2019-08-22 Minutes of the Server Certificate Working Group
Attendees (in alphabetical order)
Arno Fiedler (D-TRUST), Ben Wilson (Digicert), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Kenneth Myers (US Federal PKI Management Authority), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla).
Minutes
1. Roll Call
The Chair took attendance.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
No changes to the agenda.
4. Approval of minutes from previous teleconference
The minutes from the previous teleconference were approved and will be circulated to the public list.
5. Validation Subcommittee Update
Method 6 (http) has a draft ballot that Doug posted, it is the last ballot coming from the Validation Summit, and there was some discussion about the redirects. Doug will most probably propose limiting to 10 redirects.
They also discussed about the “clean-up ballot”. There is a link pointing to the proposed changes in the minutes of the validation subcommittee, so Members can check that link for any controversial changes.
Reducing the certificate lifetime ballot was also discussed.
Finally, the subcommittee discussed about the LEI ballot which has language for the Fully-Verified (Fully Corroborated) information. More discussion already takes place on the list.
6. NetSec Subcommittee Update
No update.
7. Ballot Status
No further discussion on ballots under consideration
Ballots in Discussion Period
_Ballot SC22: Reduce Certificate Lifetimes _(Ryan) Mike asked about the three-week discussion period and whether that was something decided at the Validation Subcommittee. Ryan mentioned that it was discussed at the subcommittee level for about a month and then moved to ballot in order to get any further feedback.
There was a short discussion about whether the proposer must send an e-mail to explicitly start the voting period, regardless whether the ballot e-mail states a “voting begin” date. The interpretation of the Bylaws was that an explicit email by the proposer needs to start the voting period, which must be exactly 7 days.
Ballots in Voting Period None
Ballots in Review Period None
Draft Ballots under Consideration
Improvements for Method 6, website control (Tim H.) No additional comments _ SC20 Ballot (NSR 2): System Configuration Management_ (Ben) No additional comments
SC21 Ballot (NSR 3): Log Integrity Controls (Ben) Ben asked whether the ballots should be considered withdrawn since they have not been updated for a while. Dimitris responded that since these are still in the “Draft ballots” and have not started an official “Discussion Period”, they are not considered withdrawn, unless the proposer wants to withdraw them.
Tobi mentioned that the Network Security Subcommittee will have a better idea about these two ballots in two weeks.
8. Any Other Business
No other business.
9. Next call
September 5, 2019 at 11:00 am Eastern Time.