CA/Browser Forum
Home » All CA/Browser Forum Posts » 2019-12-12 Minutes of the Server Certificate Working Group

2019-12-12 Minutes of the Server Certificate Working Group

Attendees (in alphabetical order)

Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Corey Bonnell (SecureTrust), Daniela Hood (GoDaddy), David Moeller (Sectigo), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Joanna Fox (GoDaddy), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Patrick Nohe (GlobalSign), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Shelley Brewer (Digicert), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).

Minutes

1. Roll Call, assign minute-taker

The Chair took attendance. Wendy Brown volunteered to take minutes.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

Accepted without change.

4. Approval of minutes from previous teleconference

Accepted without objections.

5. Application for OISTE Foundation

Dean said he had reviewed it and the application is in order. They want to be involved in both the Server Certificate WG and S/MIME WG when it is established. They are the owner/operator of the WiseKey subordinate CA as well as operating the root CA.

Application was approved with no objections.

6. Application for NAVER BUSINESS PLATFORM Corp.

Dean said the had reviewed, the application is in order, however he would like to verify that the person signing the agreement has the authorization to sign on behalf of the company. Therefore, he asked that approval be provisional on successful verification.

Provisional approval for the application was approved with no objections.

7. Application for iTrusChina to become a full Member

iTrusChina is already an Associate Member pending inclusion of their root in at least one public trust store. They are now included in 360 Browser.

Full membership was approved with no objections

Dean will contact all three companies to let them know of approval.

Dimitris will make sure the web site is updated.

8. Validation Subcommittee Update

  • Method 6 ballot – ready to go
  • Validation sources are being collected and reviewed – creating a document to help CAs provide validation sources
  • Fixing problem of which subject attributes are allowed in Intermediate CAs – the plan is to start with whitelisting all the current attributes used and then discuss what may need to change
  • Any other business – TOR has changed onion handling – will need to update guidelines to correspond to these changes
  • Bruce asked for clarification if the validation sources are only being collected for the EV guidelines
  • The answer was we are starting with EV, but it may expand to the BRs later based on whatever decision is made
  • Will make the scope clear on the Wiki

9. NetSec Subcommittee Update

  • Neil is still coming up to speed – taking over the chair from Ben
  • Updating SC20 – continuous monitoring for unauthorized changes
  • SC21 went through ballotting before SC20 so a review is needed to ensure SC20 language agrees with the approved SC21 changes
  • Take away wiggle room to ensure continuous change control & monitoring
  • Looking at modeling of sub components
  • Meeting right after this session

10. Ballot Status

No further discussion.

Ballots in Discussion Period

None

Ballots in Voting Period

None

Ballots in Review Period

_SC23 v3: Precertificates

SC24 v2: Fall Cleanup_

Draft Ballots under Consideration

SC20 Ballot (NSR 2): System Configuration Management A request was made that they review the minutes from the last teleconference and add a problem statement as to why the ballot is being proposed. Neil said there is a problem statement in the ballot language, so this can be provided.

_SC25: Define New HTTP Domain Validation Methods _(Doug) Doug stated this is getting close to be ready for discussion, he needs to turn the email version into a github version for discussion and voting. It is not yet in the official discussion period.

LEI Ballot (Tim H.) No update.

_Formatting changes to Guidelines _(Jos) The 2 ballots in review will need to be merged to the master branch and then rebase the document for formatting changes in order to create a ballot.

_Aligning the BRs with existing Browser Requirements _(Ryan) Ryan has not received any additional inputs recently. He will wait for the formatting changes ballot to go first and then re-base to the latest BRs so the proposed changes are clear against the latest version of the BRs. Further feedback from Root Programs is welcomed. Ryan is also waiting for Microsoft to finish the update that started in October. Mozilla policy 2.7 has also just been released and will be reviewed.

11. Approval of F2F 48 minutes

Minor updates were made to the minutes that were initially circulated.

Minutes as updated were approved with no objections.

12. Action items from F2F 48

Dimitris has created a Wiki page for action items from the F2F 48 meeting, he invited others to make use of this new page.

13. Any Other Business

No other Business raised.

14. Next call

January 9, 2020 at 11:00 am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).