[Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - July 25 2019

Wayne Thayer wthayer at mozilla.com
Thu Aug 8 15:59:10 MST 2019

 These are the Final Minutes of the Teleconference described in the subject
of this message.Attendees (in alphabetical order)

Ben Wilson (Digicert), Bruce Morton (Entrust Datacard), Chris Kemmerer
(SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris
Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew
(D-TRUST), Frank Corday (SecureTrust), Inaba Atsushi (GlobalSign), Jeff
Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Kirk Hall (Entrust
Datacard), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike
Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter
(SecureTrust), Ryan Sleevi (Google), Scott Rea (Dark Matter), Shelley
Brewer (Digicert), Tim Callan (Sectigo), Timo Schmitt (SwissSign), Tobias
Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer
(Mozilla), Wendy Brown (US Federal PKI Management Authority).
1. Roll Call
The Chair took attendance
2. Read Antitrust Statement

The Antitrust Statement was read
3. Review Agenda

The F2F 47 minutes approval slot was removed from the Agenda. Dimitris
explained that he sent final updates to the F2F minutes 1,5 days before the
teleconference so it was likely that members would not have time to review.
They would probably be ok and get approved at the next teleconference.
4. Approval of minutes from previous teleconference

The minutes from the previous teleconference were approved and will be
circulated to the public list.
5. Validation Subcommittee Update
The Subcommittee reviewed the work at the validation summit and the F2F in
Thessaloniki and decided to try to wrap-up this work until the next F2F in

Method 6 (http) has a draft ballot that Doug posted and there was some
discussion on the validation list. Lots of people use this method so they
should probably pay attention to that discussion.

Method 10 to be replaced with a method that uses an IETF draft TLS-ALPN. We
were waiting the final review which was close to be finalized before
adopting to the BRs. The authors didn't make much progress at the recent
IETF so the validation Subcommittee will decide on the next call whether to
wait more or proceed with the current draft.

Method 12 to be applicable beyond CAs that are also Domain Name Registrars.
Peter Bowen from Amazon had proposed this so we the subcommittee will ask
Amazon whether they want to proceed with a change to this method.

Another topic they discussed was the Certificate lifetime which Ryan
introduced at the F2F in Thessaloniki. He is close to creating a draft
ballot to reduce lifetime to roughly 1 year or roughly 13 months.

Bruce also mentioned about the "clean-up ballot" and will reach out to Tim
for Spring cleanup changes to put into the BRs and EVGs. Ryan sent an email
to the list.

6. NetSec Subcommittee Update The subcommittee discussed about the "pain
points" and tried restructuring the documents, with annotations related to
requirements/provisions for Root CAs and which ones apply for online vs
offline CAs, for example "network requirements". They also tried some
reverse cross-references to WebTrust for CAs and ETSI EN 319 401 standards
looking for similarities with the existing network security requirements.

Dimitris asked for some more details about these cross-references. Ben
clarified that the WebTrust for CAs 2.1 has similar language with the
Network Security requirements. He was not referring to "WebTrust Baseline
and Network Security" but the "plain vanilla" WebTrust. The subcommittee
wants to create a table and add a column where for particular Network
Security requirements they will be able to provide references to WebTrust
for CAs or ETSI EN 319 401 for further guidance.

7. Ballot Status

No further discussion on ballots under consideration
*Ballots in Discussion Period*

*Ballots in Voting Period*


*Ballots in Review Period*

*Draft Ballots under Consideration*

*Improvements for Method 6, website control* (Tim H.)
No additional comments

* SC20 Ballot (NSR 2): System Configuration Management* (Ben)
No additional comments

*SC21 Ballot (NSR 3): Log Integrity Controls* (Ben)
No additional comments
8. Approval of F2F 47 Minutes
No discussion.
9. Any Other Business

No other business.
10. Next call

August 8, 2019 at 11:00 am Eastern Time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190808/cf4d71f7/attachment.html>

More information about the Servercert-wg mailing list