[Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - August 8 2019
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Mon Aug 26 04:14:48 MST 2019
These are the Final Minutes of the Teleconference described in the
subject of this message.
Attendees (in alphabetical order)
Arno Fiedler (D-TRUST), Chris Kemmerer (SSL.com), Daniela Hood
(GoDaddy), Dean Coclin (Digicert), Dustin Hollenback (Microsoft), Enrico
Entschew (D-TRUST), Inaba Atsushi (GlobalSign), India Donald (US Federal
PKI Management Authority), Joanna Fox (GoDaddy), Jos Purvis (Cisco),
Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Michelle
Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems),
Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rich Smith
(Sectigo), Robin Alen (Sectigo), Ryan Sleevi (Google), Tim Shirley
(SecureTrust), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla),
Wendy Brown (US Federal PKI Management Authority).
Minutes
1. Roll Call
The Vice-Chair took attendance.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
Today's Agenda was approved.
4. Approval of minutes from previous teleconference
There was discussion on the list about the minutes from the 25-July
call. Ryan said that about 20 minutes of discussion are missing from the
minutes, but he hasn't had time to suggest edits. He said most of the
discussion was rehashing stuff that was previously discussed and
minuted. Ryan said he's not terribly concerned and would be okay if
others agree to leave that discussion out of the minutes. Jos suggested
that a line be inserted into the minutes referencing the prior
discussions. Dean agreed.
The minutes from the previous teleconference - with an additional
comment stating "a discussion ensued referencing previous discussions
around this topic" - were approved and will be circulated to the
public list.
5. Validation Subcommittee Update
The Subcommittee discussed the LEI ballot that Tim has drafted. Some of
the ballot language is copied from the LEI website and can be clarified.
There was discussion around clarifying the validation process,
tightening up the algorithm. The reason is that the LEI database isn't
even a QIIS. Tim is open to proposals.
Discussed a questions about attorney/accountant letters. Dean is waiting
on Ryan to draft a reply.
Discussed certificate lifetimes. Google proposal is for 397 days.
Discussed 397 versus 398 days, and March 2020 implementation. Ryan is
looking for more feedback. Dean said that DigiCert is actively gathering
feedback from large enterprise customers with multi-year certificates
and no automation. There are several endorsers (Apple, Let's Encrypt)
and Ryan is looking to move to a 3-week discussion period soon. There
was also discussion on the list about validation automation solutions
that might reduce friction for customers. Rich said that Sectigo is also
gathering feedback. Mike Reily said that he will discuss the ballot with
others at Microsoft. Michelle Coon asked if the ballot only applies to
TLS certificates. Ryan said that it only applies to the BRs and SSL/TLS.
Wayne said that this applies to certificates that are capable of being
used for TLS.
Dean asked if CAs are allowed to post to our lists on behalf of
customers. Ryan said that CAs have shared feedback from customers on the
appropriate list. Customers have also posted directly to the questions
list, with discussion happening on the public list if the questioner
indicates that we can.
The Subcommittee then discussed the Spring cleanup ballot. Ryan created
a Github branch containing a number of fixes and clarifications. Ryan
asked everyone to speak up if they can recall any issues that have been
deferred to a cleanup ballot. Wayne asked Ryan to make the request on
the public list.
Finally, the Subcommittee discussed the method 6 ballot. Consensus was
that this ballot should create a new method number and the old one
should be sunset. Wayne said that Doug was to send out an updated ballot
- no one was sure if that has happened yet.
6. NetSec Subcommittee Update
The Subcommittee did not meet this week and Ben was not on the call. No
update was provided.
7. Ballot Status
No further discussion on ballots under consideration.
_Ballots in Discussion Period_
/None/
_*Ballots in Voting Period*_
//None//
_*Ballots in Review Period*_
_Draft Ballots under Consideration_
/LEI (Tim H.)/
No additional comments
/
/
/Improvements for Method 6, website control (Doug)/
No additional comments
/
Certificate Lifetime (Ryan)/
No additional comments
/Spring Cleanup (Ryan)/
No additional comments
8. Approval of F2F 47 Minutes
The minutes from F2F 47 were approved and will be circulated to the
public list.
9. Any Other Business
No other business.
10. Next call
August 22, 2019 at 11:00 am Eastern Time.
Adjourned
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190826/be7a6675/attachment.html>
-------------- next part --------------
_______________________________________________
Management mailing list
Management at cabforum.org
https://cabforum.org/mailman/listinfo/management
More information about the Servercert-wg
mailing list