Final minutes for the Validation-sc meeting on 2026-01-08
Corey Bonnell
These are the final minutes of the teleconference described in the subject of this message as prepared by Corey Bonnell. These minutes were approved on the January 22nd, 2026 meeting of the validation-sc.
---
Minutes of the Validation Sub-committee 2026-01-08
Minute-taker: Corey Bonnell
- Attendees
Aaron Gable (Let's Encrypt), Aaron Poulsen (Amazon), Adriano Santoni (Actalis S.p.A.), Arman Asemani (Apple), Ben Wilson (Mozilla), Chris Clements (Google), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Apple), Eric Kramer (Sectigo), Gregory Tomko (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Johnny Reading (GoDaddy), Mahua Chaudhuri (Microsoft), Martijn Katerbarg (Sectigo), Michael Slaughter (Amazon), Michelle Coon (OATI), Nate Smith (GoDaddy), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Pekka Lahtiharju (Telia Company), Rich Smith (DigiCert), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Ryan Dickson (Google), Sean Huang (TWCA), Shiloh Heurich (Fastly), Steven Deitte (GoDaddy), Sven Rajala (Keyfactor), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Wiktoria Więckowska (Asseco Data Systems SA (Certum))
- Minutes
Corey read the Note-Well.
The October 30th meeting minutes were approved.
The December 11th meeting minutes were approved.
-- Authorization Domain Name Improvement Ballot
https://github.com/cabforum/servercert/pull/627
Michael Slaughter said that language regarding the selection of the Authorization Domain Name (ADN) in method 22 needs to be aligned with the ballot's revised definition.
Dimitris suggested that prior to finalizing the ballot language, the group should review the use of ADN in other parts of the BRs to ensure that the revised definition does not conflict or otherwise inadvertently change requirements.
Rich Smith asked whether the persistUntil parameter in method 22 overrides the validation reuse period of 10 days. Michael Slaughter said that the reuse period is 10 days regardless of the persistUntil value.
Rich raised a concern that the current language in the ballot regarding ADN selection when following a CNAME only allows following a single CNAME and not a chain/multiple CNAME records. Aaron said that RFC 1034 specifies that only a single CNAME is followed when explicitly querying for CNAMEs. However, he said that he sees no issue if following multiple CNAMEs is allowed. Dimitris agreed.
Ryan Dickson asked if anyone saw value in creating a test suite for these normative changes. Toby and Rich agreed it would be useful and offered to help implement.
Aaron said he will provide a comprehensive overview of allowing multiple CNAMEs while selecting the ADN (available at https://groups.google.com/a/groups.cabforum.org/g/validation/c/oGU5pA3jV6c).
No other concerns or questions on the ballot were raised.
-- Other business
No other business, next meeting on January 22nd.
Meeting adjourned.
--
You received this message because you are subscribed to the Google Groups "Management (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to management+...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/management/DS0PR14MB621687B762E3F4504F70BCC6928CA%40DS0PR14MB6216.namprd14.prod.outlook.com.