CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-03-31 Minutes of the Server Certificate Working Group

2022-03-31 Minutes of the Server Certificate Working Group

Attendees

Adam Jones (Microsoft), Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Ben Wilson (Mozilla), Brian Keogh (Microsoft), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Hogeun Yoo (NAVER Cloud), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Miguel Sanchez (Google), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Ryan Dickson (Google), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Roll Call

Dean Coclin read the roll.

3. Review Agenda

No changes were made to the agenda.

4. Approval of Minutes from Last Teleconference

The minutes from the 17-March call were approved without changes.

Jos said that the minutes from the last face-to-face meeting are complete and asked if members are ready to approve. The minutes were approved as documented on the wiki.

5. Validation Subcommittee Update

Corey Bonnell said that the subcommittee met last Thursday and covered two topics. The first was next steps on certificate profiles. The profiles ballot will continue to reside and be discussed in Ryan Sleevi’s GitHub repository. Please submit comments and PRs there. Corey took an action to review recent discussions about the ballot on the list and ensure that conclusions from those discussions are captured in the current ballot language.

Second, the decision was made to proceed with moving issues from Trello to GitHub. Corey sent a document proposing which issues to move to GitHub, and it was agreed to accept his proposal. Corey created the new issues in GitHub this morning.

6. Ballot Status

Ballots in Discussion Period

None

Ballots in Voting Period

None

Ballots in Review Period

  • Ballot SC51: Reduce & Clarify Audit Log and Records Archival Retention Requirements – please review

Draft Ballots Under Consideration

  • Debian Weak Keys An updated proposal was posted to the list this morning. Chris Kemmerer said that one change proposed by Corey was made. Clint Wilson said that he had provided some feedback and asked if it had been considered. Chris said that many points were raised and answered. He asked Clint to look at the ballot and raise any issues that he feels are not addressed on the list. Bruce Morton asked if there should be an effective date in the ballot. Chris suggested that Bruce also raise the question on the list.

8. Any Other Business

None

9. Next call: 14-April 2022 at 11AM Eastern

Adjourn; Immediately convene meeting of CA Browser Forum (same call)

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).