CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-04-16 Minutes of the Server Certificate Working Group

2020-04-16 Minutes of the Server Certificate Working Group

Roll call: Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust Datacard), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Li-Chun Chen (Chunghwa Telecom), Michael Guenther (SwissSign), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Quo Vadis), Thanos Vrachnos (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority), Taconis Lewis (US Federal PKI Management Authority), Andrea Holland (SecureTrust).

Agenda approved, anti-trust statement was read, roll was taken.

Minute taker: Tim Hollebeek.

Tobi volunteered to take minutes in two weeks.

Previous minutes were approved.

Validation subcommittee discussed two things:

  1. Voluntary disclosure of information sources

– a few other CAs said they were going to disclose after DigiCert, but haven’t

– CAs are still encouraged to disclosed, but voluntary doesn’t seem to be working

Ryan has a ballot to mandate disclosure

Discussion about the challenges of not having disclosure block issuance of certificates

Ryan posted a really good summary of the discussion to the mailing list, please read it there

  1. Discussed the reorganization of requirements for certificate profiles

Draft skeleton certificate profile wasn’t up until shortly before the meeting, so not much

substantive discussion

Discussing continues on the list and in a Google document

Skeleton will again be reviewed on the next Validation call

NetSec subcommittee:

Discussing SC29 version 3 on the list

Minutes are up for review

SC28 (reducing log retention) is nearly complete

Another ballot (no number yet) for account deactivation

Ballot to replace secure zones and high security zones and replace with clearer structure

Dean: are you intending to start voting on SC29 next week?

Neil: are we allowing ballots due to the covid situation?

Wayne: I’d suggest putting a feeler out and seeing if people are ready to move forward

Ballot status:

Discussion period: SC29 (see above)

Voting period: None

Review period: SC26 (pandoc-friendly markdown changes) – ends Apr 30

Draft ballots:

Ryan – BR alignment

Ryan – Spring cleanup

Ryan – Data source disclosure (discussed on last week’s Validation call)

Chris Kemmerer – updated 6.1.1.3 to clarify requirements around rejecting weak keysServer Certificate Working Group adjourns

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).