CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-02-03 Minutes of the Server Certificate Working Group

2022-02-03 Minutes of the Server Certificate Working Group

Attendees

Adam Jones (Microsoft), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Clint Wilson (Apple), Corey Bonnell (Digicert), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Israel Ventura (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

1. Read Antitrust Statement

Dean Coclin read the antitrust statement.

2. Roll Call

Doug Beattie read the roll.

3. Review Agenda

No changes were made to the agenda.

4. Approval of Minutes from Last Teleconference

The minutes from the 20-January call were approved without changes.

5. Validation Subcommittee Update

Corey Bonnell said that the subcommittee met last Thursday. The first agenda item was determining an agenda for the upcoming face-to-face meeting. The group settled on a single agenda item: the non-TLS ICA profile. Corey said that he expects the discussion of this topic to take the full 2 hour time slot.

Then Paul van Brouwershaven presented his research findings on unicode in Subject attributes that he had posted to the Validation list. Next steps were discussed, and further discussion is planned for the next meeting.

Finally, Corey said that Ryan Sleevi presented some minor updates that he has made to the certificate profiles. Corey encouraged everyone to review those changes.

6. NetSec Subcommittee Update

Jos said that the subcommittee is transitioning to a working group. We’ll discuss the transition during this meeting, then the NetSec WG report will move to the Forum portion of the call.

Clint Wilson said that the ballot to formally adopt the NCSSRs is in its discussion period, with voting planned to start on Monday. The WG is running a doodle poll to determine if there is a better time to hold the meetings. Clint posted a link to the poll in the chat and asked members to vote for times that work for them. Clint also mentioned that David Kluge was elected as the vice-chair.

7. Ballot Status

Ballots in Discussion Period

Ballot SC51: Reduce and Clarify Audit Log and Records Archival Retention Requirements

Clint said this ballot came out of the NetSec subcommittee but only changes the BRs, so it is moving ahead in the SCWG. Clint needs to update the pull request and publish a new version of the ballot for further discussion.

Ballots in Voting Period

None

Ballots in Review Period

Ballot SC53: Sunset for SHA-1 OCSP Signing

Draft Ballots Under Consideration

None

8. Any Other Business

Jos said that a draft agenda for the upcoming F2F meeting is posted to the wiki. There are significant changes to the schedule, with a focus on more planning and review and fewer updates, with the intention of making the most of the collaboration. We are planning to have an update from each WG in which the chairs review last year’s accomplishments and plans for the coming year.

Dean said that they are looking for a short presentation – a few slides – on this subject from each WG chair.

Tim Hollebeek said that he had been doing this for the Validation SC and offered to share his slides from prior meetings as an example.

Dean mentioned that not all Browsers are currently on the agenda to present root program updates. Please let Dean know if slots need to be added for any other root programs.

Jos asked everyone to provide any ideas and feedback to him prior to the next call for things they would like the SCWG to accomplish in the coming year.

9. Next call: February 17th, 2022 at 11AM Eastern

Adjourn; Immediately convene meeting of CA Browser Forum (same call)

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).