<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:332493191;
mso-list-template-ids:182248998;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1308896168;
mso-list-template-ids:395328906;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1937204391;
mso-list-template-ids:1618113048;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-family:"Georgia",serif'>These are the final minutes of the 2021-08-05 SCWG meeting; they have been published to the website:<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Georgia",serif'> <a href="https://cabforum.org/2021/08/19/2021-08-05-minutes-of-the-server-certificate-working-group/">https://cabforum.org/2021/08/19/2021-08-05-minutes-of-the-server-certificate-working-group/</a><o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:9.0pt;font-family:Consolas;color:black'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:Consolas;color:black'>-- <br>Jos Purvis (</span><a href="mailto:jopurvis@cisco.com"><span style='font-size:9.0pt;font-family:Consolas;color:#954F72'>jopurvis@cisco.com</span></a><span style='font-size:9.0pt;font-family:Consolas;color:black'>)<br>.:|:.:|:. cisco systems | Cryptographic Services<br>PGP: 0xFD802FEE07D19105 | Controls and Trust Verification</span><o:p></o:p></p></div><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'>Management <management-bounces@cabforum.org> on behalf of Wayne Thayer via Management <management@cabforum.org><br><b>Date: </b>Thursday, 5 August, 2021 at 14:00<br><b>To: </b>management@cabforum.org <management@cabforum.org><br><b>Subject: </b>[cabfman] [DRAFT] 08/05/2021 Minutes of the Server Certificate Working Group<o:p></o:p></span></p></div><div><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><b id=gmail-docs-internal-guid-bf345e41-7fff-35b4-c3fa-b8c3002e36a3><span style='font-family:"Arial",sans-serif;color:black'>Server Certificate Working Group – 5 August 2021</span></b><o:p></o:p></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif;color:black'>Attendees: Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Mike Reilly (Microsoft), Niko Carpenter (SecureTrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority), Natalia Kotliarsky (SecureTrust), Brittany Randall (GoDaddy), Tyler Myers (GoDaddy), Fumihiko Yoneda (Japan Registry Services), Yoshiro Yoneya (Japan Registry Services), Mike Min (GoDaddy), Rachel McPherson (Trustcor), Jose Guzman (GoDaddy)</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>1. Read Antitrust Statement</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Jos Purvis read the antitrust statement.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>2. Roll Call</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Dean Coclin read the roll.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>3. Review Agenda</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>No changes were made to the agenda.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>4. Approval of minutes from last teleconference</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>The minutes from the last call were approved.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>5. Validation Subcommittee Update</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Clint WIlson said that there has been a lot of feedback on the draft certificate profiles. The subcommittee would like to receive continuous, incremental feedback as concerns are discovered rather than a big batch of feedback after a comprehensive review has been completed because it is more efficient to address feedback in small increments.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>CRL distribution points were the main discussion topic on last week’s call, prompted by an email to the list. There are many different ways to encode them. We’d like to agree on a canonical form, but in the initial profile update expect to allow both formats. There was a good discussion around the pros and cons of the different encodings - one CRLDP with multiple URIs or multiple CRLDPs with single URIs.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>6. NetSec Subcommittee Update</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Ben Wilson said the subcommittee met on Tuesday. They are looking for a replacement for Neil Dunbar as chair. Clint Wilson, David Kluge, and Dustin Hollenback will seek approval to fill this role from their management. Ben will update the WebEx meeting to allow other members to start the WebEx session.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>The cloud security subgroup recently shifted focus to audits and is preparing a document describing potential audit models and the component services that would be audited.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Finally, they discussed ballot SC34 which would no longer require annual review of inactive user accounts. Tobi is seeking a new endorser to replace Neil</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>7. Ballot Status</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Ballots in Discussion Period</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:.75in'><span style='font-family:"Arial",sans-serif;color:black'>None</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Ballots in Voting Period</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:.75in'><span style='font-family:"Arial",sans-serif;color:black'>None</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Ballots in Review Period</span><o:p></o:p></p><p style='mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:0in;margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo2;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol;color:black'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-family:"Arial",sans-serif;color:black'>Ballot SC47: Sunset subject:organizationalUnitName (Completes 2021-Aug-07)<o:p></o:p></span></p><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo2;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol;color:black'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-family:"Arial",sans-serif;color:black'>Ballot SC48 - Domain Name and IP Address Encoding (Completes 2021-08-21)<o:p></o:p></span></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Draft Ballots Under Consideration</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in;text-indent:-.25in;mso-list:l1 level1 lfo4;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol;color:black'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-family:"Arial",sans-serif;color:black'>Ballot SCXX: Debian Weak Keys (Chris)<o:p></o:p></span></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in'><span style='font-family:"Arial",sans-serif;color:black'>Chris Kemmerer said that he is going to reach out to external resources (Rob Stradling of Sectigo and Dimitris Zacharopoulos of HARICA) to clarify where the lists of weak keys will be hosted.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1 lfo6;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol;color:black'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-family:"Arial",sans-serif;color:black'>Ballot SC34 Account Management (Tobi)<o:p></o:p></span></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in'><span style='font-family:"Arial",sans-serif;color:black'>Tobi Josefowitz said that it was discussed in the Network Security subcommittee. Neil was an endorser, so Tobi is looking for a new endorser.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>8. Any Other Business</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>None</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>9. Next call: August 19th, 2021 at 11AM Eastern</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Adjourn; Immediately convene meeting of CA Browser Forum (same call)</span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>