2022-04-28 Minutes of the Server Certificate Working Group
Attendees
Adam Jones (Microsoft), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Hogeun Yoo (NAVER Cloud), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Nargis Mannan (SecureTrust), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Thomas Zermeno (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services)
Minutes
1. Read Antitrust Statement
Jos Purvis read the antitrust statement.
2. Roll Call
Dean Coclin read the roll.
3. Review Agenda
Jos noted that a ballot item from Google was added. No other changes were made to the agenda.
4. Approval of Minutes from Last Teleconference
The minutes from the 14-April call were approved without changes.
5. Validation Subcommittee Update
Corey Bonnell said that the subcommittee met last Thursday and discussed the transition to a version of the BRs updated with new certificate profiles. One alternative that had been considered was creating a version of the BRs that permits use of both old and new profiles during a transition period. However, it was agreed to instead completely replace the old profiles with new and to specify effective dates for each specific requirement that is changed. Second, the subcommittee reviewed Ryan Sleevi’s supplemental documentation that is intended to explain the reasoning behind decisions that might not be obvious to CAs who are implementing the certificate profiles.
6. Ballot Status
Ballots in Discussion Period
None
Ballots in Voting Period
None
Ballots in Review Period
None
Draft Ballots Under Consideration
Chris Kemmerer said that he is still looking for feedback on Martijn Katerbarg’s suggestion to add a requirement to check for the Close Primes vulnerability.
David Kluge said that he would like to encourage members to review the document that was posted to the NetSec list and provide feedback. Simply updating the OCSP availability requirement from 24×7 was considered, but the approach that is currently being proposed is for CAs to disclose their service level targets in their CP/CPS.
Jos said that we would like to encourage discussion on the mailing list. David said that he would resend the proposal to the list.
Trevoli Ponds-White encouraged CAs to review the proposal with their engineering teams and to specifically consider if time duration is the best way to measure this, and if the responses have to be correct. Trev said that Amazon Principal Engineers are reviewing and will provide feedback.
7. Any Other Business
None
8. Next call: 12-May 2022 at 11AM Eastern
Adjourn; Immediately convene meeting of CA Browser Forum (same call)