[Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - August 20, 2020

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Tue Sep 8 02:25:31 MST 2020


These are the Final Minutes of the Teleconference described in the 
subject of this message as prepared by Neil Dunbar.

Present: Amanda Mendieta (Apple) Andrea Holland (SecureTrust) Andreas 
Hentschel (D-TRUST) Ben Wilson (Mozilla) Bruce Morton (Entrust Datacard) 
Clint Wilson (Apple) Corey Bonnell (SecureTrust) Chris Kemmerer 
(SSL.com) Curt Spann (Apple) Daniela Hood (GoDaddy) Dean Coclin 
(Digicert) Doug Beattie (GlobalSign) Dustin Hollenback (Microsoft) 
Hazhar Ismail (MSC Trustgate) Inaba Atsushi (GlobalSign) Joanna Fox 
(GoDaddy) Jos Purvis (Cisco Systems) Karina Sirota (Microsoft) Kirk Hall 
(Entrust Datacard) Mads Henriksveen (Buypass AS) Mayur Manchanda (Visa) 
Michelle Coon (OATI) Neil Dunbar (TrustCor Systems) Niko Carpenter 
(SecureTrust) Patrick Nohe (GlobalSign) Pedro Fuentes (OISTE Foundation) 
Rae Ann Gonzales (Godaddy) Robin Alden (Sectigo) Ryan Sleevi (Google) 
Stephen Davidson (Digicert) Tim Callan (Sectigo) Tim Hollebeek 
(Digicert) Tobias Josefowitz (Opera Software AS) Trevoli Ponds-White 
(Amazon) Wayne Thayer (Mozilla) Wendy Brown (US Federal PKI Management 
Authority) 1. Roll Call The Roll Call was taken. Wayne noted that 
Dimitris was on vacation and that he would chair the call. 2. Read 
Antitrust Statement The Antitrust Statement was read. 3. Review Agenda, 
assign minute taker No changes to the agenda were noted. Neil Dunbar was 
assigned as minute taker. In the absence of volunteers, Wayne will take 
the minutes of the next meeting. 4. Approval of minutes from last 
teleconference Wayne had updated the attendee list of the draft minutes, 
and the updated minutes were approved. 5. Validation Subcommittee Update 
Tim Hollebeek provided the subcommittee update. Last Thursday, the team 
began work on the end-entity certificate profiles, working through the 
fields one by one in the order they appear in the Baseline Requirements. 
Some initial discussion was had for several of the fields. That work 
will continue next week. Tim noted that the details are too long to 
easily summarize, so that if interested parties wish to examine the 
work, they should consult the online spreadsheet, or read the minutes of 
the subcommittee meetings. Wayne noted that the spreadsheet is linked 
from the wiki, under the Validation Subcommittee page. 6. NetSec 
Subcommittee Update Neil provided the subcommittee update. Ballot SC34 
on account management is prepared and ready for submission, although has 
not been submitted to the full working group as yet. We have begun some 
discussions on future plans for NetSec Requirements - specifically if 
and how Cloud based CA Architectures can or should be supported; what 
policies stop them right now, and what would be needed to comply with 
such policies. This discussion is still preliminary and will go for some 
time. The Offline CA discussion document has been refined - the exact 
terminology has been refined so that the pre-ballot is now ready for 
discussion after agreement reached last meeting. Submission to the main 
working group is expected in the next few days. Pain points team has 
noted the discussion on moz.dev.sec.pol regarding sites discovered to be 
engaged in phishing - and is discussing whether clarifications on 
4.9.1.1 should be sought. No decision has been reached yet. An older 
proposal to address the remediation of critical vulnerabilities, per NSR 
Section 4(f) has been brought back. The team is trying to get clarity on 
when the 96 hour timeframe starts from; which brought up further 
discussion on what the vulnerability scanning and penetration testing 
should entail and what systems it needs to touch. More of this matter 
will be discussed in the meeting today. 7. Ballot Status Neil reported 
that SC28 is still on heartbeat until ready to be considered per 
Dimitris's request. Wayne asked if it would be opened for consideration 
in the next few weeks, and Neil replied that he hoped to do so. There 
are no ballots in the voting period. Wayne noted that SC30 (Disclosure 
of Registration and Incorporation Agencies ) and SC31 (Browser 
Alignment) have completed their review period. These ballots are now 
final and the working group will produce new versions of the guidelines. 
In review is Ballot SC33 (TLS Using ALPN Method), which replaces 
validation method 10. The review ends on September 17th. For draft 
ballots under consideration, Wayne asked Ryan for any comments on this 
draft. Ryan reported that the ballot was going to be started but there 
had been a slow trickle of corrections. Clint had provided some 
typographical corrections which are being integrated and Corey had also 
submitted some corrections. Ryan wanted to review the new document 
against the guidelines amended by SC30 and SC31 which Dimitris had 
attempted to merge in, despite his vacation. After this review, the 
Spring cleanup ballot should be ready to start voting. Also to be 
discussed was the updating of BR 6.1.1.3; Wayne thought that the 
discussion was ballot ready at this point. Chris replied that they have 
language, but they are reviewing the SC30/SC31 changes; Chris's ballot 
has changes to both sections 6.1.1.3 and 4.9.1.1, but that some of the 
team reviewing the changes is on PTO, and they should be able to push 
forward once those members can look at the changes. Chris noted that the 
ballot language changes showed no major deviations between version 1.7.0 
and 1.7.1 of the BRs; but the authors wanted to perform final checks - 
they are confident that the ballot will be ready soon. Wayne noted the 
Offline CA Security Requirements. Ben was on the call but no update was 
able to be provided. 8. Any Other Business There was no additional 
business. 9. Adjourn The meeting was adjourned and will reconvene 
September 3, 2020 11:00 am Eastern Time

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200908/b54da885/attachment.html>
-------------- next part --------------
_______________________________________________
Management mailing list
Management at cabforum.org
https://lists.cabforum.org/mailman/listinfo/management



More information about the Servercert-wg mailing list