[Servercert-wg] Final Minutes of CA/Browser Forum SCWG - June 22, 2023

[Inigo Barreira]

These are the final Minutes of the Teleconference described in the subject
of this message.


Server Certificate Working Group - June 22, 2023

 

 

Attendees:

Aaron Poulsen - (Amazon), Abhishek Bhat - (eMudhra), Adam Jones -
(Microsoft), Adrian Mueller - (SwissSign), Andrea Holland - (VikingCloud),
Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Bruce Morton - (Entrust),
Chad Ehlers - (IdenTrust), Chris Clements - (Google), Clint Wilson -
(Apple), Corey Rasmussen - (OATI), Dean Coclin - (DigiCert), Dimitris
Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin Hollenback -
(Microsoft), Ellie Lu - (TrustAsia Technologies, Inc.), Fumi Yoneda - (Japan
Registry Services), Inaba Atsushi - (GlobalSign), Inigo Barreira -
(Sectigo), Jos Purvis - (Fastly), Karina Sirota - (Microsoft), Lynn Jeun -
(Visa), Mads Henriksveen - (Buypass AS), Marcelo Silva - (Visa), Marco
Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Michelle Coon -
(OATI), Nargis Mannan - (VikingCloud), Nate Smith - (GoDaddy), Nicol So -
(CommScope), Paul van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE
Foundation), Peter Miskovic - (Disig), Rebecca Kelley - (Apple), Rollin Yu -
(TrustAsia Technologies, Inc.), Roman Fischer - (SwissSign), Ryan Dickson -
(Google), Scott Rea - (eMudhra), Stephen Davidson - (DigiCert), Tadahiko Ito
- (SECOM Trust Systems), Thomas Zermeno - (SSL.com), Tobias Josefowitz -
(Opera Software AS), Trevoli Ponds-White - (Amazon), Wendy Brown - (US
Federal PKI Management Authority), Yashwanth TM - (eMudhra), Yoshiro Yoneya
- (Japan Registry Services).

The note-well was read in the plenary meeting earlier during this call.

Approval of minutes:

*	May 25th, circulated June 7th: approved
*	f2f minutes have not been circulated. Inigo Barreira (Sectigo) will
forward to the list.

 

Updates:

Membership - Inigo Barreira (Sectigo)

*	Unsung Limited will be joining as an Interested Party
*	Stephen asked what they do. Inigo said they are a UK based PKI
consultancy. 
*	No objections were raised and they will be granted membership status
and access.

 

Issues - Inigo Barreira (Sectigo)

*	Certificate Automation

*	Paul van Brouwershaven (Entrust) presented at the f2f meeting
*	Dimitris Zacharopoulos (HARICA) asked if the plan is to use this
meeting to continue the automation discussion. Inigo was not sure if the
discussion was completed. If not, then he wanted to allow time to discuss in
more detail. 
*	Mads Henriksveen (Buypass AS) asked in chat if the presentation will
be shared. Inigo will upload the presentation to the SCWG minutes by the
next call.

 

New meeting slot - Inigo Barreira (Sectigo)

*	Time allocated in this meeting is usually less than needed and
usually unable to complete agenda. Inigo is proposing a new time slot for
Server Cert meeting times. Inigo will send a Doodle to gather information on
potential days / times for a separate meeting. This also includes more time
at the f2f. 
*	Bruce Morton (Entrust) mentioned that on Thursday we could
potentially schedule a two hour window with meetings at 11 am and noon
Eastern time. Maybe this meeting can be moved to the 9 am Pacific time slot.
Trevoli Ponds-White (Amazon) mentioned that she always has meetings at 9 am
Pacific time. And, noon Eastern time would cause people to skip lunch. Trev
suggested to use the Doodle poll to see what options the group will want to
go with.
*	Dimitris Zacharopoulos (HARICA) wants to identify what topics to
discuss in this meeting. Many of these topics are already covered by
Subcommittee meetings. With this new topic of certificate automation, he
thought that this could be created as a new Subcommittee to focus on this
work. Paul van Brouwershaven (Entrust) did not think there is enough to
discuss as a Subcommittee at this time. He said it is good to get input from
members, but not full dedicated time. Paul said there are other topics that
do not fit into existing subcommittees and would need to be discussed in
this meeting. Trev agreed that we do not need another subcommittee. 
*	Trev suggested that this current day/time be used only for Server
Cert Working Group and move the Forum Plenary meeting to a separate 30
minute time slot as it is focused on updates that have been able to be
completed within 30 minutes. Dimitris will send a Doodle poll for proposed
time slots for the CA/B Forum Plenary meeting. Jos Purvis (Fastly) added
that a noon Eastern Time may be a problem for people on east coast eating
lunch. Inigo suggested extending this current time slot and extending an
additional 15 minutes so that the two meetings are combined and extend to
12:15 Eastern time. Trev mentioned using the Doodle poll to get feedback.
*	Trev mentioned that Paul had suggested the Plenary meeting should be
once per month. Trev liked that option as well as just moving the Plenary
meeting updates to email.
*	Bruce said that validation subcommittee does not always have
accurate scope and sometimes includes items that should be in Server Cert
meeting. Ryan Dickson (Google) agreed that Validation subcommittee does most
of work, but Server Cert WG should be where most work is accomplished. There
is a GitHub repository with 70+ issues being tracked. The Server Cert
meeting could be where we rank issues and then collectively work together to
address them and produce ballots. Trev agreed that a full hour would allow
those discussions to occur instead of being limited by the existing 30
minute meeting. 
*	Clint Wilson (Apple) said that he is hearing that it would be better
to make the existing time slot dedicated to the Server Certificate Working
Group meeting. And, to move the Forum Plenary call as a 30 minute meeting to
a different time slot. The Doodle poll should be where to put that 30 minute
Forum Plenary meeting. Dimitris agreed with that approach. Scott Rea
(eMudhra) asked if we still need that 30 minute meeting or if Forum updates
from the Forum Plenary meeting can be moved to email. Dimitris mentioned
that it is not just updates and that there is sometimes discussion such as
updates to the charters and bylaws, as well as f2f preparation. It could be
possible to remove updates from WG chairs from the Forum Plenary meeting and
move those to email so that the meeting is more productive. Martijn
Katerbarg (Sectigo) asked if we can take other half hour from Infrastructure
to fill in full hour. Dimitris said that people can use the mailing list to
propose additional time slots in the Doodle poll.

 

 

Ballots - Inigo Barreira (Sectigo)

*	SC-64 Moratorium for certificate consumers - Passed
*	SC-59 Weak Keys - Thomas Zermeno (SSL.com) sent for voting period
that starts today

*	Mads Henriksveen (BuyPass AS) asked if Debian can be removed from
the ballot. This limits the number of key sizes that can be used. Clint
Wilson (Apple) said that the ballot will keep Debian in, but if someone
wants to propose removal, they should propose that change.

*	SC-XX OCSP is Optional - Ryan Dickson (Google) will send an update
based on the suggestions through the mailing list that include language and
formatting changes. Next round of discussion will start later today.

 

 

Any Other Business - Inigo Barreira (Sectigo)

*	None

 

Next meeting is July 6, 2023

 

 

Meeting Adjourned

 

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230707/9dec62b6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6853 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230707/9dec62b6/attachment-0001.p7s>