[Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - July 9, 2020

Jos Purvis (jopurvis) jopurvis at cisco.com
Mon Jul 27 07:29:58 MST 2020


Published!

 

 

-- 
Jos Purvis (jopurvis at cisco.com)
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | Controls and Trust Verification

 

 

From: Servercert-wg <servercert-wg-bounces at cabforum.org> on behalf of CABF Server Cert WG <servercert-wg at cabforum.org>
Reply-To: "Dimitris Zacharopoulos (HARICA)" <dzacharo at harica.gr>, CABF Server Cert WG <servercert-wg at cabforum.org>
Date: Thursday, July 23, 2020 at 12:04 PM
To: CABF Server Cert WG <servercert-wg at cabforum.org>
Subject: [Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - July 9, 2020

 


These are the Final Minutes of the Teleconference described in the subject of this message. 
Attendees (in alphabetical order)
Adam Clark (Visa), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust Datacard), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris Kemmerer (SSL.com), Curt Spann (Apple), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dre Aremeda (GoDaddy), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Mayur Manchanda (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rachel McPherson (TrustCor Systems), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Stephen Davidson (Digicert), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla).
Minutes 
1. Roll Call
The Roll Call was taken.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
No changes to the agenda were noted.
4. Approval of minutes from last teleconference
Minutes were approved
5. Validation Subcommittee Update
Continuing work on certificate profiles
Wayne introduced a discussion on removal of validation method #10 and replacing it with RFC 8737 TLS ALPN
Validation data reuse periods were discussed as well in the last meeting.  Trev started discussion on validation reuse issue to follow up from the f2f.  Excellent discussion in the minutes that members are encouraged to read
The draft minutes of that particular Subcommittee meeting are available at the following thread:
https://lists.cabforum.org/pipermail/validation/2020-July/001500.html
6. NetSec Subcommittee Update
Neil was not on the SCWG call and Ben mentioned that there was no subcommittee call last week and the committee would be meeting after this CA/Browser meeting. 

Ben recommended skipping any updates on NetSec this week. 
7. Ballot Status 
Ballots in Discussion Period
SC28 (Logging and Log Retention)

Discussion period was restarted

SC31 (Browser Alignment)

Voting will start later today.

Dean discussed that we have some CAs not aligned with the cert lifetime issue which was voted down with SC22.  He feels many CAs don’t want to vote on this ballot with the cert lifetime.  How do we resolve this?  We could 1) remove this section on cert lifespans, 2) vote as is, or 3) try to satisfy CA concerns on the cert lifetime item.  Maybe have a statement that the CA disagrees with the one year certs but they want to support the rest of the ballot for the good of the industry.  This gives CAs a way to point customers to the discussion and voting comments as to each CA stance.    Ryan:  the majority of these type of proposals were already mentioned on the discussion in the public forum.  Google does not support adding this caveat.  CAs can point to their voting comments and any other comments made in their vote on the ballot.  We don’t need a special provision in the ballot.  Including such a provision would not be conducive for the good of the Forum and current processes.  Tim:  I appreciate trying to find common ground if possible.  DigiCert does not have a problem with the one year cert issue but most concerned with the effectiveness of the Forum and working together to find common ground and progress as a community going forward.  Dimitris:  there was a change in ID certs away from “should.”  Ryan:  V3 incorporated many suggestions including Corey’s excellent contributions.  V3 is in discussion now and was meant to address issues brought up in the discussion on V2.
    
Ballots in Voting Period

SC30 (Disclosure of Registration/Incorporating Agency)


Ballots in Review Period
None.
Draft Ballots under Consideration
Spring 2020 cleanup and clarifications (Ryan) 

Current draft in GitHub needs to be updated for markdowns.  We’ll see where SC31 goes and that may determine where we go with this ballot.  Also the PANDOC friendly markdown (SC26) discussion may have input into this ballot as well.

Update to BR section 6.1.1.3
Been doing testing.  Took more time than anticipated.  We did get enough info to draft a good updated proposal.  The update will explain changes as a result from testing.  Good progress overall.
8. Approval of minutes from F2F 50
Dean mentioned that he didn’t see Google's presentation uploaded yet.  Dimitris:  most info was captured in the minutes.  Ryan will provide the link to the deck for upload and minutes
Minutes are now approved
 
9. Any Other Business
No other business was discussed.
10. Next call
The next call will take place on July 23, 2020 at 11:00am Eastern Time.
Adjourned

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200727/c5e97a71/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3699 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200727/c5e97a71/attachment-0001.p7s>


More information about the Servercert-wg mailing list