Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Final minutes of the 2024-10-17 validation-sc meeting

31 views
Skip to first unread message

Corey Bonnell

unread,
Nov 14, 2024, 1:10:29 PM11/14/24
to valid...@groups.cabforum.org

These minutes were approved on the 2024-11-14 validation-sc meeting.

 

Final Minutes of the Validation Subcommittee Meeting on 2024-10-17

 

Attendees:

Aaron Gable (Let's Encrypt), Aaron Poulsen (Amazon), Ben Wilson (Mozilla), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Gurleen Grewal (Google), Iñigo Barreira (Sectigo), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kiran Tummala (Microsoft), Mahua Chaudhuri (Microsoft), Martijn Katerbarg (Sectigo), Michael Slaughter (Amazon), Michelle Coon (OATI), Miguel Sanchez (Google), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Paul van Brouwershaven (Entrust), Rebecca Kelly (SSL.com), Ryan Dickson (Google), Scott Rea (eMudhra), Stephen Davidson (DigiCert), Sven Rajala (Keyfactor), Tobias Josefowitz (Opera Software AS)

 

Meeting Commencement:

  • Corey Bonnell read the note-well and conducted the roll call.

 

Minutes: 

  • Corey have not received the minutes from September 19th meeting yet. He will follow up to check the status of the minutes for approval soon.
  • Corey will circulate the F2F minutes to the management list and will request approval in the next meeting.

 

Agenda:

  • Corey raised the topic from F2F meeting about forming a work team for concurrent DCV and wanted to check if there has been any progress on creating an email list for coordinating that effort. Ryan volunteered to lead the effort and will send an email to the validation subcommittee for those interested in participating.
  • Discuss certificate lifetime and validation reuse pre-ballot.

 

Discussion on reducing certificate validity periods and reducing data reuse periods:

  • Clint initiated a discussion emphasizing the need for a general consensus on whether we fully understand the value and benefits of these changes.
  • Clint raised the question on the effective dates for each of these changes and requested feedback on which dates would be most appropriate for the reduction of certificate validity period and reduction of domain validation data reuse.
  • Clint also raised a question about whether the number of days for the certificate validity period and data reuse are correct.
  • It was suggested to split the ballot into two separate ones, but the general consensus was to keep them together.
  • Aaron suggested that the ballot should be fully aligned, with all three tables having effective dates in 2025, 2026, and 2027.
  • Clint agrees with Aaron's suggestion and thinks it makes sense.
  • Doug asked about different reuse or validity periods for DV versus OV certificates, but Clint doesn't see that as central to the issue we're trying to address.
  • Ryan referenced Zane's presentation at the F2F meeting and recommended that everyone review his research. After the presentation, Zane was asked whether EV and OV certificates would be immune to the challenges described, and he confirmed that this was not the case and that it would equally affect all validation types specified by the TLS BRs.
  • Dimitris suggested that we analyze Zane's research if we intend to use it as a foundation for future ballots and discussions.
  • Clint suggested that it would be useful to address this as a topic related to, but separate from, the ballot. He also suggested discussing it as part of a broader conversation on how the forum incorporates academic security research into its decision-making process.
  • As a next step, Dimitris will circulate an email to the Server Cert mailing list to initiate this discussion.
  • Ryan suggested that a good next step for further discussion would be to invite Zane as a guest and ask him specific questions about his research.
  • Discussion on where to discuss the ballot: Validation Subcommittee or Server Cert Working Group.
  • Agreement to start discussions in the Validation Subcommittee and then transition to Server Cert for formal validation.
  • Next steps include adding the ballot to the agenda in two weeks for further discussion.
  • No time to discuss the stride model for method seven, will be pushed off until next time.

 

 

Reply all
Reply to author
Forward
0 new messages