CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-03-28 Minutes of the Server Certificate Working Group

2024-03-28 Minutes of the Server Certificate Working Group

Attendance

Aaron Gable - (ISRG), Aaron Poulsen - (Amazon), Abhishek Bhat - (eMudhra), Adam Jones - (Microsoft), Adrian Mueller - (SwissSign), Alvin Wang – (SHECA), Andreas Henschel – (D-Trust), Adriano Santoni (Actalis), Antti Backman - (Telia Company), Atsushi Inaba - (GlobalSign), Ben Wilson – (Mozilla), Brianca Martin - (Amazon), Bruce Morton - (Entrust), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), Dean Coclin - (DigiCert), Dong Wha Shin - (MOIS), Jaime Hablutzel - (OISTE Foundation), Jay Wilson - (Sectigo), Johnny Reading - (GoDaddy), Jos Purvis - (Fastly), Karina Sirota - (Microsoft), Keshava Nagaraju - (eMudhra), Klran Tummala - (Microsoft), Luis Cervantes – (GoDaddy), Lynn Jeun - (VisaMarco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Michael Slaughter – (Amazon), Miguel Sanchez - (Google), Nargis Mannan - (VikingCloud), Nate Smith - (GoDaddy), Naveen Kumar - (eMudhra), Nicol So - (CommScope), Nome Huang – (TrustAsia), Paul Van Brouwershaven – (Entrust), Rich Kapushinski – (CommScope), Rich Smith - (DigiCert), Sandy Balzer - (SwissSign), Scott Rea – (eMudhra), Stephen Davidson - (DigiCert), Tathan Thacker - (IdenTrust), Thomas Zermeno - (SSL.com), Trevoli Ponds-White - (Amazon), Wayne Thayer - (Fastly), Wendy Brown - (US Federal PKI Management Authority), Yashwanth TM - (eMudhra), Yoshihiko Matsuo - (Japan Registry Services).

Roll Call

Roll call read.

Read Antitrust Statement

The note-well was read by Paul.

Review Agenda

Agenda approved.

Approval of minutes

a) Minutes from the February 15, 2024 Teleconference

  • The minutes has not been circulated yet.

b) Minutes from the February 27, 2024 F2F meeting(minutes were distributed 2024-03-06)

  • The minutes were approved.

c) Minutes from the March 14, 2024 Teleconference (minutes were distributed 2024-03-15)

  • The minute were approved.

Membership

None.

Discussion

Ballots discussion.

Current status of ballots

a) Ballot SC70: Clarify the use of DTPs for Domain Control Validation

  • During the review period one member has files an exclusion notice according to Article 2.4, and the results of the initial vote are rescinded and deemed null and void.
  • Ben Wilson started the process of forming a patent advisory group and he is collecting names and email addresses of those interested in participating.
  • The membership criteria for the Patent Advisory Group (PAG) is unclear, specifically in relation to sections 7.1 and 7.2 of the IPR policy. Aaron said PAG in section 7.2 of IPR Policy doesn’t have an entry for the exclusion notice, and we should revise the IPR Policy.
  • There was discussion about clarifying the use of domain validation and the need for GoDaddy’s involvement in understanding the exact patent claims.
  • Theres was a discussion about time limits for filing exclusion notices and how it interacts with membership periods. Nicol raises a question about the clarification of substantive requirements and its interaction with the time window for filing exclusion notices. Ben acknowledges the point and suggests further examination of the situation. Aaron highlighted a concern about unclear interactions between exclusion notices and existing guidelines.

b) SC72 voting period ends on April 1st, 24.

  • There was a discussion about whether votes on the discussion period should be considered valid, with some members suggesting that as long as the vote is clear and during the voting period, it should be accepted.

c) SC67 discussion period ends April 17th, 24.

  • No comments

d) Review Period - Compromised/weak keys

  • There was a suggestion to remove language regarding Debian weak keys and have a third party submit all weak keys to certificate problem reporting addresses.
  • Wayne said he will change current requirement, add the additional weak key requirements and move forward as a ballot.

Draft / Under Consideration

  • SCXX – Profiles cleanup ballot
  • SC71 – Subscriber agreement and terms of use consolidation
  • SCXX – Measure all hours and days to the second
  • SC73 – Introduce linting in the TLS BRs
  • SC74 – Clarify CP/CPS structure according to RFC 3647

Any Other Business

None

Next call

Next call: 11 April at 11:00 am Eastern Time

Meeting adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).