Roll Call: Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (DigiCert), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jos Purvis (Cisco Systems), Leo Grove (SSL.com), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Sleevi (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wendy Brown (US Federal PKI Management Authority)
Antitrust Statement read by Jos Purvis
The agenda was reviewed.
Approval of prior minutes
The minutes of March 19th were not available for review. The face to face meeting minutes were approved.
Forum Infrastructure Update
Jos provided the update: Issues with mailman have been resolved. Monitoring scripts have been added so notification of outages is sent. No updates on github tooling work other than some requests on font sizes. Need an smtp server account setup. Discussion of revamped website occurred. Will create a test website so that it can be evaluated by others during development. On membership management, a new Google sheet will be created to address the issues there.
Code Signing Update
Bruce gave the update. End of voting for CSCWG-8 today. Approval expected. Other ballots on subscriber key protection for individual users or in the cloud, are under discussion. Discovering some cleanup issues that need to be addressed in a future cleanup ballot.
S/MIME Working group update
Stephen Davidson gave the update. Discussed the progress of the draft SMIME BR which are in GitHub, and some of the observations that have arisen the process regarding where/when to “copy over” content from the BR versus “refer out” to content from the BR. Had a detailed walk thru of the proposed requirements for domain auth and mailbox control to solicit feedback on that text. We will start collecting issues in the CABF to capture topics that are of interest but will be dealt with in a later version 1.x of the SMIME BR.
Commenced discussion of the specific Mailbox-validated certificate profile. Conversation returns to the subject of how to appropriately define a stricter baseline for SMIME certs while also bringing the wider implementations of public email Protection certs (which may not be solely dedicated to SMIME) into better conformity. Links will be provided to the above materials in the SMCWG public list in the coming days for those that are interested.
2021 F2F meeting schedule
June 15-17, will be virtual. Fall meeting is tentatively scheduled for October in Minneapolis but this will be reevaluated after the June meeting.
No new membership applications.
Next call April 15th