[Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - December 12 2019
Jos Purvis (jopurvis)
jopurvis at cisco.com
Mon Jan 13 07:47:57 MST 2020
Jos Purvis (jopurvis at cisco.com<mailto:jopurvis at cisco.com>)
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | +1 919.991.9114 (desk)
From: Servercert-wg <servercert-wg-bounces at cabforum.org> on behalf of "Dimitris Zacharopoulos (HARICA) via Servercert-wg" <servercert-wg at cabforum.org>
Reply-To: "Dimitris Zacharopoulos (HARICA)" <dzacharo at harica.gr>, CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Date: Monday, January 13, 2020 at 5:05 AM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - December 12 2019
These are the Final Minutes of the Teleconference described in the subject of this message.
Attendees (in alphabetical order)
Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Corey Bonnell (SecureTrust), Daniela Hood (GoDaddy), David Moeller (Sectigo), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Joanna Fox (GoDaddy), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Patrick Nohe (GlobalSign), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Shelley Brewer (Digicert), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
1. Roll Call, assign minute-taker
The Chair took attendance. Wendy Brown volunteered to take minutes.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
Accepted without change.
4. Approval of minutes from previous teleconference
Accepted without objections.
5. Application for OISTE Foundation
Dean said he had reviewed it and the application is in order. They want to be involved in both the Server Certificate WG and S/MIME WG when it is established. They are the owner/operator of the WiseKey subordinate CA as well as operating the root CA.
Application was approved with no objections.
6. Application for NAVER BUSINESS PLATFORM Corp.
Dean said the had reviewed, the application is in order, however he would like to verify that the person signing the agreement has the authorization to sign on behalf of the company. Therefore, he asked that approval be provisional on successful verification.
Provisional approval for the application was approved with no objections.
7. Application for iTrusChina to become a full Member
iTrusChina is already an Associate Member pending inclusion of their root in at least one public trust store. They are now included in 360 Browser.
Full membership was approved with no objections
Dean will contact all three companies to let them know of approval.
Dimitris will make sure the web site is updated.
8. Validation Subcommittee Update
* Method 6 ballot - ready to go
* Validation sources are being collected and reviewed - creating a document to help CAs provide validation sources
* Fixing problem of which subject attributes are allowed in Intermediate CAs – the plan is to start with whitelisting all the current attributes used and then discuss what may need to change
* Any other business - TOR has changed onion handling - will need to update guidelines to correspond to these changes
* Bruce asked for clarification if the validation sources are only being collected for the EV guidelines
* The answer was we are starting with EV, but it may expand to the BRs later based on whatever decision is made
* Will make the scope clear on the Wiki
9. NetSec Subcommittee Update
* Neil is still coming up to speed - taking over the chair from Ben
* Updating SC20 - continuous monitoring for unauthorized changes
* SC21 went through ballotting before SC20 so a review is needed to ensure SC20 language agrees with the approved SC21 changes
* Take away wiggle room to ensure continuous change control & monitoring
* Looking at modeling of sub components
* Meeting right after this session
10. Ballot Status
No further discussion.
Ballots in Discussion Period
Ballots in Voting Period
Ballots in Review Period
SC23 v3: Precertificates
SC24 v2: Fall Cleanup
Draft Ballots under Consideration
SC20 Ballot (NSR 2): System Configuration Management
A request was made that they review the minutes from the last teleconference and add a problem statement as to why the ballot is being proposed. Neil said there is a problem statement in the ballot language, so this can be provided.
SC25: Define New HTTP Domain Validation Methods (Doug)
Doug stated this is getting close to be ready for discussion, he needs to turn the email version into a github version for discussion and voting. It is not yet in the official discussion period.
LEI Ballot (Tim H.)
Formatting changes to Guidelines (Jos)
The 2 ballots in review will need to be merged to the master branch and then rebase the document for formatting changes in order to create a ballot.
Aligning the BRs with existing Browser Requirements (Ryan)
Ryan has not received any additional inputs recently. He will wait for the formatting changes ballot to go first and then re-base to the latest BRs so the proposed changes are clear against the latest version of the BRs. Further feedback from Root Programs is welcomed. Ryan is also waiting for Microsoft to finish the update that started in October. Mozilla policy 2.7 has also just been released and will be reviewed.
11. Approval of F2F 48 minutes
Minor updates were made to the minutes that were initially circulated.
Minutes as updated were approved with no objections.
12. Action items from F2F 48
Dimitris has created a Wiki page for action items from the F2F 48 meeting, he invited others to make use of this new page.
13. Any Other Business
No other Business raised.
14. Next call
January 9, 2020 at 11:00 am Eastern Time.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Servercert-wg