[Servercert-wg] Final Minutes for Server Certificate Working Group Teleconference - September 3, 2020

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Fri Sep 18 01:55:27 MST 2020 

These are the Final Minutes of the Teleconference described in the 
subject of this message as prepared by Wayne Thayer (Mozilla).*
*


    Attendees (in alphabetical order)

Amanda Mendieta (Apple), Ben Wilson (Mozilla), Bruce Morton (Entrust 
Datacard), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris 
Kemmerer (SSL.com), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean 
Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback 
(Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), 
Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), Janet 
Hines (SecureTrust), Joanna Fox (GoDaddy), Johny Reading (GoDaddy), Jos 
Purvis (Cisco Systems), Karina Sirota (Microsoft), Kirk Hall (Entrust 
Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads 
Henriksveen (Buypass AS), Mayur Manchanda (Visa), Michelle Coon (OATI), 
Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter 
(SecureTrust), Peter Miskovic (Disig), Rae Ann Gonzales (Godaddy), 
Rebecca Kelley (Apple), Robin Alden (Sectigo), Ryan Sleevi (Google), 
Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tim Hollebeek 
(Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White 
(Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management 
Authority).


    Minutes


      1. Roll Call

The Roll Call was taken.


      2. Read Antitrust Statement

The Antitrust Statement was read.


      3. Review Agenda

No changes to the agenda were noted. It was noted that Wayne Thayer 
volunteered to take minutes for this meeting. Dimitris will take the 
minutes for the next call.


      4. Approval of minutes from last teleconference

Accepted without objections.


      5. Validation Subcommittee Update

Wayne said that the subcommittee continued discussions of the end-entity 
certificate profile on the past call. EKU was discussed, as was the 
remainder of the profile. Then discussion shifted to remaining work and 
Subject distinguishedNames. Issues with validating the 
stateOrProvinceName were discussed, as were concerns over the 
organizationalUnitName field.

Tim said that he will not be able to attend next week’s call.


      6. NetSec Subcommittee Update

Neil said that two ballots are in process. We have feedback from Ryan 
and Wayne on SC34 (Account Management) on GitHub and are planning to 
address it. SC28 has just begun voting. We have created a discussion 
document for using cloud services for hosting CA services. This will not 
result in any immediate ballots, but will feed into future changes. 
Meeting today to model threats. This relates to the dropped zones 
ballot, shifting from physical to logical zones.

Ben said that we’re still trying to finalize the offline CAs ballot. 
Have replaced ‘offline’ with ‘air gapped’. Bruce commented that we 
should populate the Trusted Roles section in the BRs with some of the 
info in the NCSSRs. We’re still trying to determine how to best 
structure the document. If parts of the NCSSRs are incorporated into the 
BRs it makes it more difficult for other WGs such as code signing to 
rely on them. This will also be discussed on the call today.

Dimitris said that the original consensus was for individual WGs to 
decide to adopt parts of the NCSSRs as they wish, then if we determine 
that there is seen to be a need for a shared common set of NCSSRs in the 
future we can discuss it.

Ben: There is a threat modeling group meeting today at 1 PM EST. If 
anyone with expertise has time to participate, please let us know and 
they will be invited.


      7. Ballot Status


        Ballots in Discussion Period

/SC28 (Logging and Log Retention)/

Neil said that he began voting today.


*Ballots in Voting Period*

/SC35 (Spring 2020 cleanup and clarifications (Ryan)/

Voting began yesterday.

Ryan: Ben pointed out that there are more cleanups needed. Went ahead 
with voting on this knowing that there will be more cleanup ballots. 
This ballot includes important clarifications to the use of policy OIDs 
that are needed and that CAs should be aware of

*Ballots in Review Period*

/SC33 (TLS ALPN Method)/
Review period ends Sept 17.


        Draft Ballots under Consideration


Minimum expectations regarding weak keys
Chris: Posted proposed ballot language to the list this morning
/
//SC32 (Offline CA Security Requirements)/

Ben: no updates

/SC34 (Account Management)/

Toby said that he has no updates beyond what Neil said earlier about the 
feedback received on GitHub.


      8. Any Other Business

No other business was discussed.


      9. Next call

The next call will take place on September 17, 2020 at 11:00am Eastern Time.


      Adjourned

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200918/e82db073/attachment-0001.html>

More information about the Servercert-wg mailing list