CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-07-07 Minutes of the Server Certificate Working Group

2022-07-07 Minutes of the Server Certificate Working Group

Attendees

Aaron Poulsen (Amazon), Adam Jones (Microsoft), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Vijay Kumar (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Review Agenda

No changes were made to the agenda.

3. Approval of Minutes from Last Teleconference

The minutes from the 23-June call were approved with the inclusion of the clarification related to delegated third parties that was requested by Dimitris Zacharopoulos on the mailing list.

Warsaw face-to-face minutes have been published to the wiki. Attendance still needs to be added. Please review the content so that we can approve at the next meeting.

4. Roll Call

Dean Coclin read the roll.

5. Validation Subcommittee Update

Corey Bonnell said that the subcommittee met last Thursday and discussed a path forward for the certificate profiles draft ballot. It was decided to move the ballot draft into the cabforum/servercert repo on GitHub. Then they discussed the improved Pandoc tooling for tables that Ryan Sleevi created in support of the profiles ballot. It will be merged into main. Finally, the subcommittee is gathering up work items discussed at the face-to-face and will be looking for volunteers to shepherd those once the profiles ballot has been moved to the cabforum repo.

6. Ballot Status

Ballots in Discussion Period

  • None

Ballots in Voting Period

  • None

Ballots in Review Period

  • None

Draft Ballots Under Consideration

  • Revival of Debian Weak Keys

Chris Kemmerer said that he sent a detailed review of the question regarding linking to external resources to the mailing list. There are links to external resources in the current doc, but we need to determine how we will vet links that we want to add. Chris asked for further input from members.

  • SLO/Response for CRL & OCSP Responses

David Kluge was not on the call and there were no updates from others.

7. Any Other Business

  • Membership application – Fastly

Jos said that Fastly submitted all the paperwork. Jos will not comment as he is now a Fastly employee. Dean said that we have all their information and they previously submitted their IPR agreement. Dean said that Fastly originally submitted a website run by them, but then resubmitted a URL for a different website. Dean noted that the application stated that Fastly certificates are recognized by Firefox Nightly. Clint Wilson noted that Apple has also approved Fastly’s root inclusion request. There were no objections and Fastly’s application was approved.

8. Next call: 21 July 2022 at 11AM Eastern

Adjourn; Immediately convene meeting of CA Browser Forum (same call)

Latest releases
Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).