[cabf_validation] 2021-02-25 Meeting Minutes

Corey Bonnell Corey.Bonnell at digicert.com
Thu Feb 25 22:41:28 UTC 2021

Validation sub-committee meeting minutes for 2021-02-25



Amanda Mendieta

Andrea Holland

Aneta Wojtczak

Ben Wilson

Bruce Morton

Christy Berghoff

Clint Wilson

Corey Bonnell

Daniela Hood

Dean Coclin


Douglas Beattie

Enrico Entschew

Janet Hines

Johnny Reading

Michelle Coon

Niko Carpenter

Paul van Brouwershaven

Rebecca Kelley

Shelley Brewer

Tim Hollebeek

Wayne Thayer


Tim read the Antitrust statement.


Tim: Agenda for today is next week's F2F discussion topics. He said that he
will read the minutes for the group since the last F2F to produce a list of


Tim mentioned the Trello board and how it was decided to move items to
Github issues in line with Infra WG. But we didn't get around to moving
over. We can talk about the current content of Trello and next steps on
moving items.


Tim mentioned 4 discussion topics:

- Certificate profile work.

- Talk about OU ballot. We need to get to conclusion sooner rather than

- DV reuse periods.

- HTTP validation and ADN. 


Tim asked if it would be useful to review Trello board.

Wayne said we need to clean it up. Not sure if needed to do now; lots of
things listed that aren't needed.

Tim recommended that people take a look at the Trello if anything is
valuable; if so, add a Github issue.

Wayne said that is a good approach.



Dean said one hour of discussion for Validation is scheduled.

Tim said that may or may not be enough. Tim asked group how long we need.

Dimitris said there are 37 open issues on servercert WG Github. He's not
sure if related to Validation, but it's possible they are.

Paul said we can decorate those issues with a Validation label.

Dimitris agreed and said netsec-wg is already doing it.

Paul said other option is to create a project and add them there.

Wayne said that's the plan, no project created yet though. Only exists for
Infra WG.

Tim said he'd welcome assistance setting that up.

Dimitris said we might cause more confusion by adding stuff from Trello.

Tim said we need to iterate a bit on getting Github to where we want it.

Paul said we should create a project in Github and assign existing issues to
this WG.

Tim said there's not a lot of issues; we should review and tag, should be
quick process. Asked for volunteers.

Wayne volunteered to assist and will create the Github project. Wayne
created the board during the call


Wayne asked if anyone plans to have discussion points for each of the agenda

Tim said OU has two approaches: Entrust ballot vs. blanket ban. Dimitris
asked how many controversial topics we have; time is best spent discussing
controversial topics.

Tim agreed and said best use of time is to determine next steps. He said
that OU and HTTP validation are controversial; DV reuse less so. Just need
to get the ballot across the finish line. Certificate profiles are less
controversial but there are some controversial points.


Dimitris brought up the streetAddress RDN issue and how ETSI has guidance on
the number of times an RDN may appear in a DN. Dimitris and Tim agreed that
can be tackled as part of profile work.


Tim asked if anyone had anything new about OU. Paul said nothing new;
waiting for input from AT&T. Dimitris said an improvement ballot is best; if
it fails, we can discuss removal. Dimitris didn't completely agree with
Ryan's points about the responsibility of the Legal Representative and that
could be discussed. Paul agreed the discussion isn't closed and would
participate in the discussion if it comes up.

Tim proposed 30 minutes and others agreed.


Tim said we haven't discussed HTTP validation/ADN much on the calls and
proposed 30 minutes. Bruce asked what is controversial. Tim mentioned the
disclose of validation data and how it is disclosed. Additionally, the rules
on how it would work and transition timelines.


Wayne brought up Ben's validation reuse ballot has the validation reuse
cliff and to a lesser extent, effective date issues. Bruce said there's a
date in the ballot but the ballot is still not defined completely, which is
concerning. Bruce said these ballots can be approved more quickly if there
was an extended time to implement. Tim agreed and said that waiting to
determine effective dates delays the effective date because you can't do
customer communications, etc. until the date is determined.


Tim then asked the group how long we need for this discussion. Clint
suggested that it would help the discussion up by stating it affects only
validations performed after a certain date and proposed 15 minutes for
discussion. Dimitris agreed on 15 minutes and said that the ballot is clear
and people can challenge the current wording during that time. Dimitris
mentioned that the discussion on effective dates of ballots in general would
take at least another 15 minutes to just introduce the topic. Tim said he
does not plan to discuss that issue next week. Bruce said that topic should
be for the servercert WG as a whole to discuss. Tim said it's also a valid
Forum-level topic.


Tim asked about certificate profiles. Bruce said it's just a lot of work,
nothing much to discuss unless there's issues. Tim agreed there's not a lot
of discussion to be had. Tim proposed 15 minutes for strategy and next

Tim said we need to expand time slot to 1h30m.


Tim asked if there's any other business. There was none.


Meeting was adjourned.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20210225/af25ff51/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20210225/af25ff51/attachment-0001.p7s>

More information about the Validation mailing list