<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0cm;
margin-right:0cm;
margin-bottom:8.0pt;
margin-left:0cm;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
p.qt-qt-qt-qt-qt-qt-, li.qt-qt-qt-qt-qt-qt-, div.qt-qt-qt-qt-qt-qt-
{mso-style-name:qt-qt-qt-qt-qt-qt-;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.EstiloCorreo21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:764543946;
mso-list-template-ids:705846048;}
@list l1
{mso-list-id:1496190851;
mso-list-template-ids:1295184998;}
@list l1:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level2
{mso-level-start-at:0;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ES link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Adding Dean Coclin.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='margin-bottom:0cm;line-height:normal'><b><span style='mso-fareast-language:ES'>De:</span></b><span style='mso-fareast-language:ES'> Servercert-wg <servercert-wg-bounces@cabforum.org> <b>En nombre de </b>Inigo Barreira via Servercert-wg<br><b>Enviado el:</b> martes, 11 de abril de 2023 18:42<br><b>Para:</b> CA/B Forum Server Certificate WG Public Discussion List <servercert-wg@cabforum.org><br><b>Asunto:</b> [Servercert-wg] Draft minutes of the SCWG call - March 16th, 2023<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div style='border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt'><p class=MsoNormal style='margin-bottom:0cm;line-height:12.0pt;background:#FAFA03'><span style='font-size:10.0pt;color:black;mso-fareast-language:ES'>CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.<o:p></o:p></span></p></div><p class=MsoNormal style='margin-bottom:0cm;line-height:normal'><span style='mso-fareast-language:ES'><o:p> </o:p></span></p><div><p class=MsoNormal><b><span lang=EN-US style='color:black'>Server Certificate Working Group Meeting<br>March 16, 2023<o:p></o:p></span></b></p><p class=MsoNormal><span lang=EN-US style='color:black'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'>Attendees</span></b><span lang=EN-US style='color:black'>: </span><b><span lang=EN-US>Attendees</span></b><span lang=EN-US>: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Atsushi Inaba (GlobalSign), Ben Wilson (Mozilla), <span style='color:black'>Brianca Martin (Amazon), </span>Bruce Morton (Entrust), Chad Ehlers (IdenTrust), Chris Clements (Google), Chris Kemmerer (SSL.com), Christophe Bonjean (GlobalSign), Clint Wilson (Apple), Dustin Hollenback (Microsoft), Dimitris Zacharopoulos (HARICA), Ellie Lu (TrustAsia), Inigo Barreira (Sectigo), Janet Hines (VikingCloud), Jos Purvis (Fastly), Karina Sirota Goodley (Microsoft), Mads Henriksveen (Buypass), Martijn Katerbarg (Sectigo), <span style='color:black'>Michelle Coon (OATI), Nargis Mannan (VikingCloud), Peter Miskovic (Disig), Ryan Dickson (Google), Sissel Hoel (Buypass), Steven Deitte (GoDaddy), Steve Topletz (Cisco), Tim Hollenbeek (DigiCert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Vijay Kumar (eMudhra), Wayne Theyar (Fastly)</span>, Dean Coclin (Digicert)<span style='color:black'><o:p></o:p></span></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'>Antitrust</span></b><span lang=EN-US style='color:black'>: not required, as it was read before<o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'>Agenda</span></b><span lang=EN-US style='color:black'>:<o:p></o:p></span></p><ol start=1 type=1><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span lang=EN-GB>Roll Call and Begin Recording (* not needed)<o:p></o:p></span></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span lang=EN-GB>Read Antitrust Statement (* not needed)</span><span lang=EN-US><o:p></o:p></span></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'>Review Agenda <o:p></o:p></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span lang=EN-GB>Minutes of last call (16 February) were approved</span><span lang=EN-US><o:p></o:p></span></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span lang=EN-GB>CommScope membership application</span><o:p></o:p></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span lang=EN-GB>Issues to discuss:</span><o:p></o:p></li></ol><ol start=6 type=1><ol start=0 type=1><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level2 lfo3'><span lang=EN-GB>GitHub issues (76 open and 88 closed, some are more than 4 years old)<o:p></o:p></span></li></ol></ol><ol start=6 type=1><ol start=0 type=1><ol start=1 type=1><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level3 lfo3'><span lang=EN-GB>#337 and #420 </span><span lang=EN-GB style='font-family:Wingdings'>à</span><span lang=EN-GB> changing of the document title: BRs to TLS BRs<o:p></o:p></span></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level3 lfo3'><span lang=EN-GB>#370 </span><span lang=EN-GB style='font-family:Wingdings'>à</span><span lang=EN-GB> “annual” audits. Considering recent change done by the Chrome program<o:p></o:p></span></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level3 lfo3'><span lang=EN-GB>#417 </span><span lang=EN-GB style='font-family:Wingdings'>à</span><span lang=EN-GB> Parked CA keys</span><o:p></o:p></li></ol></ol></ol><ol start=6 type=1><ol start=1 type=1><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level2 lfo3'><span lang=EN-GB>Future for the EV Guidelines: <o:p></o:p></span></li></ol></ol><ol start=6 type=1><ol start=1 type=1><ol start=1 type=1><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level3 lfo3'><span lang=EN-GB>Fix inconsistencies between BRs and EVGs<o:p></o:p></span></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level3 lfo3'><span lang=EN-GB>Convert it into RFC 3647 format</span><o:p></o:p></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level3 lfo3'><span lang=EN-GB>Integrate it into TLS BRs and therefore be RFC 3647 compatible and follow other WGs (CS) style and have only one document to maintain</span><span lang=EN-US><o:p></o:p></span></li></ol></ol></ol><ol start=7 type=1><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span lang=EN-GB>Ballot Status – see list below</span><o:p></o:p></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span lang=EN-GB>Any Other Business</span><o:p></o:p></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span lang=EN-GB>Next call: 30 March</span><o:p></o:p></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span lang=EN-GB>Adjourn</span><o:p></o:p></li></ol><p class=MsoNormal><b><span lang=EN-US style='color:black'>Review Agenda</span></b><span lang=EN-US style='color:black'>: Nothing to be added<o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'>Minutes of last call</span></b><span lang=EN-US style='color:black'>: The minutes from the last call (February 16) were approved and have been published. Minutes from the Face to Face have not been submitted at the time of the meeting. <o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'>CommScope membership application</span></b><span lang=EN-US style='color:black'>: CommScope has met the requirements and submitted responses to all questions. Inigo called for discussion about what to do. CommScope is not trusted in any browsers, but are in discussion under Mozilla. Ben asked if the category for them would be Associate Member for 1 year, at which time they would be reassessed. Ben felt that they were good candidates for the Mozilla Program, so that he has no problem adding them as associate members. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'>Tim mentioned that the only other concern was confirmation that the person who signed the application was actually authorized to sign the IPR policy on behalf of the company. This is a common sticking point with applications and not a concern specifically about CommScope. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'>Dimitris asked if the application was sent to the management list. Inigo had the email and read from it, indicating that CommScope sent a letter of inquiry that Jos replied to, informing them that they needed to be in the process of being added to a root store program in order to become associate members. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'>Wayne added that the letter was signed by a senior vice president at the organization, which indicates that it is very likely that the signatory had signing authority. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'>Trevoli asked if additional validation was performed, other than reading the title that the signer used on the form. Tim mentioned that historically that the forum would ask the signer if they had authority. Admittedly it was not the most secure method, but that is what the forum has done in the past. Trevoli went on to suggest that a stricter confirmation might be a positive addition to the bylaws, relating that not all VPs at Amazon are authorized to sign on behalf of the company. Dimitris said that he would take a note for future consideration of the bylaws. Dean Coclin said that in cases where the title was engineer or something like that he would have the signer provide confirmation of authority, but SVP would normally be trusted. However, he had no problem with asking for confirmation of authority. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'>Dimitris mentioned that the primary issue with the application is the lack of a third-party website. He doesn’t want to object on those grounds, but that the issue should be highlighted. Tim suggested that we table the application for now and give them a chance to amend the application and add the third-party website. Tobias felt that this was inconsistent with previous actions, but Tim pointed out that the case was slightly different. Ben clarified that they applicant could become an associate member and then the threshold to full membership was the certificate on a third party website. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'>Tobias mentioned that he understood that last time the third party website requirement was only there to insure that the issuance process was regular and that there was no way to truly confirm that the website was not run by the applicant. Tim conceded that Tobias was correct that there are flaws in the existing requirement, but that it is still a requirement that must be enforced. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'>Discussion about a previous application and the exact nature of the third-party website that was presented. There were concerns that the CT logs indicated that it was not a third-party website. Tobias felt that preventing this applicant but allowing the other was inconsistent handling of membership candidates. Tim pointed out that CommScope did not submit any website, which is completely different than submitting a website with dubious third-party status. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'>Trevoli asked if CommScope has 2 options, resubmit the application or wait a couple of months for the bylaws to change. Dean said that we could just reply to them, let them know that the website was missing and that they would only be associate members until that information was presented. It was then added that they would still only be associate members because they were not trusted in a root program. Jos read the bylaws aloud, which indicated that the associate member status could only be applied when the candidate had submitted a complete application, but were still waiting on trust in a root store. Jos went on to posit the conclusion that regardless of trust, the incomplete application was preventing CommScope from holding any level of membership. Ben suggested that while this is the letter of the bylaw that it is not the intent of the bylaw. They both agreed that the bylaws need clarification. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'>After much discussion it was clarified that CommScope needs to submit the third-party website and be trusted in a browser root program in order to become a full member of the organization. However, since the signatory of the original application has retired, a new IPR document should be submitted and signed by someone with authority. Dean will generate a reply and provide it to the list for approval before sending to CommScope. <o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'>Issues to Discuss</span></b><span lang=EN-US style='color:black'>: Inigo said that there were 76 open issues and 88 closed issues on GitHub. Open issue owners should review the issue and possibly close them. There is concern that there may be duplicate issues or some that are no longer a major concern. An email should be send to the public list to inform the issue owners to review the list and make the determination. Inigo will draft a message and submit it for review. Dimitris suggested using an inventory of the issues could help to prioritize them. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'>Inigo gave a list of ballots up for review (SC 61, SC-62 and SC-59).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'>End of meeting. <o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>