CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-09-16 Minutes of the Server Certificate Working Group

2021-09-16 Minutes of the Server Certificate Working Group

Attendees

Ali Gholami (Telia), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumihiko Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Natalia Kotliarsky (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Mozilla), Yoshiro Yoneya (Japan Registry Services)

Minutes

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Roll Call

Dean Coclin read the roll.

3. Review Agenda

No changes were made to the agenda.

4. Approval of minutes from last teleconference

The minutes from the last call were approved without changes.

5. Validation Subcommittee Update

Ryan Sleevi said that the subcommittee met last Thursday. Tim Hollebeek said that he would follow up with the Infrastructure subcommittee on emailing digest summaries of GitHub activity to the list. That would not have helped with the draft certificate profiles since they are being edited in a different repository, so there was a request to continue reflecting decisions to the mailing list.

Ryan said that the bulk of the call was spent discussing technically constrained subCAs and what the BR definition is. This was a continuation of a discussion that began on the mailing list. The definitions section, and sections 7.1.5 and 8 of the BRs contain elements of this definition. The questions revolved around what subCAs issued by in-scope roots are in-scope for the BRs, and what data signed by those subCAs are in-scope?

6. NetSec Subcommittee Update

Clint Wilson said the subcommittee met on Tuesday. Clint was elected as the new chair. The subcommittee is trying to reassess what was in flight and what work should continue forward and how. Two existing ballots are Clint’s and should move forward shortly. The first is to remove section 4.1.1, and the other updates the audit logging and records archival sections. A third ballot on the usage of “zones” in the NCSSRs was also discussed during the meeting and then on the list. At a more strategic level, looking at how to approach changes to the NCSSRs. There is interest in looking at the scope of the Network Security Subcommittee and considering a recharter to ensure that future work is in scope.

7. Ballot Status

Ballots in Discussion Period

None

Ballots in Voting Period

  • Special Ballot SC49: Election of Server Certificate Working Group Vice-Chair

Jos said that there is only one candidate and he will begin the voting period shortly. Please vote!

Ballots in Review Period

None

Draft Ballots Under Consideration

  • Ballot SCXX: Debian Weak Keys (Chris)

Ben Wilson said that he had asked a question about the language on the list and would be willing to endorse the ballot if that is clarified. Chris Kemmerer said that he is reviewing the ballot language for clarity.

  • Ballot SC34 Account Management (Tobi)

Tobi Josefowitz said that he is still talking to a possible endorser.

8. Any Other Business

Jos asked members to review the agenda for the Fall F2F on the wiki and reach out to WG Chairs with any topics that members would like to have discussed. Conversely, if you have a slot on the agenda that is not necessary please inform the appropriate Chair so that the limited time available can be reallocated.

9. Next call: September 30th, 2021 at 11AM Eastern

Adjourn; Immediately convene meeting of CA Browser Forum (same call)

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).