[cabf_validation] Draft minutes of Validation Subcommittee 2023-08-24

Andrea Holland andreaholland at vikingcloud.com
Wed Sep 6 17:30:08 UTC 2023


Validation Subcommittee Meeting: August 24, 2023
Attendance
Aaron Gable (Let's Encrypt), Aaron Poulsen (Amazon), Abhishek Bhat (eMudhra), Andrea Holland (VikingCloud), Aneta Wojtczak-Iwanicka (Microsoft), Ben Wilson (Mozilla), Bilal Ashraf (SSL.com), Bruce Morton (Entrust), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Inigo Barreira (Sectigo), Li-Chun Chen (Chunghwa Telecom), Martijn Katerbarg (Sectigo), Michael Slaughter (Amazon), Michelle Coon (OATI), Nargis Mannan (VikingCloud), Nome Huang (TrustAsia Technologies, Inc.), Paul van Brouwershaven (Entrust), Rebecca Kelley (Apple), Roman Fischer (SwissSign), Ryan Dickson (Google), Scott Rea (eMudhra), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority)
Minutes

  1.  Note-well: Corey B. read.
  2.  Approval of minutes:
     *   June 29 minutes approved.
  3.  Threat Modeling - Corey B.
     *   No update this week, will meet next week.
  4.  Presentation by Q Misell on Sept 7th - Corey B.
     *   Presenting proposal for CAA checking for .onion domain names in two weeks.
     *   Work around using ACME protocol for automated issuance of certificates.
  5.  MPDV/MPIC - Ryan D.
     *   Princeton close to signing IPR.
     *   Request feedback on pull request.
     *   Implementation dates will likely shift back.
     *   Potential open-source projects for implementation.
  6.  Clean up items:
     *   Term to encompass the concept of a current Subscriber that has submitted a certificate request for a new certificate.

                                                   i.      Discussion around Applicant/Subscriber as Applicant or Subscriber vs Applicant and Subscriber vs a new term.

                                                 ii.      Item to be brought to the Definitions WG.

     *   Draft language for Section 1.3.3, where a CA is issuing certificates to itself:

                                                   i.      Ben W. will create a GitHub issue.

     *   References to "hosting service" in section 9.6.3 and other locations.

                                                   i.      Discussion on the wording and use cases.

                                                 ii.      Create issue in SeverCert WG.

*   Sections 4.1 and 4.2 clarify what a "certificate request" is comprised of.

                                                   i.      Further discussion needed.

                                                 ii.      Adding label to GitHub issue for validation subcommittee.

*   Terms of Use when the Subscriber is the CA.

                                                   i.      Create issue in ServerCert WG.

7.       To do items:

*   Revive ballot to distinguish Secret vs. Freshness Random Values.

                                                   i.      Create GitHub issue.

*   Clarify that CAs must maintain validation records for their own Certificates.

                                                   i.      Items being addressed by proposal to change Section 1.3.3 will address this.

*   Fix issue in 3.2.5 to avoid requiring identity verification for DV certificates requested by natural persons.

                                                   i.      Create GitHub issue.

  1.  Next Meeting - September 7
  2.  Adjourned




Company Registration Details
VikingCloud is the registered business name of Sysxnet Limited. Sysxnet Limited is registered in Ireland under company registration number 147176 and its registered office is at 1st Floor, Block 71a, The Plaza, Park West Business Park, Dublin 12, Ireland.

Email Disclaimer
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. Sysxnet Limited is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20230906/5c8ac115/attachment-0001.html>


More information about the Validation mailing list