[Servercert-wg] Final Minutes of Server Certificate Working Group call - April 16, 2020

[Dimitris Zacharopoulos (HARICA)]

These are the Final Minutes of the Teleconference described in the 
subject of this message.**


Roll call: Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton 
(Entrust Datacard), Clint Wilson (Apple), Corey Bonnell (SecureTrust), 
Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin 
(Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), 
Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines 
(SecureTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Li-Chun 
Chen (Chunghwa Telecom), Michael Guenther (SwissSign), Michelle Coon 
(OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko 
Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Pedro Fuentes (OISTE 
Foundation), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden 
(Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen 
Davidson (Quo Vadis), Thanos Vrachnos (SSL.com), Tim Callan (Sectigo), 
Tim Hollebeek (Digicert), Timo Schmitt (SwissSign), Tobias Josefowitz 
(Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer 
(Mozilla), Wendy Brown (US Federal PKI Management Authority), Taconis 
Lewis (US Federal PKI Management Authority), Andrea Holland (SecureTrust).


Agenda approved, anti-trust statement was read, roll was taken.

Minute taker: Tim Hollebeek.

Tobi volunteered to take minutes in two weeks.

Previous minutes were approved.

Validation subcommittee discussed two things:

1. Voluntary disclosure of information sources

    - a few other CAs said they were going to disclose after DigiCert, 
but haven't

    - CAs are still encouraged to disclosed, but voluntary doesn't seem 
to be working

    Ryan has a ballot to mandate disclosure

    Discussion about the challenges of not having disclosure block 
issuance of certificates

    Ryan posted a really good summary of the discussion to the mailing 
list, please read it there

2. Discussed the reorganization of requirements for certificate profiles

    Draft skeleton certificate profile wasn't up until shortly before 
the meeting, so not much

       substantive discussion

    Discussing continues on the list and in a Google document

    Skeleton will again be reviewed on the next Validation call

NetSec subcommittee:

Discussing SC29 version 3 on the list

Minutes are up for review

SC28 (reducing log retention) is nearly complete

Another ballot (no number yet) for account deactivation

Ballot to replace secure zones and high security zones and replace with 
clearer structure

Dean: are you intending to start voting on SC29 next week?

Neil: are we allowing ballots due to the covid situation?

Wayne: I'd suggest putting a feeler out and seeing if people are ready 
to move forward

Ballot status:

Discussion period: SC29 (see above)

Voting period: None

Review period: SC26 (pandoc-friendly markdown changes) - ends Apr 30

Draft ballots:

    Ryan - BR alignment

    Ryan - Spring cleanup

    Ryan - Data source disclosure (discussed on last week's Validation call)

    Chris Kemmerer - updated 6.1.1.3 to clarify requirements around 
rejecting weak keys

Server Certificate Working Group adjourns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200506/de09bf45/attachment-0001.html>