2021-08-05 Minutes of the Server Certificate Working Group
Attendees
Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Mike Reilly (Microsoft), Niko Carpenter (SecureTrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority), Natalia Kotliarsky (SecureTrust), Brittany Randall (GoDaddy), Tyler Myers (GoDaddy), Fumihiko Yoneda (Japan Registry Services), Yoshiro Yoneya (Japan Registry Services), Mike Min (GoDaddy), Rachel McPherson (Trustcor), Jose Guzman (GoDaddy)
1. Read Antitrust Statement
Jos Purvis read the antitrust statement.
2. Roll Call
Dean Coclin read the roll.
3. Review Agenda
No changes were made to the agenda.
4. Approval of minutes from last teleconference
The minutes from the last call were approved.
5. Validation Subcommittee Update
Clint Wilson said that there has been a lot of feedback on the draft certificate profiles. The subcommittee would like to receive continuous, incremental feedback as concerns are discovered rather than a big batch of feedback after a comprehensive review has been completed because it is more efficient to address feedback in small increments.
CRL distribution points were the main discussion topic on last week’s call, prompted by an email to the list. There are many different ways to encode them. We’d like to agree on a canonical form, but in the initial profile update expect to allow both formats. There was a good discussion around the pros and cons of the different encodings – one CRLDP with multiple URIs or multiple CRLDPs with single URIs.
6. NetSec Subcommittee Update
Ben Wilson said the subcommittee met on Tuesday. They are looking for a replacement for Neil Dunbar as chair. Clint Wilson, David Kluge, and Dustin Hollenback will seek approval to fill this role from their management. Ben will update the WebEx meeting to allow other members to start the WebEx session.
The cloud security subgroup recently shifted focus to audits and is preparing a document describing potential audit models and the component services that would be audited.
Finally, they discussed ballot SC34 which would no longer require annual review of inactive user accounts. Tobi is seeking a new endorser to replace Neil
7. Ballot Status
Ballots in Discussion Period
None
Ballots in Voting Period
None
Ballots in Review Period
- Ballot SC47: Sunset subject:organizationalUnitName (Completes 2021-Aug-07)
- Ballot SC48: Domain Name and IP Address Encoding (Completes 2021-08-21)
Draft Ballots Under Consideration
Ballot SCXX: Debian Weak Keys (Chris)
Chris Kemmerer said that he is going to reach out to external resources (Rob Stradling of Sectigo and Dimitris Zacharopoulos of HARICA) to clarify where the lists of weak keys will be hosted.
Ballot SC34 Account Management (Tobi)
Tobi Josefowitz said that it was discussed in the Network Security subcommittee. Neil was an endorser, so Tobi is looking for a new endorser.
8. Any Other Business
None
9. Next call: August 19th, 2021 at 11AM Eastern
Adjourn; Immediately convene meeting of CA Browser Forum (same call)