<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EstiloCorreo19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ES link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>Server Certificate Working Group</span></b><span lang=EN-GB><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><span lang=EN-GB>Meeting of January 19, 2023<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>Attendance</span></b><span lang=EN-GB> reviewed by Iñigo Barreira: Aaron Poulsen - Amazon Trust Services, Adam Jones – Microsoft, Andrea Holland – VikingCloud, Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Ben Wilson – Mozilla, Chris Clements - Google Chrome, Chris Kemmerer - SSL.com, Cassie L'Heureux – GoDaddy, Clint Wilson – Apple, Corey Bonnell – DigiCert, Corey Rasmussen – OATI, Daryn Wright – GoDaddy, Doug Beattie – GlobalSign, Dustin Hollenback – Microsoft, Dimitris Zacharopoulos – HARICA, Ellie Lu – TrustAsia, Enrico Entschew - D-TRUST/ Bundesdruckerei, Lynn Jeun – VISA, Iñigo Barreira – Sectigo, Janet Hines – VikingCloud, Joanna Fox – TrustCor, Jozef Nigut – Disig, Karina Sirota Goodley – Microsoft, Kiran Tummala – Microsoft, Martijn Katerbarg – Sectigo, Michelle Coon – OATI, Miguel Sanchez – Google, Marco Schambach - IdenTrust, Marcelo Silva – Visa, Nargis Mannan - VikingCloud, Paul van Brouwershaven - Entrust, Pedro Fuentes – OISTE, Rebecca Kelley – Apple, Rollin Yu – TrustAsia, Ryan Dickson - Google Chrome, Steven Deitte – GoDaddy, Steve Topletz – Cisco, Tadahiko Ito – SECOM, Tim Hollebeek – DigiCert, Tobias Josefowitz - Opera, Trevoli Ponds-White - Amazon Trust Services, Wayne Thayer – Fastly, Fumi Yoneda - JPRS, and Yoshiro Yoneya - JPRS<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>Antitrust Statement</span></b><span lang=EN-GB> ready by Iñigo <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>Approval of Jan. 5th Minutes</span></b><span lang=EN-GB>: We will move to approve those minutes during the next Server Certificate Working Group call on Feb. 2<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>Validation Subcommittee</span></b><span lang=EN-GB> – Corey Bonnell said that good progress is being made on the Certificate Profiles ballot, that a couple of minor tweaks are being made, and that Ryan Dickson from Google Chrome wants to move the ballot to a vote. It looks like the ballot number will be Ballot SC-062.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>Ballot Reviews: </span></b><span lang=EN-GB><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><span lang=EN-GB>SC-060 – Application of ZT Browser is currently in the discussion period. <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><span lang=EN-GB>SC-061 – Adoption of Mozilla’s CRL reason codes. Ben is moving much of the text into section 7.2.2 and will circulate a Version 3.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>Other Ballots:</span></b><span lang=EN-GB><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>SC-062 Certificate Profiles</span></b><span lang=EN-GB> discussed previously.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>OCSP Optional proposal</span></b><span lang=EN-GB> – Ryan Dickson has submitted a recent pull request that moves previous work in GitHub to a new branch. He said that Wayne Thayer and Aaron Gable recently reinvigorated the discussion thread that started after F2F 57. Ryan encouraged continued community discussion and feedback, either via SCWG discussion, GitHub, or direct to the Chrome Root Program email address.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><span lang=EN-GB>Work on <b>SLO response times</b> is on hold (David and Clint)<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>Debian weak keys</span></b><span lang=EN-GB> is being rewritten by Chris Kemmerer. Ryan Dickson wondered whether the cost and delay of checking for weak keys was worth it as part of the certificate issuance process-does it add overhead to the certificate issuance process? Chris K. responded that we’re trying to strengthen the ecosystem by preventing the issuance of certificates with weak keys. Tim H. said we should look at it on a case-by-case basis—some problems with keys can be identified quickly enough that they don’t slow down the issuance process. Dimitris wondered whether the only applicants using a Debian weak key would be security researchers. Tim said that on a global scale his company sees non-researchers still submitting Debian weak keys. Chris K. said that the ballot effort was broader than just Debian and other types of weak keys and that they were working on guidance that might help address future situations. Corey agreed that it would not address just Debian weak keys, but provide a framework for addressing these types of things in the future. Iñigo said that CAs also need to continue advising subscribers to not use weak algorithms.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>Any Other Business:</span></b><span lang=EN-GB><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><span lang=EN-GB>None<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b><span lang=EN-GB>Next Meeting:</span></b><span lang=EN-GB> February 2, 2023<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:8.0pt;line-height:106%'><b>Meeting adjourned.</b><o:p></o:p></p></div></body></html>