Subject: Final minutes of the SCWG call of April 25th
These are the Final Minutes of the Teleconference described in the subject of this message, prepared by Ryan Dickson (Google Chrome). Server Certificate Working Group Agenda 25 April 2024 Attendees: Aaron Poulsen (Amazon Trust Services), Adam Jones (Microsoft), Andrea Holland (VikingCloud), Ben Wilson (Mozilla), Bindi Davé (DigiCert), Brianca Martin (Amazon), Chris Clements (Google Chrome), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Dimitris Zacharopoulos (HARICA), Dong Wha Shin (MOIS), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-Trust), Gregory Tomko (GlobalSign), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Janet Hines (VikingCloud), Jay Wilson (Sectigo), Johnny Reading (GoDaddy), Keshava Nagaraju (eMudhra), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Mads Henriksveen (Buypass AS), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Michael Slaughter (Amazon Trust Services), Miguel Sanchez (Google Trust Services), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Peter Miskovic (Disig), Rollin Yu (TrustAsia), Ryan Dickson (Google Chrome), Scott Rea (eMudhra), Sissel Hoel (Buypass), Stephen Davidson (DigiCert), Steven Deitte - (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Zermeno ( <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fssl.com%2F &data=05%7C02%7Cinigo.barreira%40sectigo.com%7Cec1a9e714b11414d3ea308dc686cf b41%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638500064567763323%7CUnknow n%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6 Mn0%3D%7C0%7C%7C%7C&sdata=xfphV2NWCVE2ABLMT0OX4sb4ozpdhKO6d7RJNzFMsYk%3D&res erved=0> SSL.com), Tim Hollebeek (DigiCert), Trevoli Ponds-White (Amazon Trust Services), Tsung-Min Kuo (Chunghwa Telecom), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yashwanth TM (eMudhra) Begin Recording and Roll Call The calls recording was enabled. Inigo greeted participants and opened the meeting. Ryan Dickson is taking minutes. Inigo completed Roll Call (attendees listed above). Read Note-well Inigo read the Note-well. Review Agenda Inigo reviewed the agenda. No additional agenda items were raised for discussion. Minutes: The following minutes were distributed prior to the call: Minutes from February 15th circulated on April 11 Minutes from March 28th circulated on April 22 Minutes from April 11th circulated on April 18 There was no discussion on the above sets of minutes, they are considered approved. Inigo will soon publish the approved minutes to the website. Membership: N/A - no open requests. Issues/topics to discuss Inigo pre-staged three discussion items. GitHub open issues triage (10 issues per call min): 153, 154, 160, 181, 187, 193, 229, 243, 148 and 252 PAG F2F agenda Discussion: GitHub open issues: On triage approach: Ping issues twice a year. If no update in six months, evaluate the issue and determine whether it should be closed, re-prioritized, or re-assigned. If an issue hasnt been touched in three years, it might be closed. We discussed the 10 oldest issues: 153 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F153&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567777357%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=vgY%2BIx%2 FmDxHH%2B%2BVx6gOZ5AKGA6aBUFTyWTk054CKTwM%3D&reserved=0> Update from Corey: Not a high priority, but still should be completed. Collaboration welcome. Additional discussion: Tim noted this would be an easy First Ballot" for someone looking to learn the balloting process. We should consider applying that label to issues, where appropriate. <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F154&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567787887%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=r4c6Vlpi4L 1qBplQwmiA6YtAjKg9AB0IfyzHQhDfiDw%3D&reserved=0> 154 Update from Corey: I think this can be closed due to the Profiles Ballot. Additional discussion: Clint mentioned the only action left, as he recalled, was verifying the profile ballot addressed the issue. The group discussed and decided to close the issue, though it can always be reopened if anyone disagrees. <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F160&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567796401%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=kFM3cFqUCG Krkx7SFTESo%2FBjAYbg4pkLIZ%2FPhpUVUXs%3D&reserved=0> 160 Update from Clint: Profiles Ballot helps with some of this, but theres still some potential improvements we could make. His last thought was to see if it was something wed address in the Definitions and Glossary Working Group. Still ongoing. We later went back to this discussion, and Clint shared what additional clarifications we might benefit from. Tim recalled the discussion might relate to SRV names (which would need to be addressed first in the IETF). This issue should be left open. 181 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F181&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567804512%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=jNAZn0xwfM 9Gf%2BgRMWYQTvOf71QXuoljHRyvDjBWGxk%3D&reserved=0> Update from Inigo: No clear action owner. Additional discussion: This should be a clean-up item. Label added. 187 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F187&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567811384%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=MW%2F7F%2B XA1twuiIhy8Z9WIe0iuK2xh09mWp%2FlKosPMoM%3D&reserved=0> Update from Inigo: Assigned to Pedro (not on call) Additional discussion: The issue appears to challenge the existing requirements. The described goal of the update would be to reduce opportunity for the existing requirements to be misinterpreted - especially when considering the order of operations that might take place. Trev asked whether we need these types of callouts for Technically-Constrained CAs. Tim thinks the rules are pretty clear today. Dimitris accepts action to also join the review and to help determine next steps. 193 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F193&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567817751%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=7YPOMneyXB MY36GScH0eL7PbcHunV1lCxei%2BJyBG%2Bhs%3D&reserved=0> Update from Inigo: This is related to 432 ( <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F432&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567823202%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=RDm5KtH9Q1 AkyAELfmoT97iULyDtyX8cHWBdHGCA3ko%3D&reserved=0> style <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F432&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567829239%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=XS5PB8tTSZ qGzXp4jFwhuB5vaXPAD%2F4KVSz6DB0nXXc%3D&reserved=0> guide). Additional discussion: Tim described the EV Guidelines describe CAs can set a date, but theres no expected format defined - resulting in inconsistency across EV issuers. This is another example of a good First Ballot" item. Ben mentioned an open Incident Report related to DigiCert may result in some of this language being updated, and perhaps this could also be considered at that time. 229 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F229&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567835187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=SDRSIHrJQB uRHd7a0%2B%2BF1o%2FMIV2CryEU8YFuTgLa6fw%3D&reserved=0> Update from Dimitris: We now indicate which Validation methods allow wildcards, this issue can be closed. Clint mentioned there is likely still a useful change to take place in 3.2.2.6 because an appropriate way" is unclear. As described in Dimitris comment, this concern could be remedied (i.e., appropriate way" needs to point to the actual methods we have defined.) Issue updated to clarify this status. 243 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F243&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567840831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5GMFpAYG7X VR8nQ%2BKqfx3SjANsCX5%2FStTcSr3HY2Rns%3D&reserved=0> Update from Tim: This is a clean-up item. While some sections should have requirements written, No stipulation" is more appropriate than blank 148 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F148&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567847936%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3EW6Ff2sfL ytTL%2BU3iJ0GR3y10ChbKImzKH%2FAh9wD%2BM%3D&reserved=0> Discussion: This can be closed. 252 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fissues%2F252&data=05%7C02%7Cinigo.barreira%40sec tigo.com%7Cec1a9e714b11414d3ea308dc686cfb41%7C0e9c48946caa465d96604b6968b49f b7%7C0%7C0%7C638500064567854654%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=jF5Tif40gx MFatqJbHXtE83kG8LEleXi82vQZGrsn44%3D&reserved=0> Discussion: This would make a good F2F discussion, lets consider broader discussion at the F2F. Inigo took action to plan future agenda item. PAG Ben shared an invite for a PAG meeting on Monday (4/29) at 11am ET - the claimant of the exclusion (GoDaddy) was not included. Ben asked if anyone had questions about the process, there were none. Inigo suggested Ben share an update at the F2F for broader visibility. Ben indicated there might not yet be any updates available at that time, but an update might be worthwhile (depending on the circumstances). F2F agenda Send Inigo any discussion ideas for the F2F. Ballot Status see list below Inigo shared overview of the in discussion ballots SC67: Ryan indicated discussion Round 2 may start as early as tomorrow. SC71: Dustin and Ben expressed updates are pending, subsequent round of discussion to be opened at a later time. SC73: Wayne indicated the discussion period ends this afternoon, no feedback so far. Wayne is planning to move for voting later today or tomorrow. Review Period SC74 Clarify CP/CPS structure according to RFC 3647 Dimitris shared a pre-ballot with the list. Aaron from ATS volunteered as an endorser. Tim volunteered to endorse, Dimitris will move forward with Discussion. Draft / Under Consideration SCXX Profiles cleanup ballot on hold SCXX Measure all hours and days to the second on hold- removed SCXX Introduce linting in the TLS BRs There are endorsers, draft language is on Wiki, its a work in progress. Any Other Business None Next call: 9 May Adjourn
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg