CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-03-17 Minutes of the Server Certificate Working Group

2022-03-17 Minutes of the Server Certificate Working Group

Attendees

Adam Jones (Microsoft), Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Ward (SSL.com), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Hogeun Yoo (NAVER), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Karina Sirota (Microsoft), Kati Davids (GoDaddy), Khairil Nizam Abdul Malek (MSC Trustgate Sdn Bhd), Kiran Tummala (Microsoft), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Roll Call

Stephen read the roll.

3. Review Agenda

No changes were made to the agenda.

4. Approval of Minutes from Last Teleconference

The last meeting was at the March F2F, so there are no meeting minutes to approve.

Jos said that the minutes from the last face-to-face are ready for review except for one session, so please review them and we will approve this portion of the F2F meeting minutes during our next call.

5. Validation Subcommittee Update

Corey provided a summary of the last call. It was a brief call where we discussed 2 topics

  1. The Profile ballot work is currently being done in one person’s GitHub repo and we discussed if we should move this to allow edits to be made more freely.

  2. We discussed changes to the EV Enterprise RA wording and also the “3-second” rule for CRL downloads. For those that want more information, please see the draft notes for this meeting send out by Doug.

6. NetSec Subcommittee Update

Clint said there was not much to report and that the NetSec transition is about complete.

7. Ballot Status

Ballots in Discussion Period

None

Ballots in Voting Period

  • Ballot SC-54 v2: Onion Cleanup

Ballots in Review Period

  • Ballot SC51 – Reduce and Clarify Log and Records Archival Retention Requirements
  • Ballot SC53 – Sunset for SHA-1 OCSP Signing
  • Chris Kemmerer noted that there was renewed interest in the Debian weak key ballot at the F2F, so in the next couple of weeks he will be bringing that back as a new ballot.

8. Any Other Business

None

9. Next call: March 31, 2022 at 11AM Eastern

Adjourn; Immediately convene meeting of CA Browser Forum (same call)

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).