[Servercert-wg] Final minutes SCWG call March 28th

Inigo Barreira Inigo.Barreira at sectigo.com
Fri Apr 26 07:46:31 UTC 2024


These are the Final Minutes of the Teleconference described in the subject
of this message.



Server Certificate Working Group - 28 March 2024


1.Roll Call


Aaron Gable - (ISRG), Aaron Poulsen - (Amazon), Abhishek Bhat - (eMudhra),
Adam Jones - (Microsoft), Adrian Mueller - (SwissSign), Alvin Wang -
(SHECA), Andreas Henschel - (D-Trust), Adriano Santoni (Actalis), Antti
Backman - (Telia Company), Atsushi Inaba - (GlobalSign), Ben Wilson -
(Mozilla), Brianca Martin - (Amazon), Bruce Morton - (Entrust), Clint Wilson
- (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), Dean Coclin
- (DigiCert), Dong Wha Shin - (MOIS), Jaime Hablutzel - (OISTE Foundation),
Jay Wilson - (Sectigo), Johnny Reading - (GoDaddy), Jos Purvis - (Fastly),
Karina Sirota - (Microsoft), Keshava Nagaraju - (eMudhra), Klran Tummala -
(Microsoft), Luis Cervantes - (GoDaddy), Lynn Jeun - (VisaMarco Schambach -
(IdenTrust), Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Michael
Slaughter - (Amazon), Miguel Sanchez - (Google), Nargis Mannan -
(VikingCloud), Nate Smith - (GoDaddy), Naveen Kumar - (eMudhra), Nicol So -
(CommScope), Nome Huang - (TrustAsia), Paul Van Brouwershaven - (Entrust),
Rich Kapushinski - (CommScope), Rich Smith - (DigiCert), Sandy Balzer -
(SwissSign), Scott Rea - (eMudhra), Stephen Davidson - (DigiCert), Tathan
Thacker - (IdenTrust), Thomas Zermeno - (SSL.com), Trevoli Ponds-White -
(Amazon), Wayne Thayer - (Fastly), Wendy Brown - (US Federal PKI Management
Authority), Yashwanth TM - (eMudhra), Yoshihiko Matsuo - (Japan Registry
Services).

2. Read note-well

The note-well was read by Paul.

3. Minutes

a) Minutes from the February 15, 2024 Teleconference

- The minutes has not been circulated yet. 

b) Minutes from the February 27, 2024 F2F meeting(minutes were distributed
2024-03-06)

- The minutes were approved.

c) Minutes from the March 14, 2024 Teleconference (minutes were distributed
2024-03-15)

- The minute were approved. 

4. Issued/Topics to discuss

a) Ballot SC70: Clarify the use of DTPs for Domain Control Validation

- During the review period one member has files an exclusion notice
according to Article 2.4, and the results of the initial vote are rescinded
and deemed null and void. 

- Ben Wilson started the process of forming a patent advisory group and he
is collecting names and email addresses of those interested in
participating.  

- The membership criteria for the Patent Advisory Group (PAG) is unclear,
specifically in relation to sections 7.1 and 7.2 of the IPR policy. Aaron
said PAG in section 7.2 of IPR Policy doesn't have an entry for the
exclusion notice, and we should revise the IPR Policy. 

- There was discussion about clarifying the use of domain validation and the
need for GoDaddy's involvement in understanding the exact patent claims.

- Theres was a discussion about time limits for filing exclusion notices and
how it interacts with membership periods. Nicol raises a question about the
clarification of substantive requirements and its interaction with the time
window for filing exclusion notices. Ben acknowledges the point and suggests
further examination of the situation. Aaron highlighted a concern about
unclear interactions between exclusion notices and existing guidelines.

b) SC72 voting period ends on April 1st, 24.

- There was a discussion about whether votes on the discussion period should
be considered valid, with some members suggesting that as long as the vote
is clear and during the voting period, it should be accepted.

c) SC67 discussion period ends April 17th, 24. 

- No comments

d) Review Period - Compromised/weak keys

- There was a suggestion to remove language regarding Debian weak keys and
have a third party submit all weak keys to certificate problem reporting
addresses.

- Wayne said he will change current requirement, add the additional weak key
requirements and move forward as a ballot.

e) Draft / Under Consideration

*	SCXX - Profiles cleanup ballot - on hold
*	SC71 - Subscriber agreement and terms of use consolidation 
*	SCXX - Measure all hours and days to the second - on hold
*	SC73 - Introduce linting in the TLS BRs
*	SC74 - Clarify CP/CPS structure according to RFC 3647

5.Next call: 11 April

6.Adjourn

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240426/3f597be8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6630 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240426/3f597be8/attachment-0002.p7s>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240426/3f597be8/attachment-0001.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6630 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240426/3f597be8/attachment-0003.p7s>


More information about the Servercert-wg mailing list