<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:18.0pt;
font-family:"Calibri",sans-serif;
font-weight:bold;}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:13.5pt;
font-family:"Calibri",sans-serif;
font-weight:bold;}
h4
{mso-style-priority:9;
mso-style-link:"Heading 4 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
font-weight:bold;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Calibri Light",sans-serif;
color:#2F5496;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Calibri Light",sans-serif;
color:#1F3763;}
span.Heading4Char
{mso-style-name:"Heading 4 Char";
mso-style-priority:9;
mso-style-link:"Heading 4";
font-family:"Calibri Light",sans-serif;
color:#2F5496;
font-style:italic;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Georgia",serif;
color:windowtext;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1644891951;
mso-list-template-ids:-2013651570;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Georgia",serif">Published!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Georgia",serif"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Consolas;color:black">-- <br>
Jos Purvis (</span><span style="color:black"><a href="mailto:jopurvis@cisco.com"><span style="font-size:9.0pt;font-family:Consolas;color:#954F72">jopurvis@cisco.com</span></a></span><span style="font-size:9.0pt;font-family:Consolas;color:black">)<br>
.:|:.:|:. cisco systems | Cryptographic Services<br>
PGP: 0xFD802FEE07D19105 | Controls & Trust Verification</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-family:"Georgia",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Georgia",serif"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">Servercert-wg <servercert-wg-bounces@cabforum.org> on behalf of CABF Server Cert WG <servercert-wg@cabforum.org><br>
<b>Reply-To: </b>"Dimitris Zacharopoulos (HARICA)" <dzacharo@harica.gr>, CABF Server Cert WG <servercert-wg@cabforum.org><br>
<b>Date: </b>Sunday, 9 August, 2020 at 14:23<br>
<b>To: </b>CABF Server Cert WG <servercert-wg@cabforum.org><br>
<b>Subject: </b>[Servercert-wg] Final minutes for Server Certificate Working Group Teleconference - July 23, 2020<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><br>
These are the final Minutes of the Teleconference described in the subject of this message.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><o:p> </o:p></p>
<h2>Attendees (in alphabetical order)<o:p></o:p></h2>
<p>Ben Wilson (Mozilla), Bruce Morton (Entrust Datacard), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign),
Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust),
Joanna Fox (GoDaddy), Johny Reading (GoDaddy), Karina Sirota (Microsoft), Michelle Coon (OATI), Michol Murray (GoDaddy), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rae Ann Gonzales (Godaddy), Rich Smith (Sectigo), Robin
Alden (Sectigo), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Thanos Vrachnos (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Travis Graham (GoDaddy), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).<o:p></o:p></p>
<h2>Minutes <o:p></o:p></h2>
<h3>1. Roll Call<o:p></o:p></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The Roll Call was taken.<o:p></o:p></p>
<h3>2. Read Antitrust Statement<o:p></o:p></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The Antitrust Statement was read.<o:p></o:p></p>
<h3>3. Review Agenda<o:p></o:p></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">No changes to the agenda were noted. Dimitris will not chair for the next two calls, no volunteers for minute taking.<o:p></o:p></p>
<h3>4. Approval of minutes from last teleconference<o:p></o:p></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Accepted without objections.<o:p></o:p></p>
<h3>5. Validation Subcommittee Update<o:p></o:p></h3>
<p class="MsoNormal">Tim reports he will not be available in the next SCWG call either and that in turn somebody else may have to report.<br>
<br>
Recently, the Validation Subcommittee has spent time going over the Trello board re-assessing issues they have not reviewed for a while. Some were closed, some were moved on the board and some were updated with information.<br>
<br>
The Subcommittee has also looked at the Github facilities for managing issues; it is similar to the Trello solution. It looks like Github's facilities are in line with the Subcommittee's needs, so the Subcommittee may move from Trello to Github. As a next step
somebody needs to actually transfer the issues from Trello to Github, active issues first, backlog later.<br>
<br>
The Subcommittee will get back to the certificate profiles in next week's meeting.
<o:p></o:p></p>
<h3>6. NetSec Subcommittee Update<o:p></o:p></h3>
<p class="MsoNormal">The NetSec Subcommittee has received a request to not currently bring more ballots to vote. The Subcommittee has multiple work items nearly ready to be brought forward as Ballots, but will discuss the request in the meeting later on the
same day, as pushing them forward may not make sense if people do not currently have enough capacity for Ballot review.<br>
<br>
SC28 will thus for now stay in "heartbeat mode", SC32 is being worked on more to address input received, the "System Access" Draft Ballot has gone back to the Pain-Points subteam, to improve the explanation/motivation section, but not the Ballot content, the
same applies to the "Authentication Controls" Draft Ballot that tries to address the Lockout issue.<br>
<br>
The Offline CAs Draft Ballot is still being commented on within the Subcommittee, so there may be one more round of discussions required before we could put it forward.<br>
<br>
The Threat Modelling subteam has update the risk analysis document to include further examination of risks posed by CA equipment custody handling.<o:p></o:p></p>
<h3 style="mso-margin-top-alt:1.0pt;margin-right:0in;margin-bottom:1.0pt;margin-left:0in">
7. Ballot Status <o:p></o:p></h3>
<h4>Ballots in Discussion Period<o:p></o:p></h4>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><i><span style="color:black;border:none windowtext 1.0pt;padding:0in;background:white">SC28 (Logging and Log Retention)</span></i><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:black;border:none windowtext 1.0pt;padding:0in;background:white">Dimitris: SC28 is in heartbeat process<br>
Neil: Basically we propose new versions without changes so that the ballot does not expire since we do hold off from calling for a vote<br>
</span><br>
<b>Ballots in Voting Period</b><br>
<br>
<span style="color:black;border:none windowtext 1.0pt;padding:0in;background:white">None</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b>Ballots in Review Period</b><br>
<i><span style="color:black;border:none windowtext 1.0pt;padding:0in;background:white">SC30 (Disclosure of Registration/Incorporating Agency)</span></i><br>
<i><span style="color:black;border:none windowtext 1.0pt;padding:0in;background:white">SC31 (Browser Alignment)</span></i><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span style="color:black;border:none windowtext 1.0pt;padding:0in;background:white">Dimitris: We have two ballots in the review period, Ballots SC 30 and SC 31, review periods end August
20. I will post the final maintenance guidelines after that. I want to highlight that these ballots contain a few deadlines and effective dates that will become effective not relative to when the ballots themselves become effective, so CAs should be aware
of those.</span><o:p></o:p></p>
<h4 style="mso-margin-top-alt:1.0pt;margin-right:0in;margin-bottom:1.0pt;margin-left:0in">
Draft Ballots under Consideration<o:p></o:p></h4>
<p class="MsoNormal" style="margin-bottom:12.0pt"><i>Spring 2020 cleanup and clarifications (Ryan)
</i><br>
<br>
No updates<br>
<br>
<i>Update to BR section 6.1.1.3</i><br>
<br>
Chris: We got some internal discussion about this, including discussion of whether to include compromised as well as weak keys, and we are debating this in-house. In any case, the draft language will be posted this day or the next.<br>
<br>
Dimitris: SC 31, which is in review period, also changes Section 6.1.1.3 of the Baseline Requirements, which means this needs to be considered when bringing the Ballot.<br>
<br>
<i><span style="color:black;border:none windowtext 1.0pt;padding:0in;background:white">Offline CA Security Requirements
</span></i><span style="color:black;border:none windowtext 1.0pt;padding:0in;background:white">(Ben)<br>
<br>
Dimitris invites Ben to share information regarding the Offline CA Security Requirements Draft Ballot.<br>
<br>
Ben: We just need to get endorsers, and a Ballot number, and that is what we are working on right now, we will discuss it in the NetSec Subcommittee.<br>
<br>
<i>Updating BR 3.2.2.4.10 </i>(Wayne)<br>
<br>
Wayne: I have not moved any further with this Ballot and I have a question about the request not to bring any more ballots into discussion period, is this meant for all of August, is this specific to some of the more complex Network Security related Ballots?<br>
<br>
Dimitris: Since I originally asked for this - I meant the more complex ballots.<br>
<br>
Wayne: In that case, the language is about finalized and we just need endorsers to start the Discussion Period.</span><o:p></o:p></p>
<h3 style="mso-margin-top-alt:1.0pt;margin-right:0in;margin-bottom:1.0pt;margin-left:0in">
8. Any Other Business<o:p></o:p></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">No other business was discussed.<o:p></o:p></p>
<h3>9. Next call<o:p></o:p></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The next call will take place on August 6, 2020 at 11:00am Eastern Time.<o:p></o:p></p>
<h3><span lang="DE">Adjourned</span><o:p></o:p></h3>
</div>
</body>
</html>