Server Certificate Working Group Meeting
July 6, 2023
Iñigo: For the attendance, Rich Smith of Digicert and Daryn of GoDaddy joined the call.
Abdul Hakeem Putra – (MSC Trustgate Sdn Bhd), Abhishek Bhat – (eMudhra), Adam Jones – (Microsoft), Andrea Holland – (VikingCloud), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Chris Clements – (Google), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Dustin Hollenback – (Microsoft), Enrico Entschew – (D-TRUST), Eva Vansteenberge – (GlobalSign), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Jos Purvis – (Fastly), Keshava Nagaraju – (eMudhra), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Nicol So – (CommScope), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), RIch Smith – (DigiCert), Rollin Yu – (TrustAsia Technologies, Inc.), Roman Fischer – (SwissSign), Ryan Dickson – (Google), Scott Rea – (eMudhra), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wayne Thayer – (Fastly), Yashwanth TM – (eMudhra)
Read Antitrust Statement
Iñigo: Read during the forum call part
Iñigo: Agenda approved
- 22 June: circulated
Iñigo: Minutes approved.
- F2F: not ready yet
Iñigo: Sent out this morning. The validation SC minutes were also sent out this week. Will be approved in 2 weeks during the next call. And then published in the website.
- No new applications
Iñigo: no new applications in these 2 weeks
Issues to discuss
- Label GitHub open tickets
Iñigo: We have about 70ish open issues in GitHub and would like to ask to their owners to label those that are not yet labelled in order to get them organized. We´d like to have a clean up ballot in the fall and will use those labelled as “clean-up” to recognize easily and then work on those specific ones and therefore not reviewing the others. With that, we´ll create the clean-up ballot and also will reduce the number of open issues in GitHub.
Ben: that´s good. To have the issues labelled. Need to go through and look and see what´s marked as clean up.
Iñigo: But I´m asking the owners to review and label accordingly. Once done, start on the ballot. I asked Corey in the past F2F to work on this possible cleanup ballot.
Ben: How do you want to label backburner? Those with very low priority.
Trev: we just want to keep them as reminder
Iñigo: yes, we´ll focus on those labelled as cleanup. For the others, you can label generic.
Ben: Ok, we can sort and choose the cleanup label and for the others I´ll sort of.
Iñigo: yes, correct.
Trev: I have not clear for what you said. Some are labelled, and Corey and you and someone are going to make a clean up ballot
Iñigo: yes, that´s the idea
Trev: So, you´re making a clean up ballot and you´re just saying that someone is making a clean up ballot
Iñigo: Well, we´re preparing the ballot but I´m not saying that I´ll be the owner or proposer of the ballot, but yes, we can also make the proposal.
Trev: you need to figure out an owner of the cleanup ballot and then for the issues not labelled you want this person to open and label them?
Iñigo: the owners of the open issues need to check their own issues and label accordingly those that are not labelled. I´m not going to do it but the owners. Those labelled as validation for example is ok.
Trev: so owners like Ryan, Clint, Tim, Dimitris, Aaron, Stephen, … are you going to email people or are you just telling them in this call?
Iñigo: I emailed some of this people time ago to review their open tickets, open issues because some were fixed and need to be removed, etc. For example, Tim told me that he was going to review his open tickets
Trev: Are you giving a due date to do this?
Iñigo: No, I´d like to have this done asap and to have it ready for the fall to work on that cleanup ballot. Maybe by the end of September. It´s not needed to do it this week, we´re in summer holidays, so when people have time.
Trev: are you taking ownership of those? Items that were opened in the past by people that are not in the group. Are you going to assign them into someone else? How about those belonging to Ryan Sleevi?
Iñigo: I asked Ryan Dickson to take the ownership as they are from Google.
Trev: Thanks Ryan. Ok, if that´s enough of a label, then that´s great. I don´t think I have any other question, that was ok. Thank you.
Ballot Status – see list below
Iñigo: Regarding ballots, both ongoing have finished the discussion period. I´d like to ask the promoters what´s next step.
Tom: yes, we´ve discussed and put a lot of effort in the ballot and want to wrap it up. If changes come later that may be something we can further discuss. So, yes, we´re moving to voting
Ryan: Yes, the voting period will begin in 15 minutes. I´ll send out an email.
Any Other Business
Iñigo: Paul sent a link with the presentation gave in the F2F that have gone to the IETF for discussion.
Paul: Review the proposal, provide feedback and maybe express your support if you like the idea. I think this is key for an opportunity to move to shorter certificates validity. The proposal is based on the CAA record, and also contains some guidance for establishing an account binding, etc. I just wanted to share with the working group because I think it´s important for everyone here on the call. Your feedback is really appreciated. Thank you.
Next call: 20 July
CURRENT STATUS OF BALLOTS
- Voting Period
- Discussion Period
- SC63 – Make OCSP optional, require CRLs. Finished on the 29/6
- SC59 – Weak Keys. Finishes today 3/7
- Review Period
- Draft / Under Consideration
- SCXX – SLO/Response for CRL & OCSP Responses – David Kluge (Google) / Clint Wilson (Apple): on hold
- SCXX – Clean-up ballot