CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-10-31 Minutes of the Server Certificate Working Group

2019-10-31 Minutes of the Server Certificate Working Group

Attendees (in alphabetical order)

Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Kenneth Myers (US Federal PKI Management Authority), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority), Xiu Lei (GDCA).

Minutes

1. Roll Call

The Chair took attendance.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

No changes to the agenda.

4. Approval of minutes from previous teleconference

The minutes from the previous teleconference were approved and will be circulated to the public list.

5. Validation Subcommittee Update

Tim reported that they had a short meeting to discuss about the validation summit items progress. They discussed about topics for the next F2F meeting where Tim asked for agenda items. None were suggested.

6. NetSec Subcommittee Update

Ben was not on the call and there was no update to be reported.

7. Ballot Status

No further discussion.

Ballots in Discussion Period

_SC23: Precertificates and OCSP (Wayne) _ Wayne mentioned that the current version (v3) which was adopted by the proposer and endorsers is an alternative approach proposed by Dimitris and tweaked by Ryan which addresses the problem by updating section 4.9.10 in the BRs for the OCSP responses. Wayne encouraged members to take a look at the ballot. An effective date is not necessary because it introduces a MAY which doesn’t need to have an effective date.

Kirk asked if the MAY could be interpreted by the Root Programs as being effective instantly. Wayne responded for Mozilla that any policy changes to the Mozilla Root Program will take place sometime next year so there is no plan for any immediate changes. Mike mentioned that the Microsoft Trusted CA Program does not plan any changes.

Finally, Wayne mentioned that this ballot has a conflicting section with SC24 (for BRs section 4.9.10) but has provisions that addresses this conflict. _ SC24: Fall Cleanup (Wayne)_ This ballot is now in the discussion period. Members should look at this ballot and report any possible issues.

Ballots in Voting Period

None

Ballots in Review Period

_SC21: NSR section 3 (Log Integrity Controls)(Review until Nov 3, 2019) _

Draft Ballots under Consideration

Improvements for Method 6, website control (Tim H.) No additional comments _ SC20 Ballot (NSR 2): System Configuration Management_ No additional comments

LEI Ballot (Tim H.) No additional comments.

_Aligning the BRs with existing Browser Requirements _(Ryan) Ryan mentioned that he doesn’t expect any progress on this ballot until the markdown ballot is done. He recommended members to check the draft ballot for effective policy that currently applies to Root Programs. He expects more updates to be added to this ballot as they are identified.

_Formatting changes to Guidelines _(Jos) There was some discussion around the markdown fixes for pandoc-friendly rendering. One of the issues that has been discussed before is the formatting of listed items and whether this ballot should attempt to address this issue. The current Guidelines include several different listings (i, ii, iii, a, b, c, A, B, C, etc), some of which are included in long paragraphs and it would be better if they were split into bulleted or numbered lists for easier reading. However, it is possible that these current lists are referenced either from other parts of the same document or other documents, even CP/CPS documents from CAs. Although such changes would improve readability, it was recommended not to make such changes in this ballot and be addressed at a later time.

8. Approve F2F 48 Agenda

The F2F agenda was approved. Ryan added a point of concern related to new topics being introduced in meetings, and F2F slots in particular, and recommended that proposers of new topics send some information to the public list beforehand. That would assist participants to prepare and effectively engage in the discussion. Dimitris mentioned that although this is not a requirement, it is a good practice. Wayne added that he would also send a message to the public list about the “default-allow, default deny” discussion topic.

9. Any Other Business

None.

10. Next call

November 14, 2019 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).