CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-07-07 Minutes of the Server Certificate Working Group

2022-07-07 Minutes of the Server Certificate Working Group

Attendees

Aaron Poulsen (Amazon), Adam Jones (Microsoft), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Vijay Kumar (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Review Agenda

No changes were made to the agenda.

3. Approval of Minutes from Last Teleconference

The minutes from the 23-June call were approved with the inclusion of the clarification related to delegated third parties that was requested by Dimitris Zacharopoulos on the mailing list.

Warsaw face-to-face minutes have been published to the wiki. Attendance still needs to be added. Please review the content so that we can approve at the next meeting.

4. Roll Call

Dean Coclin read the roll.

5. Validation Subcommittee Update

Corey Bonnell said that the subcommittee met last Thursday and discussed a path forward for the certificate profiles draft ballot. It was decided to move the ballot draft into the cabforum/servercert repo on GitHub. Then they discussed the improved Pandoc tooling for tables that Ryan Sleevi created in support of the profiles ballot. It will be merged into main. Finally, the subcommittee is gathering up work items discussed at the face-to-face and will be looking for volunteers to shepherd those once the profiles ballot has been moved to the cabforum repo.

6. Ballot Status

Ballots in Discussion Period

  • None

Ballots in Voting Period

  • None

Ballots in Review Period

  • None

Draft Ballots Under Consideration

  • Revival of Debian Weak Keys

Chris Kemmerer said that he sent a detailed review of the question regarding linking to external resources to the mailing list. There are links to external resources in the current doc, but we need to determine how we will vet links that we want to add. Chris asked for further input from members.

  • SLO/Response for CRL & OCSP Responses

David Kluge was not on the call and there were no updates from others.

7. Any Other Business

  • Membership application – Fastly

Jos said that Fastly submitted all the paperwork. Jos will not comment as he is now a Fastly employee. Dean said that we have all their information and they previously submitted their IPR agreement. Dean said that Fastly originally submitted a website run by them, but then resubmitted a URL for a different website. Dean noted that the application stated that Fastly certificates are recognized by Firefox Nightly. Clint Wilson noted that Apple has also approved Fastly’s root inclusion request. There were no objections and Fastly’s application was approved.

8. Next call: 21 July 2022 at 11AM Eastern

Adjourn; Immediately convene meeting of CA Browser Forum (same call)

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).