[cabf_validation] Draft Minutes for the Validation Subcommittee Meeting held on June 15, 2023

Martijn Katerbarg martijn.katerbarg at sectigo.com
Thu Jul 13 15:21:24 UTC 2023



Typo-corrected draft minutes can be found below.



Aaron Gable - (Let's Encrypt), Aaron Poulsen - (Amazon), Aneta Wojtczak-Iwanicka - (Microsoft), Ben Wilson - (Mozilla), Bruce Morton - (Entrust), Cade Cairns - (Google), Chris Clements - (Google), Clint Wilson - (Apple), Corey Rasmussen - (OATI), Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Enrico Entschew - (D-TRUST), Gurleen Grewal - (Google), Janet Hines - (VikingCloud), Johnny Reading - (GoDaddy), Joseph Ramm - (OATI), Li-Chun Chen - (Chunghwa Telecom), Michael Slaughter - (Amazon), Michelle Coon - (OATI), Miguel Sanchez - (Google), Nargis Mannan - (VikingCloud), Nate Smith - (GoDaddy), Paul van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE Foundation), Pekka Lahtiharju - (Telia Company), Rebecca Kelley - (Apple), Rollin Yu - (TrustAsia Technologies, Inc.), Ryan Dickson - (Google), Tim Hollebeek - (DigiCert), Tobias Josefowitz - (Opera Software AS), Trevoli Ponds-White - (Amazon), Wayne Thayer - (Fastly)


Antitrust Statement

Tim Hollebeek read the Antitrust Statement


Multi-perspective draft ballot

Ryan presented (https://docs.google.com/presentation/d/1HazM2Z6hOrQc0aCmdaR_UcX49iLDSrCmlQSEwUsaVxY/edit?usp=sharing) and update on the progress of the multi-perspective DCV ballot.


Discussion points outside of the presentation content:

*	Tim raised an issue with at least one of the organizations who are collaborating on the proposal not having signed an IPR agreement. Ryan mentioned he would pursuit this issue.
*	Doug asked for clarification on if checking CAA records through multiple network perspectives will also be part of this ballot. Ryan confirmed this is the case.
*	Tim proposes hardening the system security requirements over the currently proposed ones, in where most of these are a SHOULD. Ryan clarified that they’re trying to solve this without causing issued for audits.


Continuation of the discussion from the F2F on CNAME delegation to the CA for domain validation

*	Ben requested the old ballot discussion link. Tim will provide this.
*	Ben mentions an issue with just allowing CAs to do delegated domain validation without any specifications, and a particular CA patenting the best method. We’re better off specifying in the guidelines how CAs need to do it.
*	Clint tried to find CAs that are currently performing domain validations for their customers and was not able to find any. As such he’s not sure why there seems to be urgency on resolving this issue.
*	Aaron points out that it seems a lot of CA resellers currently are doing this already, which is an issue, however we as CA/B can only impose rules on CAs, not directly on their resellers. As such it seems we cannot completely mitigate this issue.
*	Trevoli mentions that we have a lot of focus on automation and anything supporting automation. Every time we bring this up, this proposal surfaces, and enabling / allowing this would be a tool in furthering our automation goals.
*	Clint agrees with Trevoli’s comments and adds that we need to add proper requirements and perform a risk assessment on what can go right and wrong.

The discussion will be continued on the next validation call.


Next Meeting:

June 29, 2023



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20230713/412b9b9e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6807 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20230713/412b9b9e/attachment-0001.p7s>

More information about the Validation mailing list