<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Georgia",serif;
color:windowtext;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:182788951;
mso-list-template-ids:-725595484;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:880440020;
mso-list-template-ids:384845296;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1278026770;
mso-list-template-ids:91679260;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3
{mso-list-id:1524242780;
mso-list-template-ids:1277227436;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4
{mso-list-id:1837840827;
mso-list-template-ids:189809248;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5
{mso-list-id:1845587695;
mso-list-template-ids:415146252;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-family:"Georgia",serif'>These are the final minutes from the 20 Jan meeting of the Server Certificate Working Group; they have also been published to the <a href="https://cabforum.org/2022/02/04/2022-01-20-minutes-of-the-server-certificate-working-group/">public website at cabforum.org</a>.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><div><div><div><p class=MsoNormal><span style='font-size:9.0pt;font-family:Consolas;color:black'>-- <br>Jos Purvis (</span><span style='color:black'><a href="mailto:jopurvis@cisco.com" title="mailto:jopurvis@cisco.com"><span style='font-size:9.0pt;font-family:Consolas;color:#954F72'>jopurvis@cisco.com</span></a></span><span style='font-size:9.0pt;font-family:Consolas;color:black'>)<br>.:|:.:|:. cisco systems | Cryptographic Services<br>PGP: 0xFD802FEE07D19105 | Controls & Trust Verification</span><span style='font-size:12.0pt;color:black'><o:p></o:p></span></p></div></div></div><div style='mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in'><p class=MsoNormal style='border:none;padding:0in'><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p></div><div><div><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><b><span style='font-family:"Arial",sans-serif;color:black'>Server Certificate Working Group – 20 January 2022</span></b><o:p></o:p></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif;color:black'>Attendees: Aaron Gable (Let's Encrypt), Adam Clark (Visa), Adam Jones (Microsoft), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumihiko Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Israel Ventura (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Miguel Sanchez (Google), Natalia Kotliarsky (SecureTrust), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Pekka Lahtiharju (Telia Company), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Tom Zermeno (SSL.com), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijay Kumar (India PKI Forum), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>1. Read Antitrust Statement</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Jos Purvis read the antitrust statement.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>2. Roll Call</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Dean read the roll.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>3. Review Agenda</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>No changes were made to the agenda.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>4. Approval of Minutes from Last Teleconference</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>The minutes from the 6-January call were approved without changes.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Jos said that the minutes from the last face-to-face will be published to the website once one last browser update presentation is received.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>5. Validation Subcommittee Update</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Tim Hollebeek said that he resigned as the chair, and Corey Bonnell was approved as the new chair by consensus on the last call. The subcommittee (SC) discussed the “Amazon delegation to the CA” method and some concerns that were posted to the list. The concern is when the CNAME is delegated to the CA and the Subscriber is not involved. There is interest in developing a new validation method that resolves these concerns and supports automation. The now-expired ballot SC52 was discussed but it’s unclear how to proceed given concerns that were raised during the discussion period. Paul Van Brouwershaven presented some interesting findings on “Mojibake” IDNs such as when it is not appropriate to mix different encodings. This issue may be taken up by the SC in the future. Finally, Wayne Thayer noted that the literal text of tracking BR version number is not what most CAs actually do. It was agreed that this should be clarified.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Jos thanked Tim for his service as chair.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>6. NetSec Subcommittee Update</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Jos said that the NetSec SC is now a working group (WG) and their update will shift to the Forum plenary, but any transition items will be discussed here for the next few meetings.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Clint Wilson said that the WG held their inaugural meeting on Tuesday and went through the formation work, such as approving membership and appointing a chair. The NCSSRs have not yet been adopted by the WG. They discussed the goals and initial deliverables, which are all focused around the NCSSRs. Some work - mostly definitions - will continue within the SCWG. Ongoing work such as the risk assessment, document structure, and scope will continue. Most initial membership declarations have been received but it’s not too late to join.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Dean Coclin asked Jos if the plan was to move this WG to the plenary agenda. Jos said yes.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Ryan Dickson asked about handling dependencies on the NCSSRs in the BRs. He said that the discussion back in November was about requiring a notice of NCSSR changes be sent to dependent WGs, and that the implementation of this was not in scope for the NCSSR charter.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Jos said that the first thing we need to do is to amend section 5 of the BRs to amend section 5 of the BRs to adopt a specific version of the BRs (or the current version if we choose). This should be sorted out before the NCSSRs are adopted by the new NetSec WG.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Ryan said that he agrees on the approach of adopting a specific version number rather than blindly accepting and approving new requirements. This approach also reduces IPR risk for SCWG members who are not also members of the NetSec WG.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Dimitris Zacharopoulos said that the Code Signing WG has adopted the practice of referencing a specific version of the BRs and EVGLs.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Tim said that inconsistency in the version of NCSSRs across WGs could be a problem for CAs that must meet multiple requirements from common infrastructure. We also need to determine how to keep the NCSSR version in sync across WGs.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Trevoli Ponds-White noted that the EVGLs reference the BRs without specifying a version, but agreed with Tim’s concerns and urged the WG to consider this risk. If CAs must comply with multiple NCSSR versions from a common system, we are encouraging CAs to build complex, forked systems.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Tim said that the existence of the NetSec WG doesn’t mean that we can’t discuss the implications of the NCSSRs in other WGs such as the SCWG.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Ryan said that we currently face similar obligations in the BRs with other documents that are referenced. He asked if it is possible to restructure the NCSSRs to section off general requirements from those that apply to specific types of certificates?</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Tim commented that all the NCSSR requirements are general.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Bruce Morton said that the CSCWG doesn’t have a specific version reference for the NCSSRs as it does for the BRs and EVGLs. This is good because we need to adopt improvements the NetSec WG has made to the NCSSRs. Requirements that are specific to other WGs should land in the respective WGs requirements, not in the NCSSRs.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>7. Ballot Status</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Ballots in Discussion Period</span><o:p></o:p></p><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:1.0in;text-indent:-.25in;mso-list:l1 level1 lfo1;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol;color:black'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-family:"Arial",sans-serif;color:black'>Ballot SC51: Reduce & Clarify Audit Log and Records Archival Retention Requirements<o:p></o:p></span></p><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:1.0in'><span style='font-family:"Arial",sans-serif;color:black'>Clint said that there is great discussion on the list. This ballot originally came from an attempt by Neil Dunbar to reduce the retention period for archives to match the reduced period for audit logs. In the process, it was discovered that there is not a shared understanding of what section 5.5 is about. It eventually became clear that the processing of data is a sequence of events. A large portion of the data comes from event logs. The records archive is a superset that includes audit logs. To clarify the meaning of 5.5, the new ballot language is repetitious and very specific. Clint said that he is open to alternatives, then asked if there is there interest in including the note that Dimitris proposed stating that this is a minimum requirement and CAs are encouraged to go beyond it.</span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:1.0in'><span style='font-family:"Arial",sans-serif;color:black'>Trev said that one theme in the feedback is that “archive” is an undefined term and the feedback is oriented to individual interpretations. These are the records that you are supposed to keep and for how long. How to store and secure this data is currently undefined.</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Ballots in Voting Period</span><o:p></o:p></p><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo2;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol;color:black'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-family:"Arial",sans-serif;color:black'>Ballot SC53: Sunset for SHA-1 OCSP Signing - voting ends on 24-Jan<o:p></o:p></span></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Ballots in Review Period</span><o:p></o:p></p><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in'><span style='font-family:"Arial",sans-serif;color:black'>None</span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;text-indent:.5in'><span style='font-family:"Arial",sans-serif;color:black'>Draft Ballots Under Consideration</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in;text-indent:-.25in;mso-list:l4 level1 lfo3;vertical-align:baseline'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol;color:black'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-family:"Arial",sans-serif;color:black'>SC52 (expired) replacement ballot<o:p></o:p></span></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>8. Any Other Business</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>None</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>9. Next call: February 3rd, 2022 at 11AM Eastern</span><o:p></o:p></p><p style='mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-family:"Arial",sans-serif;color:black'>Adjourn; Immediately convene meeting of CA Browser Forum (same call)</span><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><p class=MsoNormal><o:p> </o:p></p></div></blockquote></div></div></div></body></html>