<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Georgia",serif;
color:windowtext;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:154494602;
mso-list-template-ids:302970056;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:506137779;
mso-list-template-ids:-1017224392;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:532235616;
mso-list-template-ids:-2035933956;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3
{mso-list-id:794638943;
mso-list-template-ids:-3648224;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4
{mso-list-id:801462085;
mso-list-template-ids:2047739076;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5
{mso-list-id:1692489614;
mso-list-template-ids:1136457062;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Georgia",serif'>PUblished<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Georgia",serif'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:9.0pt;font-family:Consolas;color:black'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:Consolas;color:black'>-- <br>Jos Purvis (</span><span style='font-size:11.0pt'><a href="mailto:jopurvis@cisco.com"><span style='font-size:9.0pt;font-family:Consolas;color:#954F72'>jopurvis@cisco.com</span></a></span><span style='font-size:9.0pt;font-family:Consolas;color:black'>)<br>.:|:.:|:. cisco systems | Cryptographic Services<br>PGP: 0xFD802FEE07D19105 | Controls and Trust Verification</span><span style='font-size:11.0pt'><o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Georgia",serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Georgia",serif'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='color:black'>From: </span></b><span style='color:black'>Servercert-wg <servercert-wg-bounces@cabforum.org> on behalf of CABF Server Cert WG <servercert-wg@cabforum.org><br><b>Reply-To: </b>"Jos Purvis (jopurvis)" <jopurvis@cisco.com>, CABF Server Cert WG <servercert-wg@cabforum.org><br><b>Date: </b>Wednesday, March 3, 2021 at 3:34 PM<br><b>To: </b>CABF Server Cert WG <servercert-wg@cabforum.org><br><b>Subject: </b>[Servercert-wg] Minutes of the Server Certificate Working Group, 2021-02-18<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p></div><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><b><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Server Certificate Working Group – 18 February 2021</span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Attendees (in alphabetical order)</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Aaron Gable (Let's Encrypt), Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Sebastian Schulz (GlobalSign), Shelley Brewer (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority)</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>1. Read Antitrust Statement</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Jos read the antitrust statement.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>2. Roll Call</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Dean read the roll.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>3. Review Agenda</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>No changes were made to the agenda.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>4. Approval of minutes from last teleconference</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>The minutes from the February 4th teleconference were approved without changes.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>5. Validation Subcommittee Update</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Tim Hollebeek said that there was a significant discussion on IP address validation and the use of Start of Authority (SOA) DNS records for IP address validation. To be clear, the use of SOA records is not permitted. The subcommittee then discussed Ryan Sleevi’s work on formatting certificate profiles into tables in markdown. Tim said that we are close to being able to put the work on profiles and formatting together into a document that we can review. The subcommittee didn’t have time to discuss ADN wildcard validation on the call. On the next call they will discuss an agenda for the upcoming face-to-face (F2F) meeting.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>6. NetSec Subcommittee Update</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Neil Dunbar reported that the subcommittee met on Tuesday. The cloud services team continued discussion on what documents to produce. Consensus is that rather than creating a standalone document they will reference ISO and other documents. Next, the subcommittee continued their work to analyze the DigiNotar breach to close down practices that are not strictly forbidden but clearly should be. The subcommittee had a long discussion on SC40 trying to address issues on wording around data flowing into and out of an air-gapped system. They wIll try to get some new wording out to resolve these ambiguities. Finally, they discussed a draft presentation for the F2F. They plan to hold an open forum on how to present future work coming from the subcommittee because ballots may not always be the best approach. One idea is to produce a reference implementation to act as an example of how to properly implement the NCSSRs. Clint and Neil continued to work on the fallout of ballot SC38 to address BR section 4.1.1’s suspicious certificate database and a reformatting of BR 5.4 and 5.5 retention periods.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>7. Ballot Status</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Ballots in Discussion Period</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in;text-indent:-.25in;mso-list:l4 level1 lfo2;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>SC38 – Alignment of Record Archival</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Neil said that this ballot is past the 21-day period and has automatically failed. Jos said that he will confirm and post an update to the list.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Ballots in Voting Period</span><o:p></o:p></p><p class=MsoNormal style='margin-left:1.0in;text-indent:-.25in;mso-list:l1 level1 lfo4;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>SC41 - Reformat the BRs, EVGs, and NCSSRs</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Ryan asked everyone to vote.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Ballots in Review Period</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo6;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>SC39v3 – Definition of Critical Vulnerability</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Jos asked everyone to perform an IPR review and file exclusions if needed.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Draft Ballots Under Consideration</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1 lfo8;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Ballot SC40: Security Requirements for Air-Gapped CA Systems (Ben)</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Ben Wilson said that there are two comments. The first is about data going in and out of root CA system. CAs input things to sign and then take out signed objects. The second comment was that this process needs to be more secure. The first is easy to fix via a change to the “unidirectional” language. The second is quite difficult to fix succinctly. It might be better suited for the reference implementation document that Neil mentioned. Ben will post a revision to keep the discussion alive. Wayne Thayer noted that the changes in this ballot can have significant unintended consequences, a few of which have already been discussed. Wayne encouraged all CAs to closely review the ballot while it is still in the discussion phase and easy to modify. Jos stated his agreement with Wayne.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo10;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Ballot SCXX: Debian Weak Keys (Chris)</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Chris Kemmerer said that he’d like to discuss this at the upcoming F2F, and that he will send a proposal in advance. Jos will add this to the agenda.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo12;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Ballot SC34 Account Management (Tobi)</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Tobi Josefowitz said that if SC41 passes this pull request will have conflicts, and asked what the procedure is for that. Jos said that Tobi could update the PR by merging in the changes from SC41. Ryan offered to help via Slack and suggested that Tobi rebase the change on top of the SC41 branch. Tobi said that it’d be nice if we can retain the comments, and Ryan said that he would think about how to do that. Ryan said that he’d invite Tobi to the Infrastructure Slack group. Jos noted that Slack is a good way to ask questions of the Infrastructure subcommittee, and Ryan said that Slack is great for real-time communications but the mailing list is also an appropriate place to ask questions.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>8. Any Other Business</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Jos said that the agenda has been posted on the wiki and asked members to review and contact him with any proposed updates.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>9. Next call:TBD (after the F2F) at 11AM Eastern</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Adjourn; Immediately convene meeting of CA Browser Forum call (same call)</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Georgia",serif'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Georgia",serif'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:Consolas;color:black'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:Consolas;color:black'>-- <br>Jos Purvis (</span><span style='font-size:11.0pt'><a href="mailto:jopurvis@cisco.com"><span style='font-size:9.0pt;font-family:Consolas;color:#954F72'>jopurvis@cisco.com</span></a></span><span style='font-size:9.0pt;font-family:Consolas;color:black'>)<br>.:|:.:|:. cisco systems | Cryptographic Services<br>PGP: 0xFD802FEE07D19105 | Controls and Trust Verification</span><o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p></div></body></html>