Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Natalia Kotliarsky (SecureTrust), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Dickson (Google), Sebastian Schulz (GlobalSign), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
The anti-trust statement was read.
The agenda was reviewed. No changes.
No minutes to approve.
Forum Infrastructure Report
Jos Purvis gave the update.
There was a very brief discussion on the GitHub digest and Corey has started poking into implementing the automated digest email digest to GitHub activity to each of the working groups. He just needs access to send from the account, which Jos is going to be getting him.
Code Signing Working Group Update
Bruce Morton gave the update.
CSC-12 is in the voting period. Working on a ballot for subscriber key protection. Next priority is to update the code signing service requirements. Also want to complete changing CSBRs to the RFC 3647 format.
S/MIME Working Group Update
Stephen Davidson gave the update.
Continuing the discussion on the validity periods. Apple has settled on 825 days. Would be allowable for the 1 legacy policy, which is intended as kind of a short term bridge to allow more of the ecosystem to be pulled into this auditable framework. But the intent is that it would disappear over time. It’s really a debate on the balancing of kind of the desire for automation and policy agility, versus kind of acknowledging the heavy usage of tokens and so forth. There has been some willingness on the part of a certificate consumers to consider 2095 day legacy period, as long as there is a hard date that it would be deprecated. So that’s really an ongoing discussion. We’ve also had a discussion of the contents of the version 1, primary deliverable. Certainly for those who would like to see the evolution of that document, it is publicly available out In the cab form, GitHub repository, there’s, the S/mine section and you would be looking for the SBR. There’s a version called the Pre SBR that is the working draft. The next step in our list of discussions there, was a specific request from a certificate consumer asking to have, as a focused discussion, the topic of external enterprise RAs. So that’s what’s next on our agenda.
Next face to face meeting will be in person hosted by DigiCert in Salt Lake City. Proposed dates are Feb 22-24. RSA Conference is week of Feb 7th. Discussed possibly starting meeting on Weds vs. Tuesday. Dean will send out Doodle poll but preference is to start on Tuesday, Feb 22nd.
Dates have been set for June and October meetings.
June 6-8 Poland (Asseco)
October 24-26 Berlin (D-Trust)
No other business