tim Shirley (SecureTrust), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call

The Vice-Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

Today’s Agenda was approved.

4. Approval of minutes from previous teleconference

There was discussion on the list about the minutes from the 25-July call. Ryan said that about 20 minutes of discussion are missing from the minutes, but he hasn’t had time to suggest edits. He said most of the discussion was rehashing stuff that was previously discussed and minuted. Ryan said he’s not terribly concerned and would be okay if others agree to leave that discussion out of the minutes. Jos suggested that a line be inserted into the minutes referencing the prior discussions. Dean agreed.

The minutes from the previous teleconference – with an additional comment stating “a discussion ensued referencing previous discussions around this topic” – were approved and will be circulated to the public list.

5. Validation Subcommittee Update

The Subcommittee discussed the LEI ballot that Tim has drafted. Some of the ballot language is copied from the LEI website and can be clarified. There was discussion around clarifying the validation process, tightening up the algorithm. The reason is that the LEI database isn’t even a QIIS. Tim is open to proposals. Discussed a questions about attorney/accountant letters. Dean is waiting on Ryan to draft a reply. Discussed certificate lifetimes. Google proposal is for 397 days. Discussed 397 versus 398 days, and March 2020 implementation. Ryan is looking for more feedback. Dean said that DigiCert is actively gathering feedback from large enterprise customers with multi-year certificates and no automation. There are several endorsers (Apple, Let’s Encrypt) and Ryan is looking to move to a 3-week discussion period soon. There was also discussion on the list about validation automation solutions that might reduce friction for customers. Rich said that Sectigo is also gathering feedback. Mike Reily said that he will discuss the ballot with others at Microsoft. Michelle Coon asked if the ballot only applies to TLS certificates. Ryan said that it only applies to the BRs and SSL/TLS. Wayne said that this applies to certificates that are capable of being used for TLS.

Dean asked if CAs are allowed to post to our lists on behalf of customers. Ryan said that CAs have shared feedback from customers on the appropriate list. Customers have also posted directly to the questions list, with discussion happening on the public list if the questioner indicates that we can.

The Subcommittee then discussed the Spring cleanup ballot. Ryan created a Github branch containing a number of fixes and clarifications. Ryan asked everyone to speak up if they can recall any issues that have been deferred to a cleanup ballot. Wayne asked Ryan to make the request on the public list. Finally, the Subcommittee discussed the method 6 ballot. Consensus was that this ballot should create a new method number and the old one should be sunset. Wayne said that Doug was to send out an updated ballot – no one was sure if that has happened yet.

6. NetSec Subcommittee Update

The Subcommittee did not meet this week and Ben was not on the call. No update was provided.

7. Ballot Status

No further discussion on ballots under consideration.

Ballots in Discussion Period

None

Ballots in Voting Period

None

Ballots in Review Period

Draft Ballots under Consideration

LEI (Tim H.) – No additional comments

Improvements for Method 6, website control (Doug) – No additional comments _ Certificate Lifetime (Ryan)_ – No additional comments

Spring Cleanup (Ryan) – No additional comments

8. Approval of F2F 47 Minutes

The minutes from F2F 47 were approved and will be circulated to the public list.

9. Any Other Business

No other business.

10. Next call

August 22, 2019 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).