[cabf_validation] Draft Minutes for the Validation Subcommittee Server Certificate Working Group Teleconference - 3 March 2022

Doug Beattie doug.beattie at globalsign.com
Thu Mar 10 18:48:05 UTC 2022



These are the draft minutes of the teleconference described in the subject of this message as prepared by Doug Beattie (GlobalSign).

Please review the minutes and propose edits if necessary. These minutes will be considered for approval at the next meeting. The recording of the meeting will be deleted once the minutes are approved.

Attendees (in alphabetical order)

Amanda Mendieta, Aneta Wojtczak, Ben Wilson, Bruce Morton, Clint Wilson, Corey Bonnell, Dimitris Zacharopoulos, Doug Beattie, Dustin Hollenback,  Iñigo Barreira, Joanna Fox, Kati Davids, Kiran Tummala, Luis Cervantes, Michelle Coon, Niko Carpenter, Paul van Brouwershaven, Pekka Lahtiharju, Rebecca Kelley, Ryan Dickson, Thomas Zermeno, Trevoli Ponds-White, Tyler Myers and Wayne Thayer


1.	Certificate profiles (integrating decisions into the draft, open items, etc.)
2.	Continuation of EV Enterprise RAs discussion on list (if needed




*	The recording started 
*	Roll call was taken by Corey
*	The antitrust statement was read by Corey
*	Minute taker was assigned (Doug)


1. Certificate Profile 


Corey got the conversation started:  During the F2F a few decisions were made, for example we will remain silent on non TLS CA profiles.  What’s the process for making these updates in GitHub?

*	The ballot is in Ryan Sleevi’s repos.  Should we use a different one, and if so, what are the next steps?
*	Ben agreed we should use a new repo and contact Ryan to discuss.
*	Ryan Dickerson said that Sleevi intends to add some changed from four weeks ago.  
*	Ryan took an action to discuss moving the repo.



2. Continuation of EV Enterprise RAs discussion on list


Bruce started the conversation.  

*	Enterprise RA is a defined term in SSL BRs
*	The EVGL has a define term for “Enterprise EV RA”, but it’s not used anywhere.  The definition is a bit strange as well.
*	EVGL uses the term “Enterprise RA”, including in section 14.2

*	That section also has some strange, old statements like …issue additional EV Certificates at third and higher domain levels…

*	Corey said that the only difference he could find between an Enterprise RA in the BRs and EVGL is that in EGVL there is  carve out for due diligence checks.
*	Ben said we should simplify 14.2 if we can.


In the end after a bit more discussion, Corey agreed to create a GitHub issue to document this and discuss there.



3. CRL Fetching


This wasn’t on the agenda but came up at the end of the meeting.  Corey and Bruce discussed the old requirement that all CRLs in the chain must be downloaded within 3 seconds over dial-up.


Bruce pointed out that the auditors already have taken care of this by not including an audit requirement for this very old 2007 requirement.


Corey agreed to open a GitHub issue to have this removed as part of an upcoming clean-up ballot.

Next meeting is March 24th and will be run by Corey. 






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20220310/a5cf8b27/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8404 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20220310/a5cf8b27/attachment-0001.p7s>

More information about the Validation mailing list