CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-07-22 Minutes of the Server Certificate Working Group

2021-07-22 Minutes of the Server Certificate Working Group

Attendees

Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Christy Berghoff (US Federal PKI Management Authority), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Janet Hines (SecureTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Kati Davids (GoDaddy), Michelle Coon (OATI), Mike Reilly (Microsoft), Paul van Brouwershaven (Entrust), Rebecca Kelley (Apple), Ryan Sleevi (Google), Sebastian Schulz (GlobalSign), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla), Natalia Kotliarsky (SecureTrust), Tyler Myers (GoDaddy), Fumihiko Yoneda (Japan Registry Services), Yoshiro Yoneya (Japan Registry Services), Mike Min (GoDaddy)

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Roll Call

Dean Coclin read the roll.

3. Review Agenda

No changes were made to the agenda.

4. Approval of minutes from last teleconference

The minutes from the last call were approved.

5. Validation Subcommittee Update

Doug Beattie said that last week’s call was short. Ryan Sleevi said that SC48 was mentioned, and members were requested to review and comment on the new certificate profiles (which can be found at https://github.com/sleevi/cabforum-docs/pull/36)

6. NetSec Subcommittee Update

Bruce Morton said that there was no meeting.

7. Ballot Status

Ballots in Discussion Period

None

Ballots in Voting Period

Ballot SC48: Domain Name and IP Address Encoding

Jos said that voting has ended. It was noted that a vote was received from Cisco after voting had ended and would not be counted.

Ballots in Review Period

  • Ballot SC47: Sunset subject:organizationalUnitName (Completes 2021-Aug-07)

Draft Ballots Under Consideration

Ballot SCXX: Debian Weak Keys (Chris)

Chris Kemmerer said that he will update the thread and ask for feedback on how to proceed.

Ballot SC34 Account Management (Tobi)

Tobi Josefowitz said he had no update this week.

8. Any Other Business

Jos said that we’re not required to approve interested party applications, but it sometimes helps to identify issues. We have received an application from emdha. Their IPR agreement is on the wiki. There were no objections to admitting emdha as an interested party.

Dean asked about the minutes for the June face-to-face. Jos said that he would publish them soon for the Wednesday and Thursday sessions. Subcommittees that met on Tuesday will need to publish the minutes from their meetings.

9. Next call

August 5th, 2021 at 11AM Eastern Adjourn; Immediately convene meeting of CA Browser Forum call (same call)

Latest releases
Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Minutes Server Certificates
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).