[Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - August 8 2019

Jos Purvis (jopurvis) jopurvis at cisco.com
Mon Aug 26 12:34:11 MST 2019




Jos Purvis (jopurvis at cisco.com)
.:|:.:|:. cisco systems  | Cryptographic Services
PGP: 0xFD802FEE07D19105  | +1 919.991.9114 (desk)



From: Servercert-wg <servercert-wg-bounces at cabforum.org> on behalf of "Dimitris Zacharopoulos (HARICA) via Servercert-wg" <servercert-wg at cabforum.org>
Reply-To: "Dimitris Zacharopoulos (HARICA)" <dzacharo at harica.gr>, CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Date: Monday, August 26, 2019 at 7:15 AM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - August 8 2019


These are the Final Minutes of the Teleconference described in the subject of this message.
Attendees (in alphabetical order)
Arno Fiedler (D-TRUST), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Joanna Fox (GoDaddy), Jos Purvis (Cisco), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alen (Sectigo), Ryan Sleevi (Google), Tim Shirley (SecureTrust), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
1. Roll Call
The Vice-Chair took attendance.

2. Read Antitrust Statement
The Antitrust Statement was read.

3. Review Agenda
Today's Agenda was approved. 

4. Approval of minutes from previous teleconference
There was discussion on the list about the minutes from the 25-July call. Ryan said that about 20 minutes of discussion are missing from the minutes, but he hasn't had time to suggest edits. He said most of the discussion was rehashing stuff that was previously discussed and minuted. Ryan said he's not terribly concerned and would be okay if others agree to leave that discussion out of the minutes. Jos suggested that a line be inserted into the minutes referencing the prior discussions. Dean agreed.


The minutes from the previous teleconference - with an additional comment stating "a discussion ensued referencing previous discussions around this topic"   - were approved and will be circulated to the public list.

5. Validation Subcommittee Update 
The Subcommittee discussed the LEI ballot that Tim has drafted. Some of the ballot language is copied from the LEI website and can be clarified. There was discussion around clarifying the validation process, tightening up the algorithm. The reason is that the LEI database isn't even a QIIS. Tim is open to proposals.


Discussed a questions about attorney/accountant letters. Dean is waiting on Ryan to draft a reply.


Discussed certificate lifetimes. Google proposal is for 397 days. Discussed 397 versus 398 days, and March 2020 implementation. Ryan is looking for more feedback. Dean said that DigiCert is actively gathering feedback from large enterprise customers with multi-year certificates and no automation. There are several endorsers (Apple, Let's Encrypt) and Ryan is looking to move to a 3-week discussion period soon. There was also discussion on the list about validation automation solutions that might reduce friction for customers. Rich said that Sectigo is also gathering feedback. Mike Reily said that he will discuss the ballot with others at Microsoft. Michelle Coon asked if the ballot only applies to TLS certificates. Ryan said that it only applies to the BRs and SSL/TLS. Wayne said that this applies to certificates that are capable of being used for TLS.


Dean asked if CAs are allowed to post to our lists on behalf of customers. Ryan said that CAs have shared feedback from customers on the appropriate list. Customers have also posted directly to the questions list, with discussion happening on the public list if the questioner indicates that we can.


The Subcommittee then discussed the Spring cleanup ballot. Ryan created a Github branch containing a number of fixes and clarifications. Ryan asked everyone to speak up if they can recall any issues that have been deferred to a cleanup ballot. Wayne asked Ryan to make the request on the public list.


Finally, the Subcommittee discussed the method 6 ballot. Consensus was that this ballot should create a new method number and the old one should be sunset. Wayne said that Doug was to send out an updated ballot - no one was sure if that has happened yet.

6. NetSec Subcommittee Update
The Subcommittee did not meet this week and Ben was not on the call. No update was provided.
7. Ballot Status 
No further discussion on ballots under consideration.
Ballots in Discussion Period
Ballots in Voting Period


Ballots in Review Period

Draft Ballots under Consideration

LEI (Tim H.)

No additional comments

Improvements for Method 6, website control (Doug)
No additional comments

Certificate Lifetime (Ryan)

No additional comments

Spring Cleanup (Ryan)
No additional comments

8. Approval of F2F 47 Minutes
The minutes from F2F 47 were approved and will be circulated to the public list.

9. Any Other Business
No other business.

10. Next call
August 22, 2019 at 11:00 am Eastern Time.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190826/6bb8a265/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4052 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190826/6bb8a265/attachment-0001.p7s>

More information about the Servercert-wg mailing list