CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-08-22 Minutes of the Server Certificate Working Group

2019-08-22 Minutes of the Server Certificate Working Group

Attendees (in alphabetical order)

Arno Fiedler (D-TRUST), Ben Wilson (Digicert), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Kenneth Myers (US Federal PKI Management Authority), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

No changes to the agenda.

4. Approval of minutes from previous teleconference

The minutes from the previous teleconference were approved and will be circulated to the public list.

5. Validation Subcommittee Update

Method 6 (http) has a draft ballot that Doug posted, it is the last ballot coming from the Validation Summit, and there was some discussion about the redirects. Doug will most probably propose limiting to 10 redirects.

They also discussed about the “clean-up ballot”. There is a link pointing to the proposed changes in the minutes of the validation subcommittee, so Members can check that link for any controversial changes.

Reducing the certificate lifetime ballot was also discussed.

Finally, the subcommittee discussed about the LEI ballot which has language for the Fully-Verified (Fully Corroborated) information. More discussion already takes place on the list.

6. NetSec Subcommittee Update

No update.

7. Ballot Status

No further discussion on ballots under consideration

Ballots in Discussion Period

_Ballot SC22: Reduce Certificate Lifetimes _(Ryan) Mike asked about the three-week discussion period and whether that was something decided at the Validation Subcommittee. Ryan mentioned that it was discussed at the subcommittee level for about a month and then moved to ballot in order to get any further feedback.

There was a short discussion about whether the proposer must send an e-mail to explicitly start the voting period, regardless whether the ballot e-mail states a “voting begin” date. The interpretation of the Bylaws was that an explicit email by the proposer needs to start the voting period, which must be exactly 7 days.

Ballots in Voting Period None

Ballots in Review Period None

Draft Ballots under Consideration

Improvements for Method 6, website control (Tim H.) No additional comments _ SC20 Ballot (NSR 2): System Configuration Management_ (Ben) No additional comments

SC21 Ballot (NSR 3): Log Integrity Controls (Ben) Ben asked whether the ballots should be considered withdrawn since they have not been updated for a while. Dimitris responded that since these are still in the “Draft ballots” and have not started an official “Discussion Period”, they are not considered withdrawn, unless the proposer wants to withdraw them.

Tobi mentioned that the Network Security Subcommittee will have a better idea about these two ballots in two weeks.

8. Any Other Business

No other business.

9. Next call

September 5, 2019 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).