2023-10-26 Minutes of the Server Certificate Working Group
Attendance
Aaron Poulsen – (Amazon), Abhishek Bhat – (eMudhra), Adam Jones – (Microsoft), Andrea Holland – (VikingCloud), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Brittany Randall – (GoDaddy), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Eva Vansteenberge – (GlobalSign), Inaba Atsushi – (GlobalSign), Janet Hines – (VikingCloud), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Nicol So – (CommScope), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies Inc), Scott Rea – (eMudhra), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wendy Brown – (US Federal PKI Management Authority), Yoshihiko Matsuo – (Japan Registry Services).
Agenda
Kiran Tummala (Microsoft led the meeting)
- Roll Call and Begin Recording (* not needed)
- Read Note-well (* not needed)
- Review Agenda
- No changes were made to the agenda
- Minutes:
- 31 August – no objections, approved
- Face-to-Face – not circulated
- Membership:
- None
- Issues/topics to discuss
- Revised SCWG charter – requested all to review and distribute comments to the list.
- Martin (Sectigo) proposal to change some logging requirements in BRs – looking for additional feedback
- Clint Wilson noted that this would replace a broad requirement with a specific constrained list on what needs to be logged. Two sides: create a strict list of what must be logged (inclusion list) or create a list of what does NOT need to be logged (exclusion list). Discussion was had here and will continue.
- Potentially move language to the NSCRs in the future
- Ballot Status – see list below
- Any Other Business
- Next call: December 07, 2023
- Adjourn 11:01 am CPT
CURRENT STATUS OF BALLOTS
- Passed
- None
- Failed
- None
- Voting Period
- None
- Discussion Period
- SC66 – Clean-up ballot
- Review Period
- None
- Draft / Under Consideration
- SCXX – SLO/Response for CRL & OCSP Responses – David Kluge (Google) / Clint Wilson (Apple): on hold
- Clint suggested to remove this ballot since the ballot to make OCSP optional was moved into the BRs. Ben agreed to drop it.
- SCXX – Profiles cleanup ballot
- SC-067 – Applicant, Subscriber and Subscriber Agreements – Ben Wilson (Mozilla) / Dustin Hollenback (Microsoft) https://github.com/cabforum/servercert/compare/90a98dc7c1131eaab01af411968aa7330d315b9b…9eebd9949810f698edd5087235acaf16e04ead21
- Distributed 10/26/2023 for feedback – one response so far
- Definitions of Applicant and Applicant Representative
- Changes being discussed yet (specifically looking at lines 276-279)
- SC65 – EVGs in RFC 3647 format
- SCXX – SLO/Response for CRL & OCSP Responses – David Kluge (Google) / Clint Wilson (Apple): on hold