2022-04-26 Minute of the Network Security Working Group
Attendance
- Adam Jones – Microsoft
- Antti Backman – Telia
- Ben Wilson – Mozilla
- Bruce Morton – entrust
- Christopher Bonjean – GlobalSign
- Clint Wilson – Apple
- Corey Bonnell – DigiCert
- Corey Rasmussen – OATI
- David Kluge – Google Trust Services
- Iñigo Barreira – Sectigo
- Joanna Fox – TrustCor
- Jozef Nigut – Disig
- Paul van Brouwershaven – Entrust
- Prachi Jain – Fastly
- Rebecca Kelley – Apple
- Roman Fischer – SwissSign
- Ruben Annemans – GlobalSign
- Tim Crawford – BDO
- Tobias Josefowitz – Opera
- Tony Seymour – Comsign
- Trevoli Ponds – Amazon Trust Services
Minutes
1. Read Antitrust Statement
a.Clint Wilson read the antitrust statement
2. Roll Call
a. No new members in attendance
3. Review Agenda
a. Approved minutes from previous meetings
b. Review rough drafts of ballot proposals (SLO for Cert Info)
c. Update from Ben Wilson (Mozilla)
d. Open for other business
4. Ballot Status
a. David Kluge (Google Trust Services) shared that the ballot proposal document is in a stage to transfer over to the Certificate Working Group (Thursday Meeting) for review and more input before a formal submission.
i. Clint Wilson suggested sharing the ballot by the Public List would be a good introduction for public discussion.
b.David Kluge shared a few comments that are still need a solution. (1) The first being the Availability Targets. There should be some and they should defined in the SLO, but the question remains “Availability measured against what?” (2) Secondly, from a technical standpoint, most agreed that it would be great to have some objective reference point (a location of a measurable point), but there is still the missing problem of what such reference points should be.
i. Trevoli Ponds (Amazon Trust Services) agreed from the comments, that an example would be confusing. There should either be a minimum or no example in the BRs. If there has to be an example, one on the website would be satisfactory.
c. Discussion around the symbols in the examples in the draft ballot are not used by all. Examples were given between different CAs to explain how the symbols and values could be confusing.
i. The discussion focused on how clarification and understanding.
5. Ben Wilson Update
a. Ben Wilson (Mozilla) provided an update on the proposed changes he is currently working on.
**6. Other Business **
a. David Kluge (Google Trust Services) discussed the Risk Assessment that they Cloud Services Sub Group has been working on. A couple of weeks ago it was suggested that they use Microsoft Stride to document risk scenarios. Trevoli Ponds (Amazon Trust Services) has a contact that can assist in helping with this task.