Attendees: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lynn Jeun (Visa), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services)
1. Read Antitrust Statement
Jos Purvis read the antitrust statement.
2. Review Agenda
No changes were made to the agenda.
3. Approval of Minutes from Last Teleconference
Minutes of September 1st were approved.
On the last call we approved minutes from Aug 18th however, those minutes had not been published yet. Hence we cannot approve them. Karina will work to get those published.
4. Forum Infrastructure report
Jos gave the report. Mew Membership tool is up and running. Webex integration requires a special license. Cutover plan to new system discussed. Oct 1st is the target date to make the old system read only. Ballots will also be tabulated in the new tool. Future integrations with Mailman are planned but will require an upgrade of our system. Admin emails are going to a special mailbox.
Working on upgrading php with GoDaddy.
5. Code Signing Working Group report
Bruce gave the report. Microsoft proposed moving the date to require keys on hardware to fall 2023. After discussion, it was decided to move that to June 2023. This will help provide some relief to those trying to become compliant. A new ballot is in process. Still working on signing service updates, malware proposals and timestamping.
6. S/MIME report
Stephen Davidson gave the report. Formal discussion period for the ballot is underway with much discussion taking place. A number of items have been raised toward the end of the discussion period. Some are minor but others involve more discussion. Hence there will likely be a delay going into ballot. This is not unusual, given this is the first version of this standard. Some minor changes include references to outdated ETSI standards. Effective date is 10 months from now so if something is found before then, changes can be made without affecting that date.
7. NetSec report
Clint gave the update. Working on risk assessment. Group would like to pause and gather feedback on it. Looked at air gap system requirements for NSSRs. Not quite finished but making progress.
8. Any other business
The face to face meeting is capped at 60 people but we have 63 signed up and 21 remote. Dean is talking to the host about expanding capacity to 70 but if that is not possible, we will have to limit the number of guests. Then we will have to go to the member list and limit the number of members from individual companies. A draft agenda has been published, with a start time of 11am local time with a 4pm end time (possibly longer for working groups). Dean is looking for topics to add to the agenda. The CA Day and TSP Day signups are open for Thursday and Friday that week.
Nominations Status: Forum Chair nominations are in and voting period will start soon. Vice Chair nominations will start soon.