CAB Forum Certificate Issuers, Certificate Consumers, and Interested Parties Working to Secure the Web
Attendees (in alphabetical order)
Ben Wilson (Digicert), Bruce Morton (Entrust Datacard), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Geoff Keating (Apple), Gordon Bock (Microsoft), Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Kenneth Myers (US Federal PKI Management Authority), Kirk Hall (Entrust Datacard), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rich Smith (Sectigo), Ryan Sleevi (Google), Tim Shirley (SecureTrust), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
Minutes
1. Roll Call
The Chair took attendance
2. Read Antitrust Statement
The Antitrust Statement was read
3. Review Agenda
The Agenda was approved.
4. Approval of minutes from previous teleconference
The minutes from the previous teleconference were approved and will be circulated to the public list.
5. Validation Subcommittee Update
The Subcommittee did not meet due to US holiday.
6. NetSec Subcommittee Update
The Subcommittee discussed about ballots SC20 and SC21 and how to improve the language. They also discussed about the pain points and the document restructuring task tried to create a different table format and renumbering of the NSRs.
7. Ballot Status
No further discussion on ballots under consideration
Ballots in Discussion Period
None
Ballots in Voting Period
None
Ballots in Review Period
Draft Ballots under Consideration
Improvements for Method 6, website control (Tim H.)
No additional comments
SC20 Ballot (NSR 2): System Configuration Management (Ben)
No additional comments
SC21 Ballot (NSR 3): Log Integrity Controls (Ben)
No additional comments
8. Approval of F2F 47 Minutes
Dimitris mentioned that at least one member requested more time to review and offer corrections to some specific sessions so the F2F minutes would not be considered for approval at this meeting. Hopefully the minutes will be updated soon and circulated again so they can be considered for approval at the next scheduled teleconference.
9. Any Other Business
Dean asked for some clarifications on a question that was submitted in the questions list. Ryan responded that the person that submitted the question has probably misunderstood the requirement. Dean said he would draft an answer and send it to Ryan for comments and feedback. If we consider this language to be problematic, someone should bring it for public discussion in the servercert-wg list.
10. Next call
July 25, 2019 at 11:00 am Eastern Time.