[Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - April 30, 2020
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Fri May 15 00:30:40 MST 2020
These are the Final Minutes of the Teleconference described in the
subject of this message.*
*
Minute taker: Tobias S. Josefowitz
Attendees (in alphabetical order)
Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust
Datacard), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris
Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert),
Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin
Hollenback (Microsoft), Inaba Atsushi (GlobalSign), Janet Hines
(SecureTrust), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft),
Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michael
Guenther (SwissSign), Michelle Coon (OATI), Neil Dunbar (TrustCor
Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Pedro
Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rich Smith
(Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Tim Hollebeek
(Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White
(Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management
Authority), Taconis Lewis (FPKI).
Minutes
1. Roll Call
The Chair took attendance.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
Accepted without changes.
4. Approval of minutes from previous teleconference
Accepted without objections.
5. Validation Subcommittee Update
Tim reports that the Subcommittee is continuing to tackle the same two
topics it has been discussing for a while now.
The first topic was the voluntary or mandatory disclosure of information
sources. The subcommittee had a discussion about purpose and roadmap of
the effort, it seemed some CAs would be more comfortable if they had a
better understanding of the motivation and goal(s). Ryan and Doug are
joining up to formulate a paragraph on the purpose and direction of the
effort.
The second topic was how to express the certificate profiles in the BRs
and what a skeleton would look like for that. Some work will be done for
traceability on where the skeleton semantics came from.
The draft minutes of that particular Subcommittee meeting are available
at the following thread:
* https://cabforum.org/pipermail/validation/2020-April/001462.html
6. NetSec Subcommittee Update
Neil reports that the Painpoints subteam has been focusing on the
details to a ballot concerning log retention, trying to tighten up the
text.
The Threat modelling subteam is continuing to finesse a checklist for
online and offline CAs and has identified risks potentially not covered
by current NSRs.
The Document Restructuring subteam has been focussing on disentangling
the "Secure Zones" terminology into instead specifying "physical and
logical security requirements" for isolation within a CA system as well
as clarifying which of the NSRs's requirements apply to offline systems
- something not always very clearly defined in the current NSRs.
On its last teleconference, the NetSec Subcommittee had a long
discussion about the drafted ballot regarding system account
deactivation; the Subcommittee was not quite happy with the text but
rather it might be the right thing to focus more on the "removal of
access and credentials" rather than working with the vague term of
"account deactivation". At the same time the Subcommittee wants to keep
it simple as the goal here is to transition from periodic review to
Continuous Monitoring and Alerting.
Question from Dimitris: Logical/physical separation of which parts?
Neil: Where we have secure zones as a sort of isolation terminology in
the NSRs today; we are trying to break that apart into what are physical
security requirements and what are logical security requirements.
The draft minutes of that particular Subcommittee meeting are available
at the following thread:
* https://cabforum.org/pipermail/netsec/2020-April/000334.html
7. Ballot Status
_Ballots in Discussion Period_
None.
////
_*Ballots in Voting Period*_
/////SC29: ///System Configuration Management/ /(Neil)
Neil asked members to vote.
_*Ballots in Review Period*_
/SC27: Version 3 Onion Certificates /(Wayne) (review ends 2020-03-26)//
_Draft Ballots under Consideration_
/Aligning the BRs with existing Browser Requirements /(Ryan)
No updates
/
Spring 2020 cleanup (Ryan)/
Ryan reports this is based on github issues, and that he has received no
feedback and has not heard from endorsers or non-endorsers.
/Disclosures of data sources (Ryan)/
Ryan reports there has been some discussion in the validation
subcommittee, but that in his opinion this just needs to be tweaked a
little in terms of explanation. There has been no feedback from CAs as
to why September would be unreasonable. He is currently looking for
endorsers. Also looking at mandating this through the Root Program, but
at least having a Ballot to show what it would look like if incorporated
into the BRs would be useful.
/Updating BR Section 6.1.1.3/
Chris: We are considering incorporating some of the changes Ryan has
been suggesting, we'll need to review internally, we will comment shortly.
8. Agenda topics for the upcoming F2F
Dimitris sent out a Draft Agenda for the Virtual Meeting (June 9th),
tried to squeeze everything into three days. First day is subcommittee
day, code signing working group is not scheduled as they will have a
meeting anyway one week before and one week after. The same question
applies to Subcommittee Chairs for Form Infrastructure, NetSec and
Validation Subcommittee. He recommend having those meetings because
hopefully more people are going to join than the regular meetings, but
it is up to the Chairs. The Subcommittee chairs should contact Dimitris
if they want to change the slots.
For days two and three we have regular sessions, Browser updates
[Browsers: please contact Dimitris if there are no updates].
We have Browser updates, CCADB, Webtrust, ETSI, ACABc, reports from
every Subcommittee and CSCWG and also discussion about S/MIME WG
If anybody wants to propose a topic feel free to send to the public list
or to Dimitris directly.
9. Any Other Business
No other business.
10. Next call
May 14, 2020 at 11:00 am Eastern Time.
Adjourned
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200515/89973ac8/attachment-0001.html>
More information about the Servercert-wg
mailing list