CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-09-30 Minutes of the Server Certificate Working Group

2021-09-30 Minutes of the Server Certificate Working Group

Attendees

Ali Gholami (Telia), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumihiko Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Jos Purvis (Cisco Systems), Jose Guzman (GoDaddy), Karina Sirota (Microsoft), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Mike Reilly (Microsoft), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Sebastian Schulz (GlobalSign), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Roll Call

Dean Coclin read the roll.

3. Review Agenda

No changes were made to the agenda.

4. Approval of minutes from last teleconference

The minutes from the last call were approved without changes.

5. Validation Subcommittee Update

Wayne Thayer said that the subcommittee met briefly last Thursday. The main open item on the certificate profiles work is the Technically Constrained Sub-CA Profiles,which were discussed at the prior meeting. There were no updates on the profiles to report.

6. NetSec Subcommittee Update

Clint Wilson said they talked this week about identifying objectives for the subcommittee. How does the scope map to the charter? How do other WGs use the NCSSRs? Should the NetSec subcommittee be chartered as a working group?

Clint said that the subcommittee continues to look at cloud infrastructure and improving and clarifying the current requirements. They are also working on a risk assessment of public CA specific threats. Finally, some smaller fixes are also in the works. If anyone knows of minor cleanups to the NCSSRs that are needed, please log them in a GitHub issue.

7. Ballot Status

Ballots in Discussion Period

None

Ballots in Voting Period

None

Ballots in Review Period

None

Draft Ballots Under Consideration

  • Ballot SCXX: Debian Weak Keys (Chris)

Chris Kemmerer said that he should have something ready next week for discussion at the upcoming F2F.

  • Ballot SC34 Account Management (Tobi)

Tobi Josefowitz said that he is still looking for someone to endorse.

8. Any Other Business

Jos said that ballot SC49 has passed and Doug Beattie has been elected as the Vice Chair of the SCWG. His term begins on Nov 1st. Jos congratulated Doug and thanked Wayne for his past service.

Doug said that he is looking forward to moving into the role.

Jos said that the Fall F2F is coming up and he has received a few requests for slots on the agenda. Please review the agenda and sign up on the wiki if you have not already done so.

9. Next call (after F2F): October 28th, 2021 at 11AM Eastern

Adjourn; Immediately convene meeting of CA Browser Forum(same call)

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).