2021-09-16 Minutes of the Server Certificate Working Group
Attendees
Ali Gholami (Telia), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumihiko Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Natalia Kotliarsky (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Mozilla), Yoshiro Yoneya (Japan Registry Services)
Minutes
1. Read Antitrust Statement
Jos Purvis read the antitrust statement.
2. Roll Call
Dean Coclin read the roll.
3. Review Agenda
No changes were made to the agenda.
4. Approval of minutes from last teleconference
The minutes from the last call were approved without changes.
5. Validation Subcommittee Update
Ryan Sleevi said that the subcommittee met last Thursday. Tim Hollebeek said that he would follow up with the Infrastructure subcommittee on emailing digest summaries of GitHub activity to the list. That would not have helped with the draft certificate profiles since they are being edited in a different repository, so there was a request to continue reflecting decisions to the mailing list.
Ryan said that the bulk of the call was spent discussing technically constrained subCAs and what the BR definition is. This was a continuation of a discussion that began on the mailing list. The definitions section, and sections 7.1.5 and 8 of the BRs contain elements of this definition. The questions revolved around what subCAs issued by in-scope roots are in-scope for the BRs, and what data signed by those subCAs are in-scope?
6. NetSec Subcommittee Update
Clint Wilson said the subcommittee met on Tuesday. Clint was elected as the new chair. The subcommittee is trying to reassess what was in flight and what work should continue forward and how. Two existing ballots are Clint’s and should move forward shortly. The first is to remove section 4.1.1, and the other updates the audit logging and records archival sections. A third ballot on the usage of “zones” in the NCSSRs was also discussed during the meeting and then on the list. At a more strategic level, looking at how to approach changes to the NCSSRs. There is interest in looking at the scope of the Network Security Subcommittee and considering a recharter to ensure that future work is in scope.
7. Ballot Status
Ballots in Discussion Period
None
Ballots in Voting Period
- Special Ballot SC49: Election of Server Certificate Working Group Vice-Chair
Jos said that there is only one candidate and he will begin the voting period shortly. Please vote!
Ballots in Review Period
None
Draft Ballots Under Consideration
- Ballot SCXX: Debian Weak Keys (Chris)
Ben Wilson said that he had asked a question about the language on the list and would be willing to endorse the ballot if that is clarified. Chris Kemmerer said that he is reviewing the ballot language for clarity.
- Ballot SC34 Account Management (Tobi)
Tobi Josefowitz said that he is still talking to a possible endorser.
8. Any Other Business
Jos asked members to review the agenda for the Fall F2F on the wiki and reach out to WG Chairs with any topics that members would like to have discussed. Conversely, if you have a slot on the agenda that is not necessary please inform the appropriate Chair so that the limited time available can be reallocated.
9. Next call: September 30th, 2021 at 11AM Eastern
Adjourn; Immediately convene meeting of CA Browser Forum (same call)