CA/Browser Forum
Home » All CA/Browser Forum Posts » 2023-05-11 Minutes of the Server Certificate Working Group

2023-05-11 Minutes of the Server Certificate Working Group

Server Certificate Working Group Meeting May 11, 2023

  1. Roll Call: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Bruce Morton – (Entrust), Chris Clements – (Google), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), RIch Smith – (DigiCert), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)
  2. Read Antitrust Statement (* not needed since read in earlier meeting)
  3. Review Agenda: No changes.
  4. Minutes: 30 March minutes approved. 27 April: not yet circulated
  5. Certificate consumers moratorium ballot proposed by Ben Wilson: looking for another endorser. Ben clarified that the moratorium would be temporary, depending on how quickly the Forum could revise rules for membership.
  6. Memberships:
    • Yahoo as Interested Party – approved
      • CommScope – still pending IPR signature
      • QikFox – IPR signature is valid. However, this issue relates to the moratorium ballot. Dimitris proposed to approve as Certificate Consumer member, since no moratorium is currently in place. Ben stated Mozilla’s dissent on this and doesn’t plan on asking for a vote. Tim said that if anyone objects, they should propose a ballot for membership. Toby wasn’t convinced that there was consensus. Clint also logged his dissent to the consensus. Bruce asked if we could wait for Ben’s moratorium ballot to pass. Tim said that the applicant has a right to hear back soon. Ryan Dickson said it makes more sense to wait. Paul thought it wasn’t fair to make them wait for the ballot to pass which could take several weeks. Tim agreed, and said there is no precedent in the bylaws for delaying. Dimitris agreed. Daryn said the bylaws don’t have a provision for cases where there is a dissent but don’t call for a vote. Clint stated that he hasn’t been able to confirm that the applicant is actually a browser, as it appears payment is required to use it. Could a test copy or license be provided? Ben said that’s probably not needed as he confirmed that it is in fact a browser. Jos suggested that those not part of the consensus “stand aside”, meaning that the group has settled on a consensus you do not agree with but you are not willing to impede their progress. Martijn also suggested the term “abstain”. Ben said he stands aside. Time ran out for further discussion and the item was tabled to the next meeting.
      • Logius – membership change, to be removed from SCWG as full member, change to Interested Party. But wants to be added to S/MIME, which will need to be approved by that group. Discussion as to whether they need to re-sign IPR. Tim suggested we table removing them from SCWG until they have been accepted in S/MIME WG. Dimitris said we don’t need to wait. Jos suggested we put this back on the agenda for the next meeting for administrative reasons. Inigo asked that how would we know about other root status’ if others like Logius didn’t’ contact us? Dimitris said they have self declared their change in status. The bylaws allow for challenges and it’s up to members to do so.

Next call: 25 May

Adjourn

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).