[Servercert-wg] Final minutes of the SCWG 26 October

Inigo Barreira Inigo.Barreira at sectigo.com
Thu Dec 7 17:12:19 UTC 2023 

These are the Final Minutes of the Teleconference described in the subject of this message, prepared by Michelle Coon (OATI).

Server Certificate Working Group
Attendance:
Aaron Poulsen - (Amazon), Abhishek Bhat - (eMudhra), Adam Jones - (Microsoft), Andrea Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Brittany Randall - (GoDaddy), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Eva Vansteenberge - (GlobalSign), Inaba Atsushi - (GlobalSign), Janet Hines - (VikingCloud), Kiran Tummala - (Microsoft), Lynn Jeun - (Visa), Mads Henriksveen - (Buypass AS), Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Nargis Mannan - (VikingCloud), Nate Smith - (GoDaddy), Nicol So - (CommScope), Paul van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE Foundation), Peter Miskovic - (Disig), Rebecca Kelley - (Apple), Rollin Yu - (TrustAsia Technologies Inc), Scott Rea - (eMudhra), Stephen Davidson - (DigiCert), Tadahiko Ito - (SECOM Trust Systems), Thomas Zermeno - (SSL.com), Tobias Josefowitz - (Opera Software AS), Trevoli Ponds-White - (Amazon), Wendy Brown - (US Federal PKI Management Authority), Yoshihiko Matsuo - (Japan Registry Services).

Agenda:
Kiran Tummala (Microsoft led the meeting)
1.     Roll Call and Begin Recording (* not needed)
2.     Read Note-well  (* not needed)
3.     Review Agenda
A.     No changes were made to the agenda
4.     Minutes:
A.     31 August – no objections, approved
B.     Face-to-Face – not circulated
5.     Membership:
A.     None
6.     Issues/topics to discuss
A.     Revised SCWG charter – requested all to review and distribute comments to the list.
B.     Martin (Sectigo) proposal to change some logging requirements in BRs – looking for additional feedback

        *   Clint Wilson noted that this would replace a broad requirement with a specific constrained list on what needs to be logged.  Two sides:  create a strict list of what must be logged (inclusion list) or create a list of what does NOT need to be logged (exclusion list).  Discussion was had here and will continue.
        *   Potentially move language to the NSCRs in the future
1.     Ballot Status – see list below
2.     Any Other Business
3.     Next call:  December 07, 2023
4.     Adjourn 11:01 am CPT
CURRENT STATUS OF BALLOTS
·        Passed
o   None
·        Failed
o   None
·        Voting Period
o   None
·        Discussion Period
o   SC66 – Clean-up ballot
·        Review Period
o   None
·        Draft / Under Consideration
o   SCXX – SLO/Response for CRL & OCSP Responses - David Kluge (Google) / Clint Wilson (Apple): on hold

        *   Clint suggested to remove this ballot since the ballot to make OCSP optional was moved into the BRs.  Ben agreed to drop it.
o   SCXX – Profiles cleanup ballot
o   SC-067 - Applicant, Subscriber and Subscriber Agreements – Ben Wilson (Mozilla) / Dustin Hollenback (Microsoft)  https://github.com/cabforum/servercert/compare/90a98dc7c1131eaab01af411968aa7330d315b9b...9eebd9949810f698edd5087235acaf16e04ead21

        *   Distributed 10/26/2023 for feedback – one response so far
        *   Definitions of Applicant and Applicant Representative
        *   Changes being discussed yet (specifically looking at lines 276-279)
o   SC65 – EVGs in RFC 3647 format

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20231207/e15d5823/attachment-0001.html>

More information about the Servercert-wg mailing list