[Servercert-wg] Final minutes for Server Certificate Working Group Teleconference - July 23, 2020

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Sun Aug 9 11:23:32 MST 2020


These are the final Minutes of the Teleconference described in the 
subject of this message.*
*


    Attendees (in alphabetical order)

Ben Wilson (Mozilla), Bruce Morton (Entrust Datacard), Chris McMillan 
(Visa), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris 
Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), 
Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin 
Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC 
Trustgate), Huo Haitao (Halton) (360 Browser), Inaba Atsushi 
(GlobalSign), India Donald (US Federal PKI Management Authority), Janet 
Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Joanna Fox 
(GoDaddy), Johny Reading (GoDaddy), Karina Sirota (Microsoft), Michelle 
Coon (OATI), Michol Murray (GoDaddy), Mike Reilly (Microsoft), Neil 
Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rae Ann Gonzales 
(Godaddy), Rich Smith (Sectigo), Robin Alden (Sectigo), Shelley Brewer 
(Digicert), Stephen Davidson (Digicert), Thanos Vrachnos (SSL.com), Tim 
Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Travis 
Graham (GoDaddy), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI 
Management Authority).


    Minutes


      1. Roll Call

The Roll Call was taken.


      2. Read Antitrust Statement

The Antitrust Statement was read.


      3. Review Agenda

No changes to the agenda were noted. Dimitris will not chair for the 
next two calls, no volunteers for minute taking.


      4. Approval of minutes from last teleconference

Accepted without objections.


      5. Validation Subcommittee Update

Tim reports he will not be available in the next SCWG call either and 
that in turn somebody else may have to report.

Recently, the Validation Subcommittee has spent time going over the 
Trello board re-assessing issues they have not reviewed for a while. 
Some were closed, some were moved on the board and some were updated 
with information.

The Subcommittee has also looked at the Github facilities for managing 
issues; it is similar to the Trello solution. It looks like Github's 
facilities are in line with the Subcommittee's needs, so the 
Subcommittee may move from Trello to Github. As a next step somebody 
needs to actually transfer the issues from Trello to Github, active 
issues first, backlog later.

The Subcommittee will get back to the certificate profiles in next 
week's meeting.


      6. NetSec Subcommittee Update

The NetSec Subcommittee has received a request to not currently bring 
more ballots to vote. The Subcommittee has multiple work items nearly 
ready to be brought forward as Ballots, but will discuss the request in 
the meeting later on the same day, as pushing them forward may not make 
sense if people do not currently have enough capacity for Ballot review.

SC28 will thus for now stay in "heartbeat mode", SC32 is being worked on 
more to address input received, the "System Access" Draft Ballot has 
gone back to the Pain-Points subteam, to improve the 
explanation/motivation section, but not the Ballot content, the same 
applies to the "Authentication Controls" Draft Ballot that tries to 
address the Lockout issue.

The Offline CAs Draft Ballot is still being commented on within the 
Subcommittee, so there may be one more round of discussions required 
before we could put it forward.

The Threat Modelling subteam has update the risk analysis document to 
include further examination of risks posed by CA equipment custody handling.


      7. Ballot Status


        Ballots in Discussion Period

/SC28 (Logging and Log Retention)/

Dimitris: SC28 is in heartbeat process
Neil: Basically we propose new versions without changes so that the 
ballot does not expire since we do hold off from calling for a vote

*Ballots in Voting Period*

None

*Ballots in Review Period*
///SC30 (Disclosure of Registration/Incorporating Agency)/
//SC31 (Browser Alignment)//

Dimitris: We have two ballots in the review period, Ballots SC 30 and SC 
31, review periods end August 20. I will post the final maintenance 
guidelines after that. I want to highlight that these ballots contain a 
few deadlines and effective dates that will become effective not 
relative to when the ballots themselves become effective, so CAs should 
be aware of those.//

//


        Draft Ballots under Consideration

/Spring 2020 cleanup and clarifications (Ryan) /

No updates

/Update to BR section 6.1.1.3/

Chris: We got some internal discussion about this, including discussion 
of whether to include compromised as well as weak keys, and we are 
debating this in-house. In any case, the draft language will be posted 
this day or the next.

Dimitris: SC 31, which is in review period, also changes Section 6.1.1.3 
of the Baseline Requirements, which means this needs to be considered 
when bringing the Ballot.

/Offline CA Security Requirements /(Ben)

Dimitris invites Ben to share information regarding the Offline CA 
Security Requirements Draft Ballot.

Ben: We just need to get endorsers, and a Ballot number, and that is 
what we are working on right now, we will discuss it in the NetSec 
Subcommittee.

/Updating BR 3.2.2.4.10 /(Wayne)

Wayne: I have not moved any further with this Ballot and I have a 
question about the request not to bring any more ballots into discussion 
period, is this meant for all of August, is this specific to some of the 
more complex Network Security related Ballots?

Dimitris: Since I originally asked for this - I meant the more complex 
ballots.

Wayne: In that case, the language is about finalized and we just need 
endorsers to start the Discussion Period.


      8. Any Other Business

No other business was discussed.


      9. Next call

The next call will take place on August 6, 2020 at 11:00am Eastern Time.


      Adjourned

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200809/47b28a95/attachment-0001.html>


More information about the Servercert-wg mailing list