CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-09-02 Minutes of the Server Certificate Working Group

2021-09-02 Minutes of the Server Certificate Working Group

Attendees

Adrian Mueller (SwissSign), Ali Gholami (Telia), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Brittany Randall (GoDaddy), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), David Kluge (Google), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumihiko Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Mike Min (GoDaddy), Mike Reilly (Microsoft), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Rebecca Kelley (Apple), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Vijayakumar (Vijay) Manjunatha (eMudhra), Yoshiro Yoneya (Japan Registry Services), Steven Deitte (GoDaddy)

Minutes

1. Roll Call and Anti-Trust Statement

Jos read the anti-trust statement. Dean read the roll, noting the addition of several people who joined.

2. Review of Minutes

The minutes from the meeting on the 19th were approved as released to the management list without changes.

3. Validation Subcommittee

Corey Bonnell gave the update. The subcommittee met on 26 August and discussed two main topics. First was a discussion on some topics within the draft profiles work by Ryan Sleevi (that were discussed on the recent Github pull request) around subject key identifiers and calculations for them; second was a discussion around name constraints and the draft certificate profile under construction. Corey noted that Wayne had taken extensive minutes from the discussion and recommended that everyone peruse them for updates and background on the topics discussed. Corey noted that Wayne had also raised the question of whether an applicant could delegate domain validation for its own domain to the CA itself. The consensus of the group was that this merited further discussion and consideration to identify requirements.

4. Network Security Subcommittee

Ben gave the update. Ben reported that NetSec had finalized their new leadership, consisting of Clint Wilson as chair and David Kluge as vice-chair, with Ben available as a backup. The committee is also considering changing the date and time of their meetings and has a poll out to consider that. They’re working on restructuring the committee and identifying key goals and objectives for the group. Minutes from the meeting have been circulated to the NetSec mailing list.

5. Ballot Status

There are no ballots currently in voting, discussion, or review.

Draft Ballots

Debian Weak Keys

Chris said they have revived the discussion for this ballot on the list, and they have an endorsement from Rob from Sectigo, and that Rob had suggested some re-arrangement to present resources that they think are worthwhile. Updates on the ballot will be released to the mailing list forthwith.

SC34 Account Management

Tobi was not on the call; no update was provided. Ben noted that Tobi is still looking for a second endorser, and asked Trev to follow up with Tobi about it.

6. Any Other Business

Vice-Chair Elections

Jos noted that we have finished the proposed nomination period and now have one nomination, Doug Beattie. Nominations are extended through midnight Eastern Time on 2 September, and then will be closed. If there is still only one nominee, there will be an acclamation ballot; if there is more than one, we will have an election ballot. Jos will be releasing the appropriate ballot type on the 3rd to start the discussion period. Jos asked that anyone nominating please post to the mailing list and update the wiki page linked from the nomination announcement.

Jos then raised the question from the Management list about Wayne’s inclusion in calls. Wayne has changed his affiliation to his new employer, Fastly, who is an Interested Party in the Forum. As such, Wayne requires an explicit invitation to attend any calls or committee meetings for the Forum, per the Bylaws. In recognition of Wayne’s long involvement with the Forum and his continued interest in contributing, members had asked that Wayne be invited to Forum and Server-Cert Working Group teleconferences. Jos proposed a standing invitation to Wayne to all SCWG teleconferences at least through the end of Wayne’s term as SCWG Vice-Chair (ending 31 October 2022). There were no objections, so the invitation will be extended.

Fall Virtual Face-to-Face

Planning for the Fall Virtual Face-to-Face meeting is underway, and Jos noted that a draft agenda for the meeting is available on the wiki. Jos, Karina, and Dean are working on the scheduling, and are starting from the schedule for the previous F2F. Committee chairs and those with issues they’d like to discuss at the Face-to-Face are invited to contact any of those three people to have an agenda slot reserved. In addition, Dean asked that any committees or members that do not need to present please contact the planners to yield their time, so that we can re-allocate it to other discussions.

Trev asked whether, since the fall meeting had been planned for Asia, the Virtual F2F would be held in Asia time zones. Jos replied that for now the planners are intending to continue with the US/East time zone schedule for the meeting, but that if there are concerns about it to please raise them.

Dean pointed out there are about 27 people registered for the fall meeting and asked everyone to please register as soon as possible. Jos pointed out that registrations for the virtual face-to-face are still important since they allow the planners to construct the roll sheets for the meetings ahead of time, simplifying roll call.

7. Adjourn

The meeting was adjourned for the CA/Browser Forum plenary call. The next meeting is 16 September at 11:00 US/East.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).