CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-10-28 Minutes of the Server Certificate Working Group

2021-10-28 Minutes of the Server Certificate Working Group

Attendees

Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Natalia Kotliarsky (SecureTrust), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Dickson (Google), Sebastian Schulz (GlobalSign), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Roll Call

Dean Coclin read the roll.

3. Review Agenda

Clint asked that we add discussion of his ballot.

4. Approval of minutes from last teleconference

Last meeting was F2F: Minutes are still being assembled on WIKI. Please review and update your sections! Most sections copied over from Etherpad.

5. Validation Subcommittee Update

Tim Hollebeek said that the CRL max validity ballot (SC52) is in discussion phase and should be wrapping up soon. Profiles ballot: Tim said they are discussing how to set the effective date simply and cleanly without making 2 versions of the certificate profile section. Will discuss again next week.

6. NetSec Subcommittee Update

Clint Wilson said they roughed out approach for draft ballot for what NetSec would look like as a working group. Need to define how ballots work and how would this WG interact with other Working Groups. They looked at action items from F2F discussions and reviewed open ballots. It was a short meeting but made progress on the idea of working group level NetSec group. Ben Wilson said that the draft charter is on Google Docs. Looking for ideas for where to post for wider review. Jos Purvis said there are a few options. Share the Google doc link to list, or put on wiki and share it? Ben: Could share on public forum level Jos: Yes, let’s seek wider group review and see what’s the plan and approach. We be chartering as new WG at forum level. Ben: Inclined to share with public list to get more input.

7. Ballot Status

Ballots in Discussion Period

None

Ballots in Voting Period

None

Ballots in Review Period

None

Draft Ballots Under Consideration

  • SC50. Clint Wilson said that this takes Section 4.1.1 of the BRs and replaces it with “no stipulation”. It’s about suspicious certificate requests and requires CAs to maintain a database of suspicious certificate requests but there is no rule for how CAs are to process and use that data. This removes that requirement to keep a database. CAs can continue to do something with them if they want. Plan to start discussion period today.
  • Ballot SCXX: Debian Weak Keys (Chris) Chris Kemmerer said he is grateful for all the discussion. He’s pretty sure that the discussion will result in original language will be what’s used with a bit of clarification. This will be early next week then look for endorsers and assignment of ballot number.
  • Ballot SC34 Account Management (Tobi) Clint said he thought this ballot was withdrawn then Tobi Josefowitz said yes, it has been withdrawn and the wiki has been updated.

8. Any Other Business

Jos to take care of interested party request from guest speaker

9. Next call

November 11th, 2021 at 11AM Eastern. Note that daylight savings kicks in for the US before this meeting so there is a time change for those that do not change their clocks on this date. Adjourn; Immediately convene meeting of CA Browser Forum (same call)

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).