<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Aptos Display";}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
h2
{mso-style-priority:9;
mso-style-link:"Título 2 Car";
margin-top:8.0pt;
margin-right:0cm;
margin-bottom:4.0pt;
margin-left:0cm;
page-break-after:avoid;
font-size:16.0pt;
font-family:"Aptos Display",sans-serif;
color:#0F4761;
font-weight:normal;}
h3
{mso-style-priority:9;
mso-style-link:"Título 3 Car";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:13.5pt;
font-family:"Aptos",sans-serif;
font-weight:bold;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
mso-add-space:auto;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
mso-add-space:auto;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
mso-add-space:auto;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
mso-add-space:auto;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
span.Ttulo2Car
{mso-style-name:"Título 2 Car";
mso-style-priority:9;
mso-style-link:"Título 2";
font-family:"Aptos Display",sans-serif;
color:#0F4761;}
span.Ttulo3Car
{mso-style-name:"Título 3 Car";
mso-style-priority:9;
mso-style-link:"Título 3";
font-family:"Aptos",sans-serif;
color:#0F4761;}
p.qt-qt-qt-qt-qt-qt-, li.qt-qt-qt-qt-qt-qt-, div.qt-qt-qt-qt-qt-qt-
{mso-style-name:qt-qt-qt-qt-qt-qt-;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;
mso-ligatures:standardcontextual;
mso-fareast-language:EN-US;}
span.EstiloCorreo24
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:611713832;
mso-list-template-ids:-1943655412;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:706612509;
mso-list-template-ids:1631070300;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ES link="#467886" vlink="#96607D" style='word-wrap:break-word'><div class=WordSection1><div><h2><span lang=EN-US>Minutes of Server Certificate WG</span><span lang=EN-US style='font-size:18.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></h2><p class=MsoNormal><span lang=EN-US>February 1, 2024<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>These are the Final Minutes of the meeting described in the subject of this message. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><h3><span lang=EN-US>Attendees <o:p></o:p></span></h3><h3><span lang=EN-US style='font-size:11.0pt;font-weight:normal'>Aaron Gable - (Let's Encrypt), Aaron Poulsen - (Amazon), Abhishek Bhat - (eMudhra), Adam Jones - (Microsoft), Andrea Holland - (VikingCloud), Antti Backman - (Telia Company), Ben Wilson - (Mozilla), Bindi Davé - (DigiCert), Brianca Martin - (Amazon), Bruce Morton - (Entrust), Chris Clements - (Google), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), David Kluge - (Google), Dean Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Enrico Entschew - (D-TRUST), Fumi Yoneda - (Japan Registry Services), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Jos Purvis - (Fastly), Karina Sirota - (Microsoft), Keshava Nagaraju - (eMudhra), Mads Henriksveen - (Buypass AS), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Miguel Sanchez - (Google), Nargis Mannan - (VikingCloud), Nate Smith - (GoDaddy), Naveen Kumar - (eMudhra), Nicol So - (CommScope), Nome Huang - (TrustAsia), Paul van Brouwershaven - (Entrust), Peter Miskovic - (Disig), Rebecca Kelley - (Apple), RIch Smith - (DigiCert), Rollin Yu - (TrustAsia), Roman Fischer - (SwissSign), Scott Rea - (eMudhra), Sissel Hoel - (Buypass AS), Stephen Davidson - (DigiCert), Tadahiko Ito - (SECOM Trust Systems), Thomas Zermeno - (SSL.com), Tim Hollebeek - (DigiCert), Tobias Josefowitz - (Opera Software AS), Trevoli Ponds-White - (Amazon), Wayne Thayer - (Fastly), Wendy Brown - (US Federal PKI Management Authority), Yashwanth TM - (eMudhra), Yoshihiko Matsuo - (Japan Registry Services) <o:p></o:p></span></h3><h3><span lang=EN-US>1. Roll Call<o:p></o:p></span></h3><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>The Roll Call was taken.<o:p></o:p></span></p><h3><span lang=EN-US>2. Read Antitrust Statement<o:p></o:p></span></h3><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>The statement was read concerning the antitrust policy, code of conduct, and intellectual property rights agreement.<o:p></o:p></span></p><h3><span lang=EN-US>3. Review Agenda<o:p></o:p></span></h3><p class=MsoNormal><span lang=EN-US>The meeting was chaired by Inigo Barreira. Minutes were prepared by Stephen Davidson.<o:p></o:p></span></p><h3><span lang=EN-US>4. Approval of minutes from last teleconference<o:p></o:p></span></h3><p class=MsoNormal><span lang=EN-US>The minutes for the teleconference of January 4 are still pending, and those of January 18 were approved. <o:p></o:p></span></p><h3><span lang=EN-US>5. Discussion <o:p></o:p></span></h3><p class=MsoNormal><span lang=EN-GB>The application of Sun ShengNan to join as an interested party was set aside as the individual has not responded to emails. The application of Common Crypto (Troy Anderson) to join as interested party was accepted. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>Inigo discussed the possible Ballot SC65 (EVG in RFC 3647), which he’d like to move ahead before it starts creating editing obstacles for other pull requests. He requested endorsers.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>Corey Bonnell described the conversation regarding delegated third parties in the context of Domain Validation, and how it’s becoming clear that it might affect the broader use of DTPs. He suggests that the conversation should probably be centered in the Server Cert WG rather than have diffused responsibility across the other WGs. Aaron Gable noted that comments on his ballot text for DNS reflected similar concerns. Corey asked if the scope of the DTP discussion was to be broadened or constrained to DNS. Tim Hollebeek proposed to get the DNS topic settled now and the WG should address other areas later as the DTP language does seem over-broad. Mads Henrickson agreed.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>Wayne Thayer described the RFC 9500 for test keys. He asked if BR 6.1.1.3 implied that CAs should be blocking the use of the keys in that RFC. He suggested that section could be expanded to include a mechanism to the CA being “made aware” of compromised keys. He also referred to the failed previous ballot of weak private keys. Tim agreed these are related, but noted that it was not realistic to expect every CA to be aware of every compromised key in the world, so the range of responsibility needs to be well-defined. Aaron suggested that keys reported to the CA’s problem reporting mechanism was the proper channel for “made aware”. Martijn Katerbarg said it would be interesting to do research comparing the reported compromise lists from different CAs to see how universal they are. Tim noted that CAs should probably add the RFC keys to avoid customer inconvenience. Wayne will propose a ballot. Noting it was an out of scope of this discussion, Trevoli Ponds-White said that in many cases CAs should be allowed to generate keys as they were better equipped to do it securely.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>Inigo deferred the issue of GitHub issue numbering until a future call, noting that there are ~100 open issues, some dating back years.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>Inigo invited the WG to raise topics for the New Delhi F2F meeting.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>Aaron noted that SC70 would be moving into discussion period soon. Dimitris said an effective date might be desirable on that ballot.<o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US><o:p> </o:p></span></b></p><p class=MsoNormal><b>CURRENT STATUS OF BALLOTS</b> <o:p></o:p></p><ul type=disc><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Voting Period<o:p></o:p></span></li></ul><ul style='margin-top:0cm' type=disc><ul style='margin-top:0cm' type=circle><li class=MsoListParagraph style='margin-left:0cm;mso-add-space:auto;mso-list:l1 level2 lfo3'><span lang=EN-GB>SC68 - Allow VATEL and VATXI for organizationIdentifier<o:p></o:p></span></li></ul></ul><ul type=disc><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Discussion Period<o:p></o:p></span></li></ul><ul type=disc><ul type=circle><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level2 lfo3'><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif'>SC69 - Clarify router and firewall logging requirements<o:p></o:p></span></li></ul></ul><ul type=disc><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level1 lfo3'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Draft / Under Consideration<o:p></o:p></span></li></ul><ul type=disc><ul type=circle><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level2 lfo3'><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif'>SC70 – Clarify the use of DTPs for domain control validation<o:p></o:p></span></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level2 lfo3'><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif'>SC65 – EVGs in RFC 3647 format <o:p></o:p></span></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level2 lfo3'><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif'>SCXX – Profiles cleanup ballot <o:p></o:p></span></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level2 lfo3'><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif'>SC67 – Subscriber agreement and terms of use consolidation<o:p></o:p></span></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level2 lfo3'><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif'>SCXX – Measure all hours and days to the second<o:p></o:p></span></li><li class=qt-qt-qt-qt-qt-qt- style='mso-list:l1 level2 lfo3'><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Pending from Pedro Fuentes: Use of QGIS for organization validation<o:p></o:p></span></li></ul></ul><h3 style='mso-margin-top-alt:1.0pt;margin-right:0cm;margin-bottom:1.0pt;margin-left:0cm'><span lang=EN-US>6. Any Other Business</span><span lang=EN-US style='font-family:"Calibri",sans-serif'><o:p></o:p></span></h3><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Paul van Brouwershaven raised the subject of automation of EV where an API key is linked to a Cert Approver. He asked does it matter who creates the API key (CA vs the Cert Approver vs a Cloud Service Provider). Tim said the concept was not covered in the TLS BR. Dimitris Zacharopoulos said the subject had been discussed in the past and he believed it was acceptable. Martijn said the use of an API key was similar to the login by an authorized rep. Inigo said the WG would return to the subject in a future call.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p></div></div></body></html>