[Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - October 1, 2020

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Oct 15 09:56:53 MST 2020 

These are the Final Minutes of the Teleconference described in the 
subject of this message as prepared by Jos Purvis (Cisco).*
*


    Attendees (in alphabetical order)

Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Ben Wilson 
(Mozilla), Bruce Morton (Entrust), Clint Wilson (Apple), Daniela Hood 
(GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug 
Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew 
(D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), 
India Donald (US Federal PKI Management Authority), Janet Hines 
(SecureTrust), Jeff Ward (CPA Canada/WebTrust), Jos Purvis (Cisco 
Systems), Julie Olson (GlobalSign), Karina Sirota (Microsoft), Kirk Hall 
(Entrust), Li-Chun Chen (Chunghwa Telecom), Michelle Coon (OATI), Mike 
Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter 
(SecureTrust), Patrick Nohe (GlobalSign), Pedro Fuentes (OISTE 
Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca 
Kelley (Apple), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley 
Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM 
Trust Systems), Thanos Vrachnos (SSL.com), Tim Callan (Sectigo), Tim 
Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli 
Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal 
PKI Management Authority).


    Minutes


      1. Roll Call

The Roll Call was taken.


      2. Read Antitrust Statement

Anti-trust statement was read. The working group expressed its gratitude 
to Robin Alden (“the voice of the anti-trust statement”) for his years 
of service both to Sectigo and to the CABF and SCWG, as he is retiring 
this year.


      3. Review Agenda

Dimitris reviewed the agenda; no changes were identified. Minute-taker 
for the next call will be Dimitris.


      4. Approval of minutes from last teleconference

Accepted without objections.


      5. Validation Subcommittee Update

Tim Hollebeek presented. The committee continued discussion of the 
SubjectDN field for various certificate types. They’re most of the way 
through the field, but more discussion is needed around these DNs and 
other fields in the certificate profile.

Subcommittee minutes: 
https://lists.cabforum.org/pipermail/validation/2020-September/001564.html


      6. NetSec Subcommittee Update

Neil presented. They are still trying to get feedback on SC34 (acct mgt) 
around GH comments posted a few weeks ago. Threat Modeling group met a 
few weeks ago to review network zones ballot, looking for feedback from 
network eng, and got some good feedback from Clint and others around 
need for comms and protection. Impromptu discussion started around when 
NCSSRs are considered “complete” and what the end goals might be. 
Continued discussions around extending CA operations into cloud and what 
cloud operators might be able to do better (automation, verification, 
etc.). Not trying to boil the ocean, but instead look at some specific 
use cases and then develop NCSSR updates around those.

Questions:

Ryan Sleevi (Google): Google is a bit concerned with some of the 
directions you described. Would it be possible to set out where the 
group is considering pursuing? In particular, the move from physical to 
logical security and considerations around cloud security are both 
interesting and concerning. Could NetSec lay this out during F2F in 
terms of both agenda and work direction?

Neil: Understood! Yes.

Subcommittee minutes: 
https://lists.cabforum.org/pipermail/netsec/2020-September/000404.html


      7. Ballot Status


        Ballots in Discussion Period

/None./

*Ballots in Voting Period*

/None.
/

*Ballots in IPR Review Period*

//SC28: Logging and Log Retention //(Review ends October 14, 2020)

/SC35: Cleanups and Clarifications///(Review ends October 14, 2020)


        Draft Ballots under Consideration


/Minimum expectations regarding weak keys /(Chris)

Chris was not on the call, but Thanos presented updates: We have taken 
back the community comments thus far and are going to reply with an 
update/official status very soon. We are not yet ready to provide a 
final update (need to discuss more with our engineers), but will at 
least have official update soon.

/Offline CA Security Requirements /(Ben)
No updates

/Remove “zone” from NCSSRs and add provisions to BR 5.1 /(Ben)
No updates

/SC34 Account Management /(Tobi)
No updates


      8. Topics for the next virtual F2F

Dimitris sent out draft agenda for F2F to the public and management 
lists. Dean is discussing guest speakers and will need slots for those 
to be announced later. Dimitris will send messages to subcommittee 
chairs to request time estimates for discussions on Tuesday 
(subcommittee & WG day). We will not be spending full days as with 
physical-F2F; instead we will try to keep things short as with the 
previous virtual-F2F. If members have any topics or special challenges, 
they’re asked to email Dimitris or respond on the list, as they see fit.

Daniela Hood (GoDaddy)> In the past, we have discussed the conference 
session times. Should we change times for this? Have we discussed it?

Dimitris> The group seems to prefer to keep the same as the last virtual 
F2F, which was scheduled to try and minimize time-zone issues.

Dean Coclin (DigiCert)> The times for the last F2F were really the only 
times we could do between members in Asia, Americas, and Europe.

Daniela> Thanks!

Dean> I have 1 guest speaker for 30 minutes; I have another with more of 
a tech talk on random number generators that will be no more than 30 
minutes. We will space these out with no more than 1 per day. Should be 
interesting!

Dimitris> Dean, how are registrations?

Dean> Pretty good! We’ve merged attendee lists into one (since everyone 
is virtual). We are at 68 registered attendees now.


      9. Any Other Business

No other business was discussed.


      10. Next call

The next call will take place on October 15, 2020 at 11:00am Eastern Time.


      Adjourned

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20201015/9840e9d1/attachment-0001.html>

More information about the Servercert-wg mailing list