Final minutes of the 2024-09-19 validation-sc meeting

[Corey Bonnell]

These minutes were approved on the 2024-11-14 validation-sc meeting.

 

Validation Subcommittee – 19 September 2024
Minute Taker: Michael Slaughter (Amazon)

 

Attendees: Aaron Poulsen (Amazon), Andrea Holland (VikingCloud), Ben Wilson (Mozilla), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Dustin Hollenback (Microsoft), Gurleen Grewal (Google), Jaime Hablutzel (WISeKey), Mahua Chaudhuri (Microsoft), Michael Slaughter (Amazon), Nargis Mannan (VikingCloud), Rollin Yu (TrustAsia), Ryan Dickson (Google), Scott Rea (eMudhra),Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Tim Hollebeek (DigiCert), Doug Beattie (GlobalSign), Steven Deitte GoDaddy, Pekka Lahtiharju - (Telia), Greg Tomko (GlobalSign), Pedro FUENTES (WISeKey), Nate Smith (GoDaddy), Miguel Sanchez (GTS)

Meeting Kickoff:

• Corey welcomed participants and noted the meeting has started.
• Slaughter will take notes.
• Corey read the note-well
• Corey read the participants list (above)
• Approved the meeting minutes from the September 5th meeting. No objections.
• Topic: Validation Subcommittee F2F Topic Selection Discussion
• Proposed Validation Subcommittee Agenda Item 1: Item from Backlog
• Corey proposed taking a look at the backlog to determine if any of the in-progress items would make for a good discussion at the F2F. The group determined that the in-progress items did not require further discussion.
• Proposed Validation Subcommittee Agenda Item 2: Encoding validation methods into certificates
• Wayne suggested the topic of encoding validation methods into security policies and how to encode them into the certificate.
• Tim mentioned that this topic was brought up 3-5 years ago and suggested that it would be helpful if someone summarized the previous discussion.
• Corey found server certificate #459 which pertains to the topic and will be discussed as part of the server certificate working group. Clint volunteered to pull together past conversations and continue the discussion.
• Proposed Validation Subcommittee Agenda Item 3: Validation Transparency
• Tim brought up the concept of Validation Transparency logs that would be for the purpose of CAs having publicly trusted logs for other aspects of the certificate. Tim agreed to put together a few slides for the F2F.
• Proposed Validation Subcommittee Agenda Item 4: Concurrent DCV
• Ryan brought up that there have been at least two events with high degrees of disruption due to DCV failures. Ryan proposed the idea of Concurrent DCV, where performing two validation methods could help avoid a revocation if one method is flawed. Ryan Dickson volunteered to lead the discussion and provide thoughts on the mechanics.
• Proposed Validation Subcommittee Agenda Item 5: DNSSEC for DCV
• Clint has a concrete proposal and a ballot to discuss requiring DNSSEC validation for CAA records when the domain is DNSSEC-enabled.
• Selected Topics:
• Server Cert WG (Wednesday)
• Encoding validation methods into certificates (Clint)
• Validation WG (Thursday)
• Validation Transparency (Tim)
• Concurrent DCV (Ryan)
• DNSSEC for DCV (Clint)
• Corey suggested providing 30 minutes for each item.
• Trev recommended reserving some time for the WHOIS-related email.
• Corey said the ballot is already at the Server Cert committee and should remain there to avoid fracturing the conversation.
• Clint suggested discussing deprecating validation methods that do not encourage automation, such as postal mail validation.
• Topic: October 3rd Meeting Cancellation
• Corey asked the group if they wanted to cancel the October 3rd meeting, and the group agreed to cancel it.
• Topic: Threat Model Discussion
• Corey summarized the purpose and progress of the Method 7 threat modeling exercise.
• The DNS based validation process can be subverted in multiple ways, so the group is using the STRIDE model to identify components, interactions, threats, and mitigations.
• Ryan Dickson brought up the threat of a third-party resolver changing behavior without notice, resulting in a mis-issuance.
• Trev emphasized that the problem is the third party making those changes without notice and suggested that a potential mitigation to that threat would be a contract that obligates the notify the CA of changes.
• Tim re-framed the discussion as the question: “what assurances a CA needs from a third party to ensure operational characteristics do not change in consequential ways?:”.
• Tobias suggested the broader threat is non-authoritative answers being treated as authoritative.
• Tim offered ways to break down the broader threat into various subcategories, including the takeover of root, TLD, or SLD, and acknowledged that the mitigation for each threat might be different, including risk acceptance.
• Corey added the CA's DNS resolver, the Root DNS resolver, the TLD DNS resolver, and the Applicant's DNS resolver to the entities/components list.
• Clint suggested exploring the Public Suffix List (PSL) as a potential threat area.
• Corey added the PSL to the entities/components list and suggested the interaction point between the PSL and DNS-based validation is wildcard certificate issuance.
• Clint pointed out that the PSL is part of the definition of the base domain name and has to do with the scope of what can be validated, and having resolvers aware of the PSL could prevent CAs from making easily avoidable mistakes.
• Slaughter added that Clint's point is interesting because it expands the conversation to include other aspects of DNS-based validation beyond DNS resolution.
• Corey concluded the call and said the conversation will continue after the face-to-face.