CA/Browser Forum
Home » Posts » 2024-01-04 Minutes of the Server Certificate Working Group

2024-01-04 Minutes of the Server Certificate Working Group


Aaron Gable - (Let’s Encrypt), Adam Jones - (Microsoft), Andrea Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Cade Cairns - (Google), Chris Clements - (Google), Christophe Bonjean - (GlobalSign), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), David Kluge - (Google), Dean Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Enrico Entschew - (D-TRUST), Inaba Atsushi - (GlobalSign), Johnny Reading - (GoDaddy), Karina Sirota - (Microsoft), Kiran Tummala - (Microsoft), Lucy Buecking - (IdenTrust), Lynn Jeun - (Visa), Mads Henriksveen - (Buypass AS), Marcelo Silva - (Visa), Marco Schambach - (IdenTrust), Mark Nelson - (IdenTrust), Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Mrugesh Chandarana - (IdenTrust), Nargis Mannan - (VikingCloud), Nicol So - (CommScope), Nome Huang - (TrustAsia), Paul van Brouwershaven - (Entrust), Peter Miskovic - (Disig), Rebecca Kelley - (Apple), Rollin Yu - (TrustAsia), Roman Fischer - (SwissSign), Scott Rea - (eMudhra), Stephen Davidson - (DigiCert), Steven Deitte - (GoDaddy), Tadahiko Ito - (SECOM Trust Systems), Thomas Zermeno - (, Tim Hollebeek - (DigiCert), Trevoli Ponds-White - (Amazon), Wayne Thayer - (Fastly), Wendy Brown - (US Federal PKI Management Authority), Yoshihiko Matsuo - (Japan Registry Services).

TLS Topic - Delegated 3rd Party Definition

Discussion highlighted a recurring misunderstanding or misinterpretation of the delegated 3rd party definition within the TLS context.

Numerous incidents were recalled, particularly those involving the utilization of 3rd party APIs for querying WHOIS databases and, more recently, employing a delegated DNS resolver in the domain validation process.

Reference to specific sections (3.4 and 3.5) in the domain validation documentation raised concerns regarding the delegated 3rd party function.

Suggested that this matter requires focused attention with clear and specific language, recommending it as a task for the validation subcommittee.

Consensus reached on the importance of addressing this issue and breaking down the scope of discussions, starting with domain validation and subsequently moving on to other relevant areas within the infrastructure.

Clean up Ballot

The Clean Up Ballot topic IPR phase concluded at the end of the last month, signaling readiness for the ballot to be merged.

Emphasis on the quick resolution of the Clean Up Ballot, indicating that it can be merged at any time.

Acknowledgement that the responsibility for merging the ballot lies with SCWG chairs , who is expected to handle the process.

Standardization of Time Units in Baseline Requirements

Aaron raised a new topic addressing the standardization of time units within the Baseline Requirements.

Proposes the inclusion of a general statement specifying the duration of an hour and a day in terms of seconds, ensuring uniformity across the entire Baseline Requirements document.

Forum recalls a previous discussion on a similar topic, noting that the idea had been previously considered and rejected for specific reasons.

Aaron expressed a need to revisit the decision and engage in a fresh discussion, seeking input from the team on whether standardizing time units in this manner is now deemed beneficial.

Next call is January 18, 2024. Meeting adjourned.

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).