[Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - August 22 2019

Jos Purvis (jopurvis) jopurvis at cisco.com
Thu Sep 5 09:54:04 MST 2019


Published.

 

 

-- 
Jos Purvis (jopurvis at cisco.com)
.:|:.:|:. cisco systems  | Cryptographic Services
PGP: 0xFD802FEE07D19105  | +1 919.991.9114 (desk)

 

From: Servercert-wg <servercert-wg-bounces at cabforum.org> on behalf of "Dimitris Zacharopoulos (HARICA) via Servercert-wg" <servercert-wg at cabforum.org>
Reply-To: "Dimitris Zacharopoulos (HARICA)" <dzacharo at harica.gr>, CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Date: Thursday, September 5, 2019 at 12:01 PM
To: "servercert-wg at cabforum.org" <servercert-wg at cabforum.org>
Subject: [Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - August 22 2019

 

These are the Final Minutes of the Teleconference described in the subject of this message.
Attendees (in alphabetical order)
Arno Fiedler (D-TRUST), Ben Wilson (Digicert), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Kenneth Myers (US Federal PKI Management Authority), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla).
Minutes 
1. Roll Call
The Chair took attendance.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
No changes to the agenda.
4. Approval of minutes from previous teleconference
The minutes from the previous teleconference were approved and will be circulated to the public list.
5. Validation Subcommittee Update 
Method 6 (http) has a draft ballot that Doug posted, it is the last ballot coming from the Validation Summit, and there was some discussion about the redirects. Doug will most probably propose limiting to 10 redirects. 

They also discussed about the "clean-up ballot". There is a link pointing to the proposed changes in the minutes of the validation subcommittee, so Members can check that link for any controversial changes.

Reducing the certificate lifetime ballot was also discussed.

Finally, the subcommittee discussed about the LEI ballot which has language for the Fully-Verified (Fully Corroborated) information. More discussion already takes place on the list.
6. NetSec Subcommittee Update
No update.
7. Ballot Status 
No further discussion on ballots under consideration
Ballots in Discussion Period
Ballot SC22: Reduce Certificate Lifetimes (Ryan)
Mike asked about the three-week discussion period and whether that was something decided at the Validation Subcommittee. Ryan mentioned that it was discussed at the subcommittee level for about a month and then moved to ballot in order to get any further feedback.

There was a short discussion about whether the proposer must send an e-mail to explicitly start the voting period, regardless whether the ballot e-mail states a "voting begin" date. The interpretation of the Bylaws was that an explicit email by the proposer needs to start the voting period, which must be exactly 7 days.
  
Ballots in Voting Period
None

Ballots in Review Period
None
Draft Ballots under Consideration

Improvements for Method 6, website control (Tim H.)
No additional comments

SC20 Ballot (NSR 2): System Configuration Management (Ben)
No additional comments

SC21 Ballot (NSR 3): Log Integrity Controls (Ben)
Ben asked whether the ballots should be considered withdrawn since they have not been updated for a while. Dimitris responded that since these are still in the "Draft ballots" and have not started an official "Discussion Period", they are not considered withdrawn, unless the proposer wants to withdraw them.

Tobi mentioned that the Network Security Subcommittee will have a better idea about these two ballots in two weeks.
8. Any Other Business
No other business.
9. Next call
September 5, 2019 at 11:00 am Eastern Time.
Adjourned



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190905/3197e1d1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4072 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190905/3197e1d1/attachment-0001.p7s>


More information about the Servercert-wg mailing list