CA/Browser Forum posts
Posts by tag Server Certificates
2023-05-25 Minutes of the Server Certificate Working Group
June 26, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting May 25, 2023Attendees Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Cade Cairns – (Google), Chad Ehlers – (IdenTrust), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Eva Vansteenberge – (GlobalSign), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Jamie Mackey – (US Federal PKI Management Authority), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Kyle Duren – (Yahoo Inc), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marco Schambach – (IdenTrust), Michelle Coon – (OATI), Miguel Sanchez – (Google), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Scott Rea – (eMudhra), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services).
June 26, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting May 25, 2023Attendees Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Cade Cairns – (Google), Chad Ehlers – (IdenTrust), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Eva Vansteenberge – (GlobalSign), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Jamie Mackey – (US Federal PKI Management Authority), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Kyle Duren – (Yahoo Inc), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marco Schambach – (IdenTrust), Michelle Coon – (OATI), Miguel Sanchez – (Google), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Scott Rea – (eMudhra), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services).
2023-04-27 Minutes of the Server Certificate Working Group
June 15, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting April 27, 2023Attendees: Aaron Gable – (Let’s Encrypt), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Clint Wilson – (Apple), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Hogeun Yoo – (NAVER Cloud), Inigo Barreira – (Sectigo), Jamie Mackey – (US Federal PKI Management Authority), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Ryan Dickson – (Google), Sissel Hoel – (Buypass AS), Sooyoung Eo – (NAVER Cloud), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Tsung-Min Kuo – (Chunghwa Telecom), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services).
June 15, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting April 27, 2023Attendees: Aaron Gable – (Let’s Encrypt), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Clint Wilson – (Apple), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Hogeun Yoo – (NAVER Cloud), Inigo Barreira – (Sectigo), Jamie Mackey – (US Federal PKI Management Authority), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Ryan Dickson – (Google), Sissel Hoel – (Buypass AS), Sooyoung Eo – (NAVER Cloud), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Tsung-Min Kuo – (Chunghwa Telecom), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services).
Ballot SC-64: Temporary Moratorium on New Certificate Consumer Memberships
June 15, 2023 by Iñigo BarreiraVoting Results Certificate Issuers 19 votes total:
June 15, 2023 by Iñigo BarreiraVoting Results Certificate Issuers 19 votes total:
Minutes of the F2F 59 Meeting in Redmond, WA, USA, 6-8 June 2023 – CSCWG (6 June)
June 6, 2023 by Corey BonnellAttendeesAttendance: IN THE ROOM (FROM SIGN UP SHEET) Ben Wilson (Mozilla), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Karina Sirota Goodley (Microsoft), Tahmina Ahmad (Microsoft), Hannah Sokol (Microsoft), Nitesh Bakliwal (Microsoft), Brianca Martin (Amazon), Trevoli Ponds-White (Amazon), Jonathan Kozolchyk (Amazon), Blake Hess (Amazon), Aaron Poulsen (Amazon), Michael Slaughter (Amazon), Tim Crawford (WebTrust), Inigo Barreira (Sectigo), Yoshiro Yoneya (JPRS), Martijn Katerbard (Sectigo), Nick France (Sectigo), Tim Callen (Sectigo), Roberto Quinones (Intel), Ben Dewberry (Keyfactor), Sven Rajala (Keyfactor), Leo Grove (SSL.com), Stephen Davidson (DigiCert), Jeremy Rowley (DigiCert), Scott Olsen (Microsoft), Linda Diefendorf (Microsoft), Steve Lasker (Microsoft), Yamian Quinero (Microsoft), Thomas Zermeno (SSL.com), Georgy Sebastian (Amazon), Meha Sharma (Microsoft), Rakia Segeu (Microsoft), Dawn Wang (Microsoft), Eva van Steenberge (Globalsign), Christophe Bonjean (Globalsign), Romain Delval (Certigna), Josselin Allemandou (Certigna), Xiu Lei (GDCA), Xizo Qiang (GDCA), Corey Bonnell (DigiCert), Vikas Khanna (Microsoft), An Yin (iTrus China), Vijay Kumar (eMuhdra), Pankaj Chawla (eMuhdra), Scott Rea (eMuhdra), Paul van Browershaven (Entrust), Bruce Morton (Entrust), Arno Fiedler (ETSI ESI), Dimitris Zacharopoulos (HARICA)
June 6, 2023 by Corey BonnellAttendeesAttendance: IN THE ROOM (FROM SIGN UP SHEET) Ben Wilson (Mozilla), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Karina Sirota Goodley (Microsoft), Tahmina Ahmad (Microsoft), Hannah Sokol (Microsoft), Nitesh Bakliwal (Microsoft), Brianca Martin (Amazon), Trevoli Ponds-White (Amazon), Jonathan Kozolchyk (Amazon), Blake Hess (Amazon), Aaron Poulsen (Amazon), Michael Slaughter (Amazon), Tim Crawford (WebTrust), Inigo Barreira (Sectigo), Yoshiro Yoneya (JPRS), Martijn Katerbard (Sectigo), Nick France (Sectigo), Tim Callen (Sectigo), Roberto Quinones (Intel), Ben Dewberry (Keyfactor), Sven Rajala (Keyfactor), Leo Grove (SSL.com), Stephen Davidson (DigiCert), Jeremy Rowley (DigiCert), Scott Olsen (Microsoft), Linda Diefendorf (Microsoft), Steve Lasker (Microsoft), Yamian Quinero (Microsoft), Thomas Zermeno (SSL.com), Georgy Sebastian (Amazon), Meha Sharma (Microsoft), Rakia Segeu (Microsoft), Dawn Wang (Microsoft), Eva van Steenberge (Globalsign), Christophe Bonjean (Globalsign), Romain Delval (Certigna), Josselin Allemandou (Certigna), Xiu Lei (GDCA), Xizo Qiang (GDCA), Corey Bonnell (DigiCert), Vikas Khanna (Microsoft), An Yin (iTrus China), Vijay Kumar (eMuhdra), Pankaj Chawla (eMuhdra), Scott Rea (eMuhdra), Paul van Browershaven (Entrust), Bruce Morton (Entrust), Arno Fiedler (ETSI ESI), Dimitris Zacharopoulos (HARICA)
2023-05-11 Minutes of the Server Certificate Working Group
May 25, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting May 11, 2023 Roll Call: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Bruce Morton – (Entrust), Chris Clements – (Google), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), RIch Smith – (DigiCert), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services) Read Antitrust Statement (* not needed since read in earlier meeting) Review Agenda: No changes. Minutes: 30 March minutes approved. 27 April: not yet circulated Certificate consumers moratorium ballot proposed by Ben Wilson: looking for another endorser. Ben clarified that the moratorium would be temporary, depending on how quickly the Forum could revise rules for membership. Memberships: Yahoo as Interested Party – approved CommScope – still pending IPR signature QikFox – IPR signature is valid. However, this issue relates to the moratorium ballot. Dimitris proposed to approve as Certificate Consumer member, since no moratorium is currently in place. Ben stated Mozilla’s dissent on this and doesn’t plan on asking for a vote. Tim said that if anyone objects, they should propose a ballot for membership. Toby wasn’t convinced that there was consensus. Clint also logged his dissent to the consensus. Bruce asked if we could wait for Ben’s moratorium ballot to pass. Tim said that the applicant has a right to hear back soon. Ryan Dickson said it makes more sense to wait. Paul thought it wasn’t fair to make them wait for the ballot to pass which could take several weeks. Tim agreed, and said there is no precedent in the bylaws for delaying. Dimitris agreed. Daryn said the bylaws don’t have a provision for cases where there is a dissent but don’t call for a vote. Clint stated that he hasn’t been able to confirm that the applicant is actually a browser, as it appears payment is required to use it. Could a test copy or license be provided? Ben said that’s probably not needed as he confirmed that it is in fact a browser. Jos suggested that those not part of the consensus “stand aside”, meaning that the group has settled on a consensus you do not agree with but you are not willing to impede their progress. Martijn also suggested the term “abstain”. Ben said he stands aside. Time ran out for further discussion and the item was tabled to the next meeting. Logius – membership change, to be removed from SCWG as full member, change to Interested Party. But wants to be added to S/MIME, which will need to be approved by that group. Discussion as to whether they need to re-sign IPR. Tim suggested we table removing them from SCWG until they have been accepted in S/MIME WG. Dimitris said we don’t need to wait. Jos suggested we put this back on the agenda for the next meeting for administrative reasons. Inigo asked that how would we know about other root status’ if others like Logius didn’t’ contact us? Dimitris said they have self declared their change in status. The bylaws allow for challenges and it’s up to members to do so. Next call: 25 May
May 25, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting May 11, 2023 Roll Call: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Bruce Morton – (Entrust), Chris Clements – (Google), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Nate Smith – (GoDaddy), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), RIch Smith – (DigiCert), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services) Read Antitrust Statement (* not needed since read in earlier meeting) Review Agenda: No changes. Minutes: 30 March minutes approved. 27 April: not yet circulated Certificate consumers moratorium ballot proposed by Ben Wilson: looking for another endorser. Ben clarified that the moratorium would be temporary, depending on how quickly the Forum could revise rules for membership. Memberships: Yahoo as Interested Party – approved CommScope – still pending IPR signature QikFox – IPR signature is valid. However, this issue relates to the moratorium ballot. Dimitris proposed to approve as Certificate Consumer member, since no moratorium is currently in place. Ben stated Mozilla’s dissent on this and doesn’t plan on asking for a vote. Tim said that if anyone objects, they should propose a ballot for membership. Toby wasn’t convinced that there was consensus. Clint also logged his dissent to the consensus. Bruce asked if we could wait for Ben’s moratorium ballot to pass. Tim said that the applicant has a right to hear back soon. Ryan Dickson said it makes more sense to wait. Paul thought it wasn’t fair to make them wait for the ballot to pass which could take several weeks. Tim agreed, and said there is no precedent in the bylaws for delaying. Dimitris agreed. Daryn said the bylaws don’t have a provision for cases where there is a dissent but don’t call for a vote. Clint stated that he hasn’t been able to confirm that the applicant is actually a browser, as it appears payment is required to use it. Could a test copy or license be provided? Ben said that’s probably not needed as he confirmed that it is in fact a browser. Jos suggested that those not part of the consensus “stand aside”, meaning that the group has settled on a consensus you do not agree with but you are not willing to impede their progress. Martijn also suggested the term “abstain”. Ben said he stands aside. Time ran out for further discussion and the item was tabled to the next meeting. Logius – membership change, to be removed from SCWG as full member, change to Interested Party. But wants to be added to S/MIME, which will need to be approved by that group. Discussion as to whether they need to re-sign IPR. Tim suggested we table removing them from SCWG until they have been accepted in S/MIME WG. Dimitris said we don’t need to wait. Jos suggested we put this back on the agenda for the next meeting for administrative reasons. Inigo asked that how would we know about other root status’ if others like Logius didn’t’ contact us? Dimitris said they have self declared their change in status. The bylaws allow for challenges and it’s up to members to do so. Next call: 25 May
2023-03-30 Minutes of the Server Certificate Working Group
May 12, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting March 30, 2023Attendance: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Jozef Nigut – (Disig), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Pedro Fuentes – (OISTE Foundation), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Stephen Davidson – (DigiCert), Steven Deitte – (GoDaddy), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly)
May 12, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting March 30, 2023Attendance: Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Rasmussen – (OATI), Daryn Wright – (GoDaddy), Dimitris Zacharopoulos – (HARICA), Ellie Lu – (TrustAsia Technologies, Inc.), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Jozef Nigut – (Disig), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Marcelo Silva – (Visa), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Pedro Fuentes – (OISTE Foundation), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Stephen Davidson – (DigiCert), Steven Deitte – (GoDaddy), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Wayne Thayer – (Fastly)
2023-04-13 Minutes of the Server Certificate Working Group
April 13, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting April 13, 2023Attendees Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)
April 13, 2023 by Iñigo BarreiraServer Certificate Working Group Meeting April 13, 2023Attendees Aaron Poulsen – (Amazon), Adam Jones – (Microsoft), Adrian Mueller – (SwissSign), Ben Wilson – (Mozilla), Brianca Martin – (Amazon), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Corey Rasmussen – (OATI), David Kluge – (Google), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (VikingCloud), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tobias Josefowitz – (Opera Software AS), Trevoli Ponds-White – (Amazon), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services)
Ballot SC62v2-Certificate profiles update
March 17, 2023 by Iñigo BarreiraVoting Results Certificate Issuers 30 votes total, with no abstentions:
March 17, 2023 by Iñigo BarreiraVoting Results Certificate Issuers 30 votes total, with no abstentions:
2023-02-16 Minutes of the Server Certificate Working Group
March 6, 2023 by Iñigo BarreiraMeeting of the Server Certificate Working Group** February 16, 2023 Attendees: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adrian Mueller – (SwissSign), Andrea Holland – (SecureTrust), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Daryn Wright – (GoDaddy), David Kluge – (Google), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (SecureTrust), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (SecureTrust), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Roman Fischer – (SwissSign), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Steve Topletz – (Cisco Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Vijayakumar (Vijay) Manjunatha – (eMudhra), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services) Next Minute Taker: Chris Kemmerer after the face-to-face meeting. Review of Agenda: Inigo Barreira stated the agenda was published and there were no changes. Approval of Minutes: Approved from the last call on February 2, 2023. Validation Subcommittee update: Corey Bonnell stated the subcommittee discussed two topics at the last meeting. The first was planning for the face-to-face where they decided that they were going to use the hour and a half by splitting the time. In the first half they will discuss multi-perspective domain validation and mitigations against some of the attacks that we’ve seen. Corey thought it was a great idea proposed by Ryan Dickson to take advantage of the guest speakers’ knowledge that they’ll be sharing and seeing how we can apply it within the context of the subcommittee. The second topic will be a continuation of the discussion around applicant representatives and their roles and responsibilities throughout the certificate issuance process. They identified five top level certificate issuance flows or models and there was a call for volunteers to write up each issuance flow. The write ups would look at each flow and identify improvements to the requirements as needed to better accommodate the flows or discuss various security properties. As an administrative note the call next Thursday is canceled, keeping the tradition of canceling before the face-to-face. Inigo suggested discussing restructuring the calls or how the SCWG should manage the validation subcommittee. Corey recalls this conversation occurring in the context of the SCWG. Ballot Status: SC61v4 – Incorporation of Mozilla Revocation Reason Codes is now in the voting period. SC62 – Certificate profiles. Still in discussion period with no end date defined yet. SC59 – Revival of Debian Weak Keys Ballot. Chris Kemmerer stated while working on redline they discovered they need to satisfy some pretty cogent comments from one of their endorsers. They would like to have this as an item for discussion at the face-to-face meeting. SCXX – SLO/Response for CRL & OCSP Responses. Clint stated there is no change. SCXX – Make OCSP optional, require CRLs. Ryan stated this is staged behind the profiles ballot. If people are interested in providing feedback, it’s very welcome. If anyone is interested in becoming an endorser they can email Ryan. Any other business: Tim suggested the SCWG should discuss where we want the working group to go and what it should be working on. The SCWG is in a state where it doesn’t have any clear direction and that’s really dangerous. The SCWG is one of the most important working groups we have. We need to get everybody on the same page about what we think are the important problems in the ecosystem that the group should be addressing and get people to start working on proposals to address those items. It’s a little bit dangerous that we continue to kind of let it continue its current trajectory, where not a lot gets done and the requirements just kind of sit the way they are. Inigo agreed and said even minor changes in the titling of the documents would help as well as updating the EV Guidelines in accordance with RFC 3647. The validation subcommittee was originally created for validation and when there was no working group structure. He plans on sending a list of topics to be included. Inigo stated Dimitris sent an email to the management list regarding algorithms and suggested discussion at the SCWG. Dimitris sent the email already knowing there was a discussion in the S/MIME working group but he felt the email was geared towards TLS. From previous discussions he believes there was no intent of implementing the algorithms by the browsers. Regardless, we need an answer for the questions list. Indigo asked if there was a time limit to respond to the question list. Dimitris is not aware of a time limit. Ben will email Dean. Tim suggested the algorithms in question are a little bit more efficient, a little bit more trustworthy in the nature of how the curves were generated. There are a bunch of small advantages that some people find attractive. Until a browser adopts the algorithm there is a chicken and egg problem. It’s up to the browsers to decide if this is something that they want to support. Aaron Gable stated they continually get requests from applicants and subscribers asking why they don’t support these curves and the answer is always, “we can’t”. There are other questions about the level of HSM support for curves other than the ones they use, but they would love for browsers to support them. Tim stated HSM support is pretty good and that should not be a blocker. Next Meeting: March 16, 2023 **Meeting adjourned.
March 6, 2023 by Iñigo BarreiraMeeting of the Server Certificate Working Group** February 16, 2023 Attendees: Aaron Gable – (Let’s Encrypt), Aaron Poulsen – (Amazon), Adrian Mueller – (SwissSign), Andrea Holland – (SecureTrust), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Chris Clements – (Google), Chris Kemmerer – (SSL.com), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Daryn Wright – (GoDaddy), David Kluge – (Google), Dimitris Zacharopoulos – (HARICA), Doug Beattie – (GlobalSign), Dustin Hollenback – (Microsoft), Ellie Lu – (TrustAsia Technologies, Inc.), Enrico Entschew – (D-TRUST), Fumi Yoneda – (Japan Registry Services), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (SecureTrust), Joanna Fox – (TrustCor Systems), Johnny Reading – (GoDaddy), Jos Purvis – (Fastly), Karina Sirota – (Microsoft), Kiran Tummala – (Microsoft), Lynn Jeun – (Visa), Mads Henriksveen – (Buypass AS), Martijn Katerbarg – (Sectigo), Michelle Coon – (OATI), Nargis Mannan – (SecureTrust), Paul van Brouwershaven – (Entrust), Pedro Fuentes – (OISTE Foundation), Peter Miskovic – (Disig), Rebecca Kelley – (Apple), Rollin Yu – (TrustAsia Technologies, Inc.), Roman Fischer – (SwissSign), Ryan Dickson – (Google), Stephen Davidson – (DigiCert), Steve Topletz – (Cisco Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tobias Josefowitz – (Opera Software AS), Vijayakumar (Vijay) Manjunatha – (eMudhra), Wayne Thayer – (Fastly), Wendy Brown – (US Federal PKI Management Authority), Yoshiro Yoneya – (Japan Registry Services) Next Minute Taker: Chris Kemmerer after the face-to-face meeting. Review of Agenda: Inigo Barreira stated the agenda was published and there were no changes. Approval of Minutes: Approved from the last call on February 2, 2023. Validation Subcommittee update: Corey Bonnell stated the subcommittee discussed two topics at the last meeting. The first was planning for the face-to-face where they decided that they were going to use the hour and a half by splitting the time. In the first half they will discuss multi-perspective domain validation and mitigations against some of the attacks that we’ve seen. Corey thought it was a great idea proposed by Ryan Dickson to take advantage of the guest speakers’ knowledge that they’ll be sharing and seeing how we can apply it within the context of the subcommittee. The second topic will be a continuation of the discussion around applicant representatives and their roles and responsibilities throughout the certificate issuance process. They identified five top level certificate issuance flows or models and there was a call for volunteers to write up each issuance flow. The write ups would look at each flow and identify improvements to the requirements as needed to better accommodate the flows or discuss various security properties. As an administrative note the call next Thursday is canceled, keeping the tradition of canceling before the face-to-face. Inigo suggested discussing restructuring the calls or how the SCWG should manage the validation subcommittee. Corey recalls this conversation occurring in the context of the SCWG. Ballot Status: SC61v4 – Incorporation of Mozilla Revocation Reason Codes is now in the voting period. SC62 – Certificate profiles. Still in discussion period with no end date defined yet. SC59 – Revival of Debian Weak Keys Ballot. Chris Kemmerer stated while working on redline they discovered they need to satisfy some pretty cogent comments from one of their endorsers. They would like to have this as an item for discussion at the face-to-face meeting. SCXX – SLO/Response for CRL & OCSP Responses. Clint stated there is no change. SCXX – Make OCSP optional, require CRLs. Ryan stated this is staged behind the profiles ballot. If people are interested in providing feedback, it’s very welcome. If anyone is interested in becoming an endorser they can email Ryan. Any other business: Tim suggested the SCWG should discuss where we want the working group to go and what it should be working on. The SCWG is in a state where it doesn’t have any clear direction and that’s really dangerous. The SCWG is one of the most important working groups we have. We need to get everybody on the same page about what we think are the important problems in the ecosystem that the group should be addressing and get people to start working on proposals to address those items. It’s a little bit dangerous that we continue to kind of let it continue its current trajectory, where not a lot gets done and the requirements just kind of sit the way they are. Inigo agreed and said even minor changes in the titling of the documents would help as well as updating the EV Guidelines in accordance with RFC 3647. The validation subcommittee was originally created for validation and when there was no working group structure. He plans on sending a list of topics to be included. Inigo stated Dimitris sent an email to the management list regarding algorithms and suggested discussion at the SCWG. Dimitris sent the email already knowing there was a discussion in the S/MIME working group but he felt the email was geared towards TLS. From previous discussions he believes there was no intent of implementing the algorithms by the browsers. Regardless, we need an answer for the questions list. Indigo asked if there was a time limit to respond to the question list. Dimitris is not aware of a time limit. Ben will email Dean. Tim suggested the algorithms in question are a little bit more efficient, a little bit more trustworthy in the nature of how the curves were generated. There are a bunch of small advantages that some people find attractive. Until a browser adopts the algorithm there is a chicken and egg problem. It’s up to the browsers to decide if this is something that they want to support. Aaron Gable stated they continually get requests from applicants and subscribers asking why they don’t support these curves and the answer is always, “we can’t”. There are other questions about the level of HSM support for curves other than the ones they use, but they would love for browsers to support them. Tim stated HSM support is pretty good and that should not be a blocker. Next Meeting: March 16, 2023 **Meeting adjourned.
Ballot SC61v4 – New CRL Entries must have a Revocation Reason Code
March 2, 2023 by Iñigo BarreiraVoting Results Certificate Issuers 24 votes total, with no abstentions:
March 2, 2023 by Iñigo BarreiraVoting Results Certificate Issuers 24 votes total, with no abstentions: