CA/Browser Forum
Home » Posts » 2024-06-20 Minutes of the Server Certificate Working Group

2024-06-20 Minutes of the Server Certificate Working Group

Attendance

Aaron Gable - (Let’s Encrypt), Aaron Poulsen - (Amazon), Adrian Mueller - (SwissSign), Adriano Santoni - (Actalis S.p.A.), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Bruce Morton - (Entrust), Chad Dandar - (Cisco Systems), Corey Rasmussen - (OATI), Dean Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Enrico Entschew - (D-TRUST), Inaba Atsushi - (GlobalSign), Jaime Hablutzel - (OISTE Foundation), Janet Hines - (VikingCloud), Jos Purvis - (Fastly), Kiran Tummala - (Microsoft), Llew Curran - (GoDaddy), Mads Henriksveen - (Buypass AS), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Miguel Sanchez - (Google), Naveen Kumar - (eMudhra), Nicol So - (CommScope), Nome Huang - (TrustAsia), Paul van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE Foundation), Rebecca Kelly - (SSL.com), Sandy Balzer - (SwissSign), Scott Rea - (eMudhra), Tathan Thacker - (IdenTrust), Thomas Zermeno - (SSL.com), Tim Hollebeek - (DigiCert), Tobias Josefowitz - (Opera Software AS), Tsung-Min Kuo - (Chunghwa Telecom), Wayne Thayer - (Fastly), Wendy Brown - (US Federal PKI Management Authority)

Roll Call

Inigo Barreira opened the meeting and started the roll call.

Read Antitrust Statement

Inigo read the Note-well.

Review Agenda

No additional topics were proposed.

Approval of minutes

  • Draft minutes from F2F #62 have been circulated for review.

  • Minutes from SCWG call June 6th circulated on June 7th were approved.

Membership

No new applications.

Discussion

GitHub open issues

  • GitHub´s open issues triage (10 issues per call min):
    • 417 – Amend BRs to Clarify Auditing of “Parked” CA Keys – Important to update section 6.1.1.1 and section 8 to cover audit. Ben will continue to work on this one, looking for support.
    • 420 – The title of the TLS BR should include a reference to TLS/serverAuth – Completed/Closed
    • 422 – Section 4.9.10: Untangle “assigned” vs “reserved” serials, precertificates, and OCSP – Not an urgent item. May need to update definitions to address the issue. Assigned to Tim H to be moved to Definitions and Glossary WG.
    • 423 - Remove specific version in the WebTrust reference in section 1.6.3 – Completed/Closed
    • 424 – RA definitions: Almost anything is an RA – Move to Definitions and Glossary WG
    • 428 – VG 9.2.8 is overly restrictive for the syntax of ISO 3166-2 states/provinces - S/MIME has fixed the issue which states “For the NTR Registration Scheme identifier, where registrations are administrated at the subdivision (state or province) level, a plus “+” (0x2B (ASCII), U+002B (UTF-8)) followed by an up-to-three alphanumeric character ISO 3166-2 identifier for the subdivision of the nation in which the Registration Scheme is operated.” Ballot will be need for EVG.
    • 430 – Clarify maximum period for DCV usage – Completed/Closed
    • 431 – Align OV and EV org name requirements – Assign to Martijn
    • 432 – Standardize format and style in CABF documents – Work on formatting style. Some information being assembled in the CABF Wiki.
    • 433 – Proposal for automated onion service certificate issuance based on fully qualified onion service key signed certificate request - Iñigo to check if this person finally applied as interested party and if not, close the issue. If yes, keep it for a while.
    • 435 – Error in definition of “Translator” – Assign to Tim who will propose text for a clean-up ballot.

PAG

GoDaddy is withdrawing their exclusion notice. GoDaddy will be asked to submit withdrawal of their exclusion notice; Ben will ask. The ballot can be re-submitted.

Current status of ballots

  • Passed
    • None
  • Failed
    • None
  • Voting Period
    • SC75: Pre-sign linting
  • Discussion Period
    • SC67 v3: Require domain validation and CAA checks to be performed from multiple Network Perspectives – no updates, continue discussion.
  • Review Period
    • SC71: Terms of Use – Not sure of status. Ballot may be abandoned. If not, then the discussion period could be extended. Inigo will contact Dustin to get status.
  • Draft/Under Consideration
    • SCXX: Profiles cleanup ballot – on hold.

Any Other Business

No other business.

Next call

4 July call cancelled. Next call is 18 July 2024.

Adjourn

Meeting adjourned.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed

Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates:

  • Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action;
  • Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and
  • Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Minutes Server Certificates
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).