[Servercert-wg] Final minutes for Server Certificate Working Group Teleconference - February 6, 2020

Jos Purvis (jopurvis) jopurvis at cisco.com
Tue Feb 25 12:12:54 MST 2020


Published!

 

 

-- 
Jos Purvis (jopurvis at cisco.com)
.:|:.:|:. cisco systems  | Cryptographic Services
PGP: 0xFD802FEE07D19105  | +1 919.991.9114 (desk)

 

 

From: Servercert-wg <servercert-wg-bounces at cabforum.org> on behalf of CABF Server Cert WG <servercert-wg at cabforum.org>
Reply-To: "Dimitris Zacharopoulos (HARICA)" <dzacharo at harica.gr>, CABF Server Cert WG <servercert-wg at cabforum.org>
Date: Friday, February 21, 2020 at 2:34 AM
To: CABF Server Cert WG <servercert-wg at cabforum.org>
Subject: [Servercert-wg] Final minutes for Server Certificate Working Group Teleconference - February 6, 2020

 

These are the final minutes of the Teleconference described in the subject of this message.
Attendees (in alphabetical order)
Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Peter Miskovic (Disig), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Thanos Vrachnos (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Vincent Lynch (Digicert), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
Minutes 
1. Roll Call
The Chair took attendance. 
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
Accepted without changes.
4. Approval of minutes from previous teleconference
Accepted without objections.
5. Approval of minutes from F2F meeting November 5, 2019
Accepted without objections.
6. Validation Subcommittee Update
The subcommittee's call was short and discussed about possible topics for the upcoming F2F.
7. NetSec Subcommittee Update
Problems discussing how the SC could share sensitive information off the public list. Created a netsec-management list with help from Travis.
Preparing a new ballot to change the CVSS requirements
Working on the Log retention ballot, performing a risks benefit analysis in the discussion document so others can see the thought process and rationale and why some items are proposed for a 2-year retention policy vs the normal one (7+ years).
SC20 is on discussion
Finalize what to present at the F2F.
8. Ballot Status 
Ballots in Discussion Period
SC20: Configuration Management (Neil)
Ryan suggested there could be "creative interpretations" to the text related to desired config changes that would not be considered compliance issues. He recommended alternative language that will be discussed at the next meeting. The plan is to put this ballot out for a vote soon. The subcommittee agreed to stick with lightweight changes that Ryan proposed.

SC27: Version 3 Onion Certificates (Wayne)
There was a change in section 3.2.2.4 improving a rather long paragraph. After 7 days of discussion Wayne will start the voting period.
  
Ballots in Voting Period
None

Ballots in Review Period
SC25: Define New HTTP Domain Validation Methods (review ends 2020-03-03) 
Draft Ballots under Consideration

SC26 - Pandoc-Friendly Markdown Formatting Changes (Jos)
Jos posted a quick update that fixed the issues. Comparison is now easier. Plans to start the discussion period.

LEI Ballot (Tim H.)
No updates. More discussion at the F2F.

Aligning the BRs with existing Browser Requirements (Ryan)
Ryan is incorporating Mozilla Policy 2.7. The plan is to send an update before the F2F. All proposed changes derive from existing Root Program requirements. Ryan also wants to explore what the effective dates should be in the BRs because various root programs had different policies and effective dates in the past. This issue is more important to Root Programs than for the CA members. CAs will see if they have missed any program requirements and Root Programs will see whether they were enforcing their Root Program requirements on CAs and whether the Root Programs would decide to give some grace period.

Tim H noted that it is possible that a CA may not participate in all Root programs. Therefore, bringing all requirements in the BRs would cause that CA to have to comply with more than necessary and even though that CA was complying with the requirements of a single Root Program, it would be out of compliance because of the additional requirements from other Root Programs. Ryan considers this to be a fair statement and we will need to discuss possible solutions.
9. Approve agenda for F2F 49

The agenda as posted on 2020-02-07 was approved.
10. Any Other Business
No other Business raised.
11. Next call
March 5, 2020 at 11:00 am Eastern Time.
Adjourned



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200225/9ddc366d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3699 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200225/9ddc366d/attachment-0001.p7s>


More information about the Servercert-wg mailing list