CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-09-01 Minutes of the Server Certificate Working Group

2022-09-01 Minutes of the Server Certificate Working Group

Attendees

Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Jos Purvis (Fastly), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Minutes

1. Read Antitrust Statement

Jos Purvis read the antitrust statement.

2. Review Agenda

No changes were made to the agenda.

3. Approval of Minutes from Last Teleconference

The minutes from the 18-August call were approved without changes.

4. Validation Subcommittee Update

Corey Bonnell said that the subcommittee had a productive meeting last week. There were two main topics, first being the review of two PRs for the certificate profiles ballot: adding “Pending Prohibition” as a defined term, and setting an effective date for the changes. The second main topic was preliminary discussions on the relationship between Subscriber/Applicant and CA when they are the same entity. In the next meeting the plan is to review BR sections where the term Applicant is used to see what can be done to clarify these relationships.

5. Ballot Status

Ballots in Discussion Period

  • None

Ballots in Voting Period

  • None

Ballots in Review Period

  • None

Draft Ballots Under Consideration

  • Revival of Debian Weak Keys

Chris Kemmerer said that Roman from SwissSign asked a question that had been previously answered about the ballot language. Chris plans to repost the ballot along with a plea for endorsers. Further discussion can occur during the formal discussion period.

  • SLO/Response for CRL & OCSP Responses

Clint Wilson said that they are planning to survey CAs via CCADB and use the responses to shape the ballot. The survey will be crafted in an upcoming meeting.

6. Any Other Business

  • Election of Chair / Vice Chair

Jos said that he is not running for reelection. Please consider nominating someone!

Doug Beattie said that he will also not run for chair.

Jos reminded everyone that you should not nominate someone without first gaining their approval to do so.

  • Interested Party Membership Applications: Baker Tilly and NENA

Jos said that both IPR agreements have been submitted and we have confirmed the authority of the signers.

Dean Coclin said that both applications are in order. No objections were raised.

  • CRL revocation reason codes

Ben said that he had posted a ‘CRL revocation reason code’ ballot proposal to the list and has one endorser. He is seeking an additional endorser.

7. Roll Call

Dean Coclin read the roll.

8. Next call: 15-September 2022 at 11AM Eastern

Adjourn; Immediately convene meeting of CA Browser Forum (same call)

Latest releases
Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Minutes Server Certificates
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).