Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Draft minutes for 2024-10-17 validation-sc meeting

371 views
Skip to first unread message

Nargis Mannan

unread,
Oct 29, 2024, 4:34:01 PM10/29/24
to valid...@groups.cabforum.org

Draft Minutes of the Validation Subcommittee Meeting on 2024-10-17

 

Attendees:

Aaron Gable (Let's Encrypt), Aaron Poulsen (Amazon), Ben Wilson (Mozilla), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Gurleen Grewal (Google), Iñigo Barreira (Sectigo), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kiran Tummala (Microsoft), Mahua Chaudhuri (Microsoft), Martijn Katerbarg (Sectigo), Michael Slaughter (Amazon), Michelle Coon (OATI), Miguel Sanchez (Google), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Paul van Brouwershaven (Entrust), Rebecca Kelly (SSL.com), Ryan Dickson (Google), Scott Rea (eMudhra), Stephen Davidson (DigiCert), Sven Rajala (Keyfactor), Tobias Josefowitz (Opera Software AS)

 

Meeting Commencement:

  • Corey Bonnell read the note-well and conducted the roll call.

 

Minutes: 

  • Corey have not received the minutes from September 19th meeting yet. He will follow up to check the status of the minutes for approval soon.
  • Corey will circulate the F2F minutes to the management list and will request approval in the next meeting.

 

Agenda:

  • Corey raised the topic from F2F meeting about forming a work team for concurrent DCV and wanted to check if there has been any progress on creating an email list for coordinating that effort. Ryan volunteered to lead the effort and will send an email to the validation subcommittee for those interested in participating.
  • Discuss certificate lifetime and validation reuse pre-ballot.

 

Discussion on reducing certificate validity periods and reducing data reuse periods:

  • Clint initiated a discussion emphasizing the need for a general consensus on whether we fully understand the value and benefits of these changes.
  • Clint raised the question on the effective dates for each of these changes and requested feedback on which dates would be most appropriate for the reduction of certificate validity period and reduction of domain validation data reuse.
  • Clint also raised a question about whether the number of days for the certificate validity period and data reuse are correct.
  • It was suggested to split the ballot into two separate ones, but the general consensus was to keep them together.
  • Aaron suggested that the ballot should be fully aligned, with all three tables having effective dates in 2025, 2026, and 2027.
  • Clint agrees with Aaron's suggestion and thinks it makes sense.
  • Doug asked about different reuse or validity periods for DV versus OV certificates, but Clint doesn't see that as central to the issue we're trying to address.
  • Ryan referenced Zane's presentation at the F2F meeting and recommended that everyone review his research. After the presentation, Zane was asked whether EV and OV certificates would be immune to the challenges described, and he confirmed that this was not the case and that it would equally affect all validation types specified by the TLS BRs.
  • Dimitris suggested that we analyze Zane's research if we intend to use it as a foundation for future ballots and discussions.
  • Clint suggested that it would be useful to address this as a topic related to, but separate from, the ballot. He also suggested discussing it as part of a broader conversation on how the forum incorporates academic security research into its decision-making process.
  • As a next step, Dimitris will circulate an email to the Server Cert mailing list to initiate this discussion.
  • Ryan suggested that a good next step for further discussion would be to invite Zane as a guest and ask him specific questions about his research.
  • Discussion on where to discuss the ballot: Validation Subcommittee or Server Cert Working Group.
  • Agreement to start discussions in the Validation Subcommittee and then transition to Server Cert for formal validation.
  • Next steps include adding the ballot to the agenda in two weeks for further discussion.
  • No time to discuss the stride model for method seven, will be pushed off until next time.

 

 

Nargis Mannan
Software Engineer
VikingCloud
M: 303.807.9326

9ZMh6uPfR1vAAAAAElFTkSuQmCCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Learn more: vikingcloud.com


signature_1709912390  PpQbm28AAAAASUVORK5CYIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  signature_814374552  signature_309010058

 





Company Registration Details
VikingCloud is the registered business name of Sysxnet Limited. Sysxnet Limited is registered in Ireland under company registration number 147176 and its registered office is at 1st Floor, Block 71a, The Plaza, Park West Business Park, Dublin 12, Ireland.

Email Disclaimer
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. Sysxnet Limited is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt..

Reply all
Reply to author
Forward
0 new messages