[Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - July 25 2019

Jos Purvis (jopurvis) jopurvis at cisco.com
Mon Aug 12 07:37:21 MST 2019




Jos Purvis (jopurvis at cisco.com)
.:|:.:|:. cisco systems  | Cryptographic Services
PGP: 0xFD802FEE07D19105  | +1 919.991.9114 (desk)


From: Servercert-wg <servercert-wg-bounces at cabforum.org> on behalf of Wayne Thayer via Servercert-wg <servercert-wg at cabforum.org>
Reply-To: Wayne Thayer <wthayer at mozilla.com>, CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Date: Thursday, August 8, 2019 at 6:59 PM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - July 25 2019


These are the Final Minutes of the Teleconference described in the subject of this message. 
Attendees (in alphabetical order)
Ben Wilson (Digicert), Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Frank Corday (SecureTrust), Inaba Atsushi (GlobalSign), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Ryan Sleevi (Google), Scott Rea (Dark Matter), Shelley Brewer (Digicert), Tim Callan (Sectigo), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
1. Roll Call
The Chair took attendance
2. Read Antitrust Statement
The Antitrust Statement was read
3. Review Agenda
The F2F 47 minutes approval slot was removed from the Agenda. Dimitris explained that he sent final updates to the F2F minutes 1,5 days before the teleconference so it was likely that members would not have time to review. They would probably be ok and get approved at the next teleconference.
4. Approval of minutes from previous teleconference
The minutes from the previous teleconference were approved and will be circulated to the public list.
5. Validation Subcommittee Update 
The Subcommittee reviewed the work at the validation summit and the F2F in Thessaloniki and decided to try to wrap-up this work until the next F2F in November.

Method 6 (http) has a draft ballot that Doug posted and there was some discussion on the validation list. Lots of people use this method so they should probably pay attention to that discussion.

Method 10 to be replaced with a method that uses an IETF draft TLS-ALPN. We were waiting the final review which was close to be finalized before adopting to the BRs. The authors didn't make much progress at the recent IETF so the validation Subcommittee will decide on the next call whether to wait more or proceed with the current draft.

Method 12 to be applicable beyond CAs that are also Domain Name Registrars. Peter Bowen from Amazon had proposed this so we the subcommittee will ask Amazon whether they want to proceed with a change to this method.

Another topic they discussed was the Certificate lifetime which Ryan introduced at the F2F in Thessaloniki. He is close to creating a draft ballot to reduce lifetime to roughly 1 year or roughly 13 months.

Bruce also mentioned about the "clean-up ballot" and will reach out to Tim for Spring cleanup changes to put into the BRs and EVGs. Ryan sent an email to the list.
6. NetSec Subcommittee Update
The subcommittee discussed about the "pain points" and tried restructuring the documents, with annotations related to requirements/provisions for Root CAs and which ones apply for online vs offline CAs, for example "network requirements". They also tried some reverse cross-references to WebTrust for CAs and ETSI EN 319 401 standards looking for similarities with the existing network security requirements.

Dimitris asked for some more details about these cross-references. Ben clarified that the WebTrust for CAs 2.1 has similar language with the Network Security requirements. He was not referring to "WebTrust Baseline and Network Security" but the "plain vanilla" WebTrust. The subcommittee wants to create a table and add a column where for particular Network Security requirements they will be able to provide references to WebTrust for CAs or ETSI EN 319 401 for further guidance.
7. Ballot Status 
No further discussion on ballots under consideration
Ballots in Discussion Period
Ballots in Voting Period


Ballots in Review Period

Draft Ballots under Consideration

Improvements for Method 6, website control (Tim H.)
No additional comments

SC20 Ballot (NSR 2): System Configuration Management (Ben)
No additional comments

SC21 Ballot (NSR 3): Log Integrity Controls (Ben)
No additional comments
8. Approval of F2F 47 Minutes

No discussion.
9. Any Other Business
No other business.
10. Next call
August 8, 2019 at 11:00 am Eastern Time.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190812/bec1f362/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4072 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190812/bec1f362/attachment-0001.p7s>

More information about the Servercert-wg mailing list