CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-07-09 Minutes of the Server Certificate Working Group

2020-07-09 Minutes of the Server Certificate Working Group

Attendees (in alphabetical order)

Adam Clark (Visa), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust Datacard), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Curt Spann (Apple), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dre Aremeda (GoDaddy), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Mayur Manchanda (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rachel McPherson (TrustCor Systems), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Stephen Davidson (Digicert), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla).

Minutes

1. Roll Call

The Roll Call was taken.

2. Read Antitrust Statement

The Antitrust Statement was read.

3. Review Agenda

No changes to the agenda were noted.

4. Approval of minutes from last teleconference

Minutes were approved

5. Validation Subcommittee Update

  • Continuing work on certificate profiles
  • Wayne introduced a discussion on removal of validation method #10 and replacing it with RFC 8737 TLS ALPN
  • Validation data reuse periods were discussed as well in the last meeting. Trev started discussion on validation reuse issue to follow up from the f2f. Excellent discussion in the minutes that members are encouraged to read

The draft minutes of that particular Subcommittee meeting are available at the following thread:

6. NetSec Subcommittee Update

Neil was not on the SCWG call and Ben mentioned that there was no subcommittee call last week and the committee would be meeting after this CA/Browser meeting.

Ben recommended skipping any updates on NetSec this week.

7. Ballot Status

Ballots in Discussion Period

SC28 (Logging and Log Retention)

Discussion period was restarted

SC31 (Browser Alignment)

Voting will start later today.

Dean discussed that we have some CAs not aligned with the cert lifetime issue which was voted down with SC22. He feels many CAs don’t want to vote on this ballot with the cert lifetime. How do we resolve this? We could 1) remove this section on cert lifespans, 2) vote as is, or 3) try to satisfy CA concerns on the cert lifetime item. Maybe have a statement that the CA disagrees with the one year certs but they want to support the rest of the ballot for the good of the industry. This gives CAs a way to point customers to the discussion and voting comments as to each CA stance. Ryan: the majority of these type of proposals were already mentioned on the discussion in the public forum. Google does not support adding this caveat. CAs can point to their voting comments and any other comments made in their vote on the ballot. We don’t need a special provision in the ballot. Including such a provision would not be conducive for the good of the Forum and current processes. Tim: I appreciate trying to find common ground if possible. DigiCert does not have a problem with the one year cert issue but most concerned with the effectiveness of the Forum and working together to find common ground and progress as a community going forward. Dimitris: there was a change in ID certs away from “should.” Ryan: V3 incorporated many suggestions including Corey’s excellent contributions. V3 is in discussion now and was meant to address issues brought up in the discussion on V2.

Ballots in Voting Period

SC30 (Disclosure of Registration/Incorporating Agency)

Ballots in Review Period

None.

Draft Ballots under Consideration

Spring 2020 cleanup and clarifications (Ryan)

Current draft in GitHub needs to be updated for markdowns. We’ll see where SC31 goes and that may determine where we go with this ballot. Also the PANDOC friendly markdown (SC26) discussion may have input into this ballot as well.

Update to BR section 6.1.1.3 Been doing testing. Took more time than anticipated. We did get enough info to draft a good updated proposal. The update will explain changes as a result from testing. Good progress overall.

8. Approval of minutes from F2F 50

  • Dean mentioned that he didn’t see Google’s presentation uploaded yet. Dimitris: most info was captured in the minutes. Ryan will provide the link to the deck for upload and minutes
  • Minutes are now approved

9. Any Other Business

No other business was discussed.

10. Next call

The next call will take place on July 23, 2020 at 11:00am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).