2020-07-23 Minutes of the Server Certificate Working Group
Attendees (in alphabetical order)
Ben Wilson (Mozilla), Bruce Morton (Entrust Datacard), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Johny Reading (GoDaddy), Karina Sirota (Microsoft), Michelle Coon (OATI), Michol Murray (GoDaddy), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rae Ann Gonzales (Godaddy), Rich Smith (Sectigo), Robin Alden (Sectigo), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Thanos Vrachnos (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Travis Graham (GoDaddy), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
Minutes
1. Roll Call
The Roll Call was taken.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
No changes to the agenda were noted. Dimitris will not chair for the next two calls, no volunteers for minute taking.
4. Approval of minutes from last teleconference
Accepted without objections.
5. Validation Subcommittee Update
Tim reports he will not be available in the next SCWG call either and that in turn somebody else may have to report.
Recently, the Validation Subcommittee has spent time going over the Trello board re-assessing issues they have not reviewed for a while. Some were closed, some were moved on the board and some were updated with information.
The Subcommittee has also looked at the Github facilities for managing issues; it is similar to the Trello solution. It looks like Github’s facilities are in line with the Subcommittee’s needs, so the Subcommittee may move from Trello to Github. As a next step somebody needs to actually transfer the issues from Trello to Github, active issues first, backlog later.
The Subcommittee will get back to the certificate profiles in next week’s meeting.
6. NetSec Subcommittee Update
The NetSec Subcommittee has received a request to not currently bring more ballots to vote. The Subcommittee has multiple work items nearly ready to be brought forward as Ballots, but will discuss the request in the meeting later on the same day, as pushing them forward may not make sense if people do not currently have enough capacity for Ballot review.
SC28 will thus for now stay in “heartbeat mode”, SC32 is being worked on more to address input received, the “System Access” Draft Ballot has gone back to the Pain-Points subteam, to improve the explanation/motivation section, but not the Ballot content, the same applies to the “Authentication Controls” Draft Ballot that tries to address the Lockout issue.
The Offline CAs Draft Ballot is still being commented on within the Subcommittee, so there may be one more round of discussions required before we could put it forward.
The Threat Modelling subteam has update the risk analysis document to include further examination of risks posed by CA equipment custody handling.
7. Ballot Status
Ballots in Discussion Period
SC28 (Logging and Log Retention)
Dimitris: SC28 is in heartbeat process Neil: Basically we propose new versions without changes so that the ballot does not expire since we do hold off from calling for a vote
Ballots in Voting Period
None
Ballots in Review Period
SC30 (Disclosure of Registration/Incorporating Agency) SC31 (Browser Alignment)
Dimitris: We have two ballots in the review period, Ballots SC 30 and SC 31, review periods end August 20. I will post the final maintenance guidelines after that. I want to highlight that these ballots contain a few deadlines and effective dates that will become effective not relative to when the ballots themselves become effective, so CAs should be aware of those._ _
Draft Ballots under Consideration
_Spring 2020 cleanup and clarifications (Ryan) _
No updates
Update to BR section 6.1.1.3
Chris: We got some internal discussion about this, including discussion of whether to include compromised as well as weak keys, and we are debating this in-house. In any case, the draft language will be posted this day or the next.
Dimitris: SC 31, which is in review period, also changes Section 6.1.1.3 of the Baseline Requirements, which means this needs to be considered when bringing the Ballot.
_Offline CA Security Requirements _(Ben)
Dimitris invites Ben to share information regarding the Offline CA Security Requirements Draft Ballot.
Ben: We just need to get endorsers, and a Ballot number, and that is what we are working on right now, we will discuss it in the NetSec Subcommittee.
_Updating BR 3.2.2.4.10 _(Wayne)
Wayne: I have not moved any further with this Ballot and I have a question about the request not to bring any more ballots into discussion period, is this meant for all of August, is this specific to some of the more complex Network Security related Ballots?
Dimitris: Since I originally asked for this – I meant the more complex ballots.
Wayne: In that case, the language is about finalized and we just need endorsers to start the Discussion Period.
8. Any Other Business
No other business was discussed.
9. Next call
The next call will take place on August 6, 2020 at 11:00am Eastern Time.