CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-01-04 Minutes of the Server Certificate Working Group

2024-01-04 Minutes of the Server Certificate Working Group

Attendance

Aaron Gable - (Let’s Encrypt), Adam Jones - (Microsoft), Andrea Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Cade Cairns - (Google), Chris Clements - (Google), Christophe Bonjean - (GlobalSign), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), David Kluge - (Google), Dean Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Enrico Entschew - (D-TRUST), Inaba Atsushi - (GlobalSign), Johnny Reading - (GoDaddy), Karina Sirota - (Microsoft), Kiran Tummala - (Microsoft), Lucy Buecking - (IdenTrust), Lynn Jeun - (Visa), Mads Henriksveen - (Buypass AS), Marcelo Silva - (Visa), Marco Schambach - (IdenTrust), Mark Nelson - (IdenTrust), Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Mrugesh Chandarana - (IdenTrust), Nargis Mannan - (VikingCloud), Nicol So - (CommScope), Nome Huang - (TrustAsia), Paul van Brouwershaven - (Entrust), Peter Miskovic - (Disig), Rebecca Kelley - (Apple), Rollin Yu - (TrustAsia), Roman Fischer - (SwissSign), Scott Rea - (eMudhra), Stephen Davidson - (DigiCert), Steven Deitte - (GoDaddy), Tadahiko Ito - (SECOM Trust Systems), Thomas Zermeno - (SSL.com), Tim Hollebeek - (DigiCert), Trevoli Ponds-White - (Amazon), Wayne Thayer - (Fastly), Wendy Brown - (US Federal PKI Management Authority), Yoshihiko Matsuo - (Japan Registry Services).

TLS Topic - Delegated 3rd Party Definition

Discussion highlighted a recurring misunderstanding or misinterpretation of the delegated 3rd party definition within the TLS context.

Numerous incidents were recalled, particularly those involving the utilization of 3rd party APIs for querying WHOIS databases and, more recently, employing a delegated DNS resolver in the domain validation process.

Reference to specific sections (3.4 and 3.5) in the domain validation documentation raised concerns regarding the delegated 3rd party function.

Suggested that this matter requires focused attention with clear and specific language, recommending it as a task for the validation subcommittee.

Consensus reached on the importance of addressing this issue and breaking down the scope of discussions, starting with domain validation and subsequently moving on to other relevant areas within the infrastructure.

Clean up Ballot

The Clean Up Ballot topic IPR phase concluded at the end of the last month, signaling readiness for the ballot to be merged.

Emphasis on the quick resolution of the Clean Up Ballot, indicating that it can be merged at any time.

Acknowledgement that the responsibility for merging the ballot lies with SCWG chairs , who is expected to handle the process.

Standardization of Time Units in Baseline Requirements

Aaron raised a new topic addressing the standardization of time units within the Baseline Requirements.

Proposes the inclusion of a general statement specifying the duration of an hour and a day in terms of seconds, ensuring uniformity across the entire Baseline Requirements document.

Forum recalls a previous discussion on a similar topic, noting that the idea had been previously considered and rejected for specific reasons.

Aaron expressed a need to revisit the decision and engage in a fresh discussion, seeking input from the team on whether standardizing time units in this manner is now deemed beneficial.

Next call is January 18, 2024. Meeting adjourned.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).