CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-02-17 Minutes of the Server Certificate Working Group

2022-02-17 Minutes of the Server Certificate Working Group

Attendees

Attendees: Adam Jones (Microsoft), Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Inaba Atsushi (GlobalSign), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Renne Rodriguez (Apple), Ryan Dickson (Google), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Roll Call

Dean Coclin read the roll.

3. Review Agenda

No changes were made to the agenda.

4. Approval of Minutes from Last Teleconference

The minutes from the 3-February call were approved without changes.

5. Review of Face-to-Face presentation and feedback

Jos said that he has the following items listed as significant Server Certificate WG accomplishments from last year:

  • Completed migration of documents to GitHub and automated publishing process
  • Transfer of NetSec subcommittee responsibilities to the new working group

Looking at significant ballots, back in Feb 2021 ballot SC42 changed the validation data reuse period to 398 days.

For the coming year, Jos said that he would like to continue the process of simplifying and clarifying our documents. We will finish transferring the NetSec work to that WG and need to determine how we’ll incorporate the NCSSRs into SCWG requirements. Making GitHub the source of truth for ballots, and integrating GitHub into the documentation publishing process is also a priority.

Bruce Morton said that the EV guidelines are not in RFC 3647 format and it would be nice for that to be aligned.

Jos said that another minor item to address is that the EV guidelines have some formatting differences from the BRs.

Wayne said that he’d like to see the new certificate profiles adopted. Doug Beattie and Corey Bonnell agreed.

Jos said that he would present these items at the face-to-face next week.

7. Ballot Status

Ballots in Discussion Period

  • SC51 – Reduce & Clarify Audit Log and Records Archival Retention Requirements

Clint said that he is planning to begin voting tomorrow.

Ballots in Voting Period

  • None

Ballots in Review Period

  • Ballot SC53: Sunset for SHA-1 OCSP Signing – please review

Draft Ballots Under Consideration

  • None

8. Any Other Business

None

9. Next call: After Face-to-face meeting 55

Adjourn; Immediately convene meeting of CA Browser Forum (same call)

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).