CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-01-06 Minutes of the Server Certificate Working Group

2022-01-06 Minutes of the Server Certificate Working Group

Attendees

Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumihiko Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Israr Ahmed (E-tugra), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijayakumar (Vijay), Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Roll Call

Jos read the roll.

3. Review Agenda

No changes were made to the agenda.

4. Approval of Minutes from Last Teleconference

The minutes from the 9-December call were approved without changes.

The minutes for Face-to-Face meeting 54 as posted on the wiki were approved without changes.

5. Validation Subcommittee Update

Tim Hollebeek said that there was no meeting over the holidays so there was no update.

6. NetSec Subcommittee Update

Clint Wilson said that the subcommittee met on Tuesday and is working on transitioning to the new working group. Some items in progress stay with the Server Certificate WG and others will transition to the new WG. The risk assessment is ongoing. There is also a small ballot to update a definition in the drafting stage. The subcommittee will continue to meet until the WG commences.

Wayne Thayer asked when the WG would begin to operate. Dean Coclin said that January 15th is set as that date. Wayne mentioned that everyone who wishes to participate should send an email declaring their participation before then.

7. Ballot Status

Ballots in Discussion Period

  • Ballot SC52 version 2: Specify CRL Validity Intervals in Seconds (Tim)

Tim said the ballot has expired and a new ballot number will need to be assigned and another discussion period started.

Tim suggested that we extend the 3-week expiration for discussion periods the next time we update the bylaws. Jos suggested adding a pause button. Tim said that the purpose is to avoid having “dead” ballots, but that 90 days seems like a more reasonable limit. Tim said that he would add this to the issues list on GitHub.

Ballots in Voting Period

None

Ballots in Review Period

  • Ballot SC50: Remove the Requirements of Section 4.1.1

Jos said that the review period for this ballot had ended.

Draft Ballots Under Consideration

  • Ballot SC53: Sunset for SHA-1 OCSP Signing

Corey Bonnell said that he circulated a proposed ballot on the list prior to the holidays. Two members agreed to endorse and a ballot number has been assigned. Corey plans to begin discussion next week.

8. Any Other Business

None

9. Next call: January 20th, 2022 at 11AM Eastern

Adjourn; Immediately convene meeting of CA Browser Forum (same call)

Latest releases
Server Certificate Requirements
SC-084: DNS Labeled With ACME Account ID Challenge (#566) - Mar 13, 2025

BRs release version 2.1.4

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Minutes Server Certificates
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).