<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Georgia",serif;
color:windowtext;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:41365577;
mso-list-template-ids:1606172164;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1012995563;
mso-list-template-ids:652649630;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-family:"Georgia",serif'>These have also been published to the <a href="https://cabforum.org/2022/01/11/2021-11-11-minutes-of-the-server-certificate-working-group/">public website at cabforum.org</a>. Apologies for the holiday-related delay in publication!<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><div><div><div><p class=MsoNormal><span style='font-size:9.0pt;font-family:Consolas;color:black'>-- <br>Jos Purvis (</span><span style='color:black'><a href="mailto:jopurvis@cisco.com" title="mailto:jopurvis@cisco.com"><span style='font-size:9.0pt;font-family:Consolas;color:#954F72'>jopurvis@cisco.com</span></a></span><span style='font-size:9.0pt;font-family:Consolas;color:black'>)<br>.:|:.:|:. cisco systems | Cryptographic Services<br>PGP: 0xFD802FEE07D19105 | Controls & Trust Verification</span><span style='font-size:12.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></div></div><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'>Management <management-bounces@cabforum.org> on behalf of Wayne Thayer via Management <management@cabforum.org><br><b>Date: </b>Thursday, 11 November, 2021 at 13:45<br><b>To: </b>management@cabforum.org <management@cabforum.org><br><b>Subject: </b>[cabfman] [DRAFT] 11/11/2021 Minutes of the Server Certificate Working Group<o:p></o:p></span></p></div><div><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><b id=gmail-docs-internal-guid-c7a23457-7fff-6835-cd00-dae69ee1eaa4><span style='font-family:"Arial",sans-serif;color:black'>Server Certificate Working Group – 11 November 2021</span></b><o:p></o:p></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif;color:black'>Attendees: </span>Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Devon O'Brien (Google), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Fumihiko Yoneda (Japan Registry Services), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Jos Purvis (Cisco Systems), Julie Olson (GlobalSign), Kiran Tummala (Microsoft), Karina Sirota (Microsoft), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Martijn Katerbarg (Sectigo), Miguel Sanchez (Google Trust Services), Natalia Kotliarsky (SecureTrust), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority)<o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>1. Read Antitrust Statement</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Jos Purvis read the antitrust statement.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>2. Roll Call</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Dean Coclin read the roll.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>3. Review Agenda</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>No changes were made to the agenda.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>4. Approval of Minutes from Last Teleconference</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>The minutes from the last call were approved without changes.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Jos said that the minutes from the recent F2F are up on the wiki and asked if we are ready to approve them?</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Dean asked if we need to first publish them to the list? Jos said that we should post a link to the wiki page to the management list for members to review. Minutes are missing from the ‘requirements for legacy CA certificates’ session on Thursday, and a few slots on Wednesday. Dean said that he and Jos will get a reminder out to folks responsible for those minutes.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>5. Validation Subcommittee Update</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Tim Hollebeek said that the subcommittee met last Thursday and had a good discussion of the profiles ballot based on his summary slides from the F2F session. In all open areas, we have a good idea of what we want to write and just need to start drafting language. There are over 20 items in that list. Tim encouraged everyone to read the </span><a href="https://lists.cabforum.org/pipermail/validation/2021-November/001728.html"><span style='font-family:"Arial",sans-serif;color:#1155CC'>meeting minutes</span></a><span style='font-family:"Arial",sans-serif;color:black'> that were sent to the Validation list this morning.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Dimitris said that there was also discussion about separating normative changes into a standalone ballot. Tim said that doing this would make it easier to give CAs time to implement the normative changes. Tim said that he will also post a proposal for handling effective dates out to the list.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Wayne Thayer asked about SC52, CRL Validity Intervals. Sounds like there is agreement on the language. Tim agreed and said that he plans to begin discussion on the ballot today or tomorrow.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>6. NetSec Subcommittee Update</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Clint Wilson said they had a brief meeting and continued discussion of the NetSec Working Group (WG) charter and how that new WG would interact with the other WGs. There is active discussion on the </span><a href="https://lists.cabforum.org/pipermail/public/2021-November/date.html"><span style='font-family:"Arial",sans-serif;color:#1155CC'>public list</span></a><span style='font-family:"Arial",sans-serif;color:black'>. Work is also progressing on the risk assessment. Finally, we are looking at minor issues that are documented in the </span><a href="https://github.com/cabforum/servercert/projects/3"><span style='font-family:"Arial",sans-serif;color:#1155CC'>GitHub project</span></a><span style='font-family:"Arial",sans-serif;color:black'>. Please take a look and feel free to add issues of your own.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Ben Wilson said that he does really want feedback on the proposed charter regarding how other WGs adopt NetSec changes. He feels that other WGs can choose to adopt specific versions, but auditors may always want to audit against the latest version.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Dimitris said that it is totally fine for each WG to decide independently to adopt specific version of the NCSSRs, but changes made by the NetSec WG can’t be binding on other WGs.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Jos agreed, citing IPR issues if this were the case.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Tim said that all other WG could just remove all references to the NCSSRs and allow auditors and root programs to require compliance. Or other WGs could explicitly delegate to the latest version of the NCSSRs.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Bruce said that other WGs could always write requirements that override the NCSSRs.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Jos encouraged everyone to take a look at the proposed charter and subsequent discussion relating to how changes to the NCSSRs apply to other WGs.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>7. Ballot Status</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Ballots in Discussion Period</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1 lfo1;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol;color:black'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-family:"Arial",sans-serif;color:black'>Ballot SC50 Removal of 4.1.1 Requirements (Clint)<o:p></o:p></span></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in'><span style='font-family:"Arial",sans-serif;color:black'>Jos said that the minimum required time for the discussion period has been met. Clint said that he is planning to begin voting within the hour.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Ballots in Voting Period</span><o:p></o:p></p><p style='mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:.75in'><span style='font-family:"Arial",sans-serif;color:black'>None</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Ballots in Review Period</span><o:p></o:p></p><p style='mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:.75in'><span style='font-family:"Arial",sans-serif;color:black'>None</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Draft Ballots Under Consideration</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in;text-indent:-.25in;mso-list:l1 level1 lfo2;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol;color:black'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-family:"Arial",sans-serif;color:black'>Ballot SCXX: Debian Weak Keys (Chris)<o:p></o:p></span></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in'><span style='font-family:"Arial",sans-serif;color:black'>Chris Kemmerer said he believes that all the issues raised in the thread have been resolved and a final internal review is underway.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>8. Any Other Business</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>None</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>9. Next call (after US Thanksgiving holiday): December 9th, 2021 at 11AM Eastern</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Adjourn; Immediately convene meeting of CA Browser Forum(same call)</span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>