Aaron Gable (Let’s Encrypt), Adam Clark (Visa), Adam Jones (Microsoft), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (Digicert), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumihiko Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Israel Ventura (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Miguel Sanchez (Google), Natalia Kotliarsky (SecureTrust), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Pekka Lahtiharju (Telia Company), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijay Kumar (India PKI Forum), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
Dean captured the roll.
Read Antitrust Statement
Jos read the antitrust statement.
Dean reviewed the agenda. No changes.
Approval of minutes of last call (Dec 9th and Jan 6th).
Dec 9th minutes – minor update to NIST 800-63 version (formerly listed ast NIST 863)
Other than that, no issues were communicated.
Forum Infrastructure Subcommittee update (Jos Purvis)
No meeting, no update.
Code Signing Certificate Working Group update (Bruce Morton)
Still working on subscriber key protection ballot
Eventually will move into changing BR format into 3647 format
Working on planning F2F updates
S/MIME Certificate Working Group update (Stephen Davidson)
- Met yesterday (1/19)
- Several items on agenda, only able to discuss the first.
- Methods for mailbox validation
- Draft language that exists for the domain validation methods coming from the BRs, as well as the possibility of authenticating control over an individual mailbox (the first option is the bulk authorization for an enterprise RA, the second, for example, is for a one off approval)
- New proposed method – new to us and the TLS BRs, proposed by Foutis (Google) to use mxrecords.
- A lot of discussion surrounding this because it has similarities to discussions that have taken place in the TLS group related to CNAMEs.
- General agreement it’s an important method to include – people are digging into how we express it.
- Some discussion on validity of random values (adopted from TLS BRs) – where possibly the adopted timeframes were too long and should be revisited.
- Have this discussion take place upstream at the TLS group.
- Some related discussions that will be picked up at the next meeting related to information reuse periods, and different aspects of enterprise RAs.
NetSec Working group establishment and report
Updates from Ben:
- Need to update Google Sheet/Membership records
- Clint has been helping with updates
- Discussed resetting the meeting time, perhaps into the infrastructure committee slot (more participants in the NetSec group, would be ideal if Infrastructure group could move to a different time). In any event, there will be a poll to help determine the future meeting time.
- Current time slot (11 AM PT) is not favorable for folks in Europe.
Next F2F: Salt Lake City, Feb 22-24
- Chairs and Vice Chairs are meeting on 1/21 to discuss and set agenda.
- If you are coming in person, please fill out the Wiki (dedicated section depending on participant type).
- If attending in-person, there are discounted rates available at the hotel
- Dean is looking forward to getting the group together.
Any Other Business?
February 3, 2022