CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-08-06 Minutes of the Server Certificate Working Group

2020-08-06 Minutes of the Server Certificate Working Group

Attendees (in alphabetical order)

Ben Wilson (Mozilla), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Johny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Mayur Manchanda (Visa), Michael Guenther (SwissSign), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rae Ann Gonzales (Godaddy), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority)

Minutes

Dimitris is on vacation, so Wayne led the call.

1. Roll Call

The Roll Call was taken.

2. Read Antitrust Statement

The Antitrust Statement was read by Ben WIlson.

3. Review Agenda

No changes to the agenda were noted. Neil Dunbar volunteered to take minutes for the next SCWG and Forum teleconference.

4. Approval of minutes from last teleconference

Accepted without objections.

5. Validation Subcommittee Update

Tim Hollebeek was not on the call. Wayne reported that last week’s meeting was brief. The call began with discussion of the TLS Using ALPN Method ballot. Then the certificate profile work was discussed. The spreadsheet is linked from our wiki. Doug added the ‘subscriber’ tab, and it was decided that the committee would work on it next time. Members were asked to review this tab and make comments prior to the next meeting. Finally, the ‘cleanups and clarifications’ ballot was discussed. Ryan is cleaning up the ballot and is planning to move the ballot into the discussion period soon.

6. NetSec Subcommittee Update

SC28 is in ‘heartbeat’ mode, being kept alive through the month of August at the request of members who need more time to review and analyze the implications of the ballot. SC32, the “zones” ballot is being reworked to discuss and address feedback that has been received. There are a couple of new ballots that now have explanatory text completed so they can be introduced to the working group. These ballots make smaller changes than some of the recent ballots. The Pain Points group continues discussions of long term CA architecture, such as how to integrate cloud providers.

7. Ballot Status

Ballots in Discussion Period

SC28 (Logging and Log Retention)

Wayne: Being kept alive through August to provide more time for review.

SC33 (TLS Using ALPN Method)

Wayne: This ballot replaces domain validation method 10 with a new method 20 that uses the IETF RFC to define the use of TLS with ALPN to validate domain control. Discussion period ends tomorrow. Planning to start voting tomorrow.

Ballots in Voting Period

None

Ballots in Review Period

SC30 (Disclosure of Registration/Incorporating Agency)

SC31 (Browser Alignment)

Wayne: Review periods end August 20.

Draft Ballots under Consideration

Spring 2020 cleanup and clarifications (Ryan)

Ryan: Been working on the layout. Content-wise it’s done, but haven’t had a chance to work on the markdown. It will be coming soon to give CAs the confidence they need on clarifications

Update to BR section 6.1.1.3 (Chris)

Chris: Have been waiting on SC31’s review period to end since it also changed section 6.1.1.3. Since the SC31 review period is almost over, we can move forward with this ballot. Also includes a change to section 4.9.1.1. Will go ahead and push this out for discussion soon.

Offline CA Security Requirements (Ben)

Ben: No updates. This will be discussed at the next subcommittee call.

8. Any Other Business

No other business was discussed.

9. Next call

The next call will take place on August 20, 2020 at 11:00am Eastern Time.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).