CA/Browser Forum posts
Posts by author Clint Wilson
2022-08-30 Minutes of the Network Security Working Group
August 30, 2022 by Clint WilsonNetwork Security Working Group – August 30, 2022 Antitrust Statement was read by Clint. Roll Call: Clint Wilson; Ben Wilson; Jozef Nigut – Disig; Tim Hollebeek; Adam Jones – Microsoft; Christophe Bonjean – GlobalSign; Joanna Fox – TrustCor; Corey Bonnell; Corey Rasmussen – OATI; Dustin Hollenback – Microsoft; Ruben Annemans – GlobalSign; Tobias Josefowitz – Opera; Aaron Poulsen – Amazon Trust Services; Jillian Karner – Let’s Encrypt / ISRG; Tobias Josefowitz; Paul van Brouwershaven – Entrust; Rebecca Kelley; Prachi Jain – Fastly; Tim Crawford – BDO; Daryn Wright – GoDaddy; David Kluge; Trevoli – Amazon Trust Services; Wendy Brown – FPKI; Iñigo Barreira – Sectigo; Kiran Tummala – Microsoft; Bruce Morton – Entrust; Pedro Fuentes – OISTE.
August 30, 2022 by Clint WilsonNetwork Security Working Group – August 30, 2022 Antitrust Statement was read by Clint. Roll Call: Clint Wilson; Ben Wilson; Jozef Nigut – Disig; Tim Hollebeek; Adam Jones – Microsoft; Christophe Bonjean – GlobalSign; Joanna Fox – TrustCor; Corey Bonnell; Corey Rasmussen – OATI; Dustin Hollenback – Microsoft; Ruben Annemans – GlobalSign; Tobias Josefowitz – Opera; Aaron Poulsen – Amazon Trust Services; Jillian Karner – Let’s Encrypt / ISRG; Tobias Josefowitz; Paul van Brouwershaven – Entrust; Rebecca Kelley; Prachi Jain – Fastly; Tim Crawford – BDO; Daryn Wright – GoDaddy; David Kluge; Trevoli – Amazon Trust Services; Wendy Brown – FPKI; Iñigo Barreira – Sectigo; Kiran Tummala – Microsoft; Bruce Morton – Entrust; Pedro Fuentes – OISTE.
2022-08-16 Minutes of the Network Security Working Group
August 16, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance: Adam Jones – Microsoft Aaron Poulsen – Amazon Trust Services Ben Wilson – Mozilla Bruce Morton – entrust Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – Go Daddy Dustin Hollenback – Microsoft Joanna Fox – TrustCor Kiran Tummala – Microsoft Rebecca Kelley – Apple Ruben Annemans – GlobalSign Tim Crawford – BDO Tobias Josefowitz – Opera Trevoli Ponds – Amazon Trust Services Wendy Brown – FPKI
August 16, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance: Adam Jones – Microsoft Aaron Poulsen – Amazon Trust Services Ben Wilson – Mozilla Bruce Morton – entrust Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – Go Daddy Dustin Hollenback – Microsoft Joanna Fox – TrustCor Kiran Tummala – Microsoft Rebecca Kelley – Apple Ruben Annemans – GlobalSign Tim Crawford – BDO Tobias Josefowitz – Opera Trevoli Ponds – Amazon Trust Services Wendy Brown – FPKI
2022-08-02 Minutes of the Network Security Working Group
August 2, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance Aaron Poulsen – Amazon Amanda Mendieta – Apple Chris Kemmerer – SSL.com{.} Clint Wilson – Apple Corey Bonnell – Digicert Corey Rasmussen – OATI David Kluge – Google Dustin Hollenback – Microsoft Inigo Barreira – Sectigo Jozef Nigut – Disig Kiran Tummala – Microsoft Michelle Coon – OATI Pedro Fuentes – OISTE Foundation Prachi Jain – Fastly Rebecca Kelley – Apple Tony Seymour – Comsign Minutes Read Antitrust Statement Clint Wilson Read the antitrust statement Roll Call Clint Wilson took attendance Review Agenda Approved minutes from previous meeting No discussion topics were raised.
August 2, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance Aaron Poulsen – Amazon Amanda Mendieta – Apple Chris Kemmerer – SSL.com{.} Clint Wilson – Apple Corey Bonnell – Digicert Corey Rasmussen – OATI David Kluge – Google Dustin Hollenback – Microsoft Inigo Barreira – Sectigo Jozef Nigut – Disig Kiran Tummala – Microsoft Michelle Coon – OATI Pedro Fuentes – OISTE Foundation Prachi Jain – Fastly Rebecca Kelley – Apple Tony Seymour – Comsign Minutes Read Antitrust Statement Clint Wilson Read the antitrust statement Roll Call Clint Wilson took attendance Review Agenda Approved minutes from previous meeting No discussion topics were raised.
2022-07-19 Minutes of the Network Security Working Group
July 19, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance Aaron Poulsen – Amazon Adam Jones – Microsoft Amanda Mendieta – Apple Ben Wilson – Mozilla Bruce Morton – entrust Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – GoDaddy David Kluge – Google Trust Services Iñigo Barreira – Sectigo Janet Hines – SecureTrust Jillian Karner – Let’s Encrypt Jozef Nigut – Disig Marcelo Silva – Visa Prachi Jain – Fastly Rebecca Kelley – Apple Tobias Josefowitz – Opera Tony Seymour – Comsign Trevoli Ponds – Amazon Trust Services Minutes 1.
July 19, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance Aaron Poulsen – Amazon Adam Jones – Microsoft Amanda Mendieta – Apple Ben Wilson – Mozilla Bruce Morton – entrust Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – GoDaddy David Kluge – Google Trust Services Iñigo Barreira – Sectigo Janet Hines – SecureTrust Jillian Karner – Let’s Encrypt Jozef Nigut – Disig Marcelo Silva – Visa Prachi Jain – Fastly Rebecca Kelley – Apple Tobias Josefowitz – Opera Tony Seymour – Comsign Trevoli Ponds – Amazon Trust Services Minutes 1.
2022-06-21 Minutes of the Network Security Working Group
June 21, 2022 by Clint WilsonNetSec Working Group – June 21st, 2022 Attendees: Clint Wilson Joanna Fox Thomas Connelly Roman Fischer Ruben Annemans Brittany Randall Prachi Jain Corey Bonnell Paul Van Brouwershaven Aaron Poulsen Trevoli Ponds-White Jillian Karner Ben Wilson Janet Hines Marcelo Silva Dustin Hollenback David Kluge Steven Deitte Daniel Jeffery Tim Crawford Kiran Tummala Rebecca Kelley Daryn Wright Chris Kemmerer Inigo Barreira 1. Read Antitrust Statement Clint Wilson read the antitrust statement. Roll Call Clint Wilson read the roll.
June 21, 2022 by Clint WilsonNetSec Working Group – June 21st, 2022 Attendees: Clint Wilson Joanna Fox Thomas Connelly Roman Fischer Ruben Annemans Brittany Randall Prachi Jain Corey Bonnell Paul Van Brouwershaven Aaron Poulsen Trevoli Ponds-White Jillian Karner Ben Wilson Janet Hines Marcelo Silva Dustin Hollenback David Kluge Steven Deitte Daniel Jeffery Tim Crawford Kiran Tummala Rebecca Kelley Daryn Wright Chris Kemmerer Inigo Barreira 1. Read Antitrust Statement Clint Wilson read the antitrust statement. Roll Call Clint Wilson read the roll.
2022-05-24 Minutes of the Network Security Working Group
May 24, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance Aaron Poulsen – Amazon Antti Backman – Telia Ben Wilson – Mozilla Bruce Morton – entrust Christopher Bonjean – GlobalSign Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – GoDaddy Dustin Hollenback – Microsoft Iñigo Barreira – Sectigo Janet Hines – SecureTrust Jillian Karner – Let’s Encrypt Jozef Nigut – Disig Marcelo Silva – Visa Paul van Brouwershaven – Entrust Prachi Jain – Fastly Rebecca Kelley – Apple Roman Fischer – SwissSign Ruben Annemans – GlobalSign Tim Hollebeek – DigiCert Trevoli Ponds – Amazon Trust Services Minutes 1.
May 24, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance Aaron Poulsen – Amazon Antti Backman – Telia Ben Wilson – Mozilla Bruce Morton – entrust Christopher Bonjean – GlobalSign Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – GoDaddy Dustin Hollenback – Microsoft Iñigo Barreira – Sectigo Janet Hines – SecureTrust Jillian Karner – Let’s Encrypt Jozef Nigut – Disig Marcelo Silva – Visa Paul van Brouwershaven – Entrust Prachi Jain – Fastly Rebecca Kelley – Apple Roman Fischer – SwissSign Ruben Annemans – GlobalSign Tim Hollebeek – DigiCert Trevoli Ponds – Amazon Trust Services Minutes 1.
2022-05-10 Minutes of the Network Security Working Group
May 10, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance: Adam Jones – Microsoft Aaron P – Amazon Ben Wilson – Mozilla Bruce Morton – entrust Brittany Randall – GoDaddy Christopher Bonjean – GlobalSign Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – GoDaddy David Kluge – Google Trust Services Dustin Hollenback – Microsoft Iñigo Barreira – Sectigo Jillian Karner – Let’s Encrypt Joanna Fox – TrustCor Jozef Nigut – Disig Kiran Tummala – Microsoft Marcelo Silva – Visa Paul van Brouwershaven – Entrust Rebecca Kelley – Apple Roman Fischer – SwissSign Ruben Annemans – GlobalSign Tim Crawford – BDO Tobias Josefowitz – Opera Tony Seymour – Comsign Trevoli Ponds – Amazon Trust Services Minutes 1.
May 10, 2022 by Clint WilsonCA/Browser Forum NetSec Meeting Attendance: Adam Jones – Microsoft Aaron P – Amazon Ben Wilson – Mozilla Bruce Morton – entrust Brittany Randall – GoDaddy Christopher Bonjean – GlobalSign Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – GoDaddy David Kluge – Google Trust Services Dustin Hollenback – Microsoft Iñigo Barreira – Sectigo Jillian Karner – Let’s Encrypt Joanna Fox – TrustCor Jozef Nigut – Disig Kiran Tummala – Microsoft Marcelo Silva – Visa Paul van Brouwershaven – Entrust Rebecca Kelley – Apple Roman Fischer – SwissSign Ruben Annemans – GlobalSign Tim Crawford – BDO Tobias Josefowitz – Opera Tony Seymour – Comsign Trevoli Ponds – Amazon Trust Services Minutes 1.
2022-04-26 Minute of the Network Security Working Group
April 26, 2022 by Clint WilsonAttendance Adam Jones – Microsoft Antti Backman – Telia Ben Wilson – Mozilla Bruce Morton – entrust Christopher Bonjean – GlobalSign Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI David Kluge – Google Trust Services Iñigo Barreira – Sectigo Joanna Fox – TrustCor Jozef Nigut – Disig Paul van Brouwershaven – Entrust Prachi Jain – Fastly Rebecca Kelley – Apple Roman Fischer – SwissSign Ruben Annemans – GlobalSign Tim Crawford – BDO Tobias Josefowitz – Opera Tony Seymour – Comsign Trevoli Ponds – Amazon Trust Services Minutes 1.
April 26, 2022 by Clint WilsonAttendance Adam Jones – Microsoft Antti Backman – Telia Ben Wilson – Mozilla Bruce Morton – entrust Christopher Bonjean – GlobalSign Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI David Kluge – Google Trust Services Iñigo Barreira – Sectigo Joanna Fox – TrustCor Jozef Nigut – Disig Paul van Brouwershaven – Entrust Prachi Jain – Fastly Rebecca Kelley – Apple Roman Fischer – SwissSign Ruben Annemans – GlobalSign Tim Crawford – BDO Tobias Josefowitz – Opera Tony Seymour – Comsign Trevoli Ponds – Amazon Trust Services Minutes 1.
2022-04-12 Minutes of the Network Security Working Group
April 12, 2022 by Clint WilsonNetSec Working Group – April 12th, 2022 Attendees: Antti Backman Adam Jones Ben Wilson Brittany Randall Bruce Morton Clint Wilson Corey Bonnell Corey Rasmussen Christophe Bonjean Daryn Wright David Kluge Dustin Hollenback Heather Warncke Jillian Karner Joanna Fox Jozef Nigut Prachi Jain Tim Crawford Tony Seymour Trevoli Ponds-White 1. Read Antitrust Statement Clint Wilson read the antitrust statement. Roll Call Clint Wilson read the roll. 3. Discussion Items a. We currently don’t have any ballots in discussion.
April 12, 2022 by Clint WilsonNetSec Working Group – April 12th, 2022 Attendees: Antti Backman Adam Jones Ben Wilson Brittany Randall Bruce Morton Clint Wilson Corey Bonnell Corey Rasmussen Christophe Bonjean Daryn Wright David Kluge Dustin Hollenback Heather Warncke Jillian Karner Joanna Fox Jozef Nigut Prachi Jain Tim Crawford Tony Seymour Trevoli Ponds-White 1. Read Antitrust Statement Clint Wilson read the antitrust statement. Roll Call Clint Wilson read the roll. 3. Discussion Items a. We currently don’t have any ballots in discussion.
2022-03-29 Minutes of the Network Security Working Group
March 29, 2022 by Clint Wilson2022-03-29 | CABF NetSecWG Minutes Attendees: Adam Jones, Antti Backman, Ben Wilson, Brittany Randall, Bruce Morton, Clint Wilson, Corey Bonnell, Daniel Jeffery, Daryn Wright, David Kluge, Dustin Hollenback, Inigo Barreira, Jillian Karner, Joanna Fox, Jozef Nigut, Kiran Tumala, Marcelo Silva, Pedro Fuentes, Rebecca Kelley, Ruben Annemans, Thomas Connelly, Tim Crawford, Tobias Josefowitz, Tony Seymour, Trevoli Ponds-White Minutes Clint Wilson reads anti-trust statement, verifies recording Dan Jeffery volunteers to take minutes Approval of last meeting minutes Settled on Wednesday 9am Pacific time for this meeting Discussion of Ben’s progress on better defining offline and high security zones Ben asked us to follow up with him during the week to help him stay focused Clint offered to ping later in the week Transition to discussing the risk assessment work Dan presents current progress green striped the new assets tab discussed environment definitions discussed the structure of the tabs now explanation of the concept of green-striped tabs next tab to focus is the scoring explanations tab Discussion of whether we should do further work here Marcello asks a question as to whether root CA and offline CA should be different assessments Clarification that root CA and offline CA will be the same Call for questions Clint identifies some internal resources would be happy to engage and help us refine the risk assessment, when should we do that once we have green stripes done would be one good point, once we have the offline/root CA done would be another good point probably within the next week or two discussion of how that will be done, Clint will see how they want to do it David points out that there has been little progress on filling out scenarios that people had volunteered to look at can we pick what to focus on look at the doc and find the pages David looks over the items and suggests picking one Some discussion of which to pick with Trev, David and Dan Trev will take an unassigned category tomorrow Trev points out we don’t have anything else today Agree to discuss the assets tab right now since it’s ‘done’ quick recap of what green stripe/done means Sharing of assets tab and discussion of how we got to this list Take five minutes to let everyone read over the current assets Marcello raises concern with the data transfer capabilities and underlying software assets covering too much and us missing things Trev and Dan responds and long discussion with Marcello about why the categories are organised as they are Marcello agrees to make a comment on items on how he thinks they could be broken up so we can review them Trev suggests putting a comment on the column heading to explain the contents and purpose better Marcello raises line 21 to understand why registration is with OCSP and CRL explain the grouping as to why they are set up how they are (to reflect the types of risks and exposure the things in the environment are exposed to) Further question and discussion of the meaning of the OCSP, CRL registration environment discussion of how to best represent the environments and transitions between them discussion of line 9 and where data is included at should we have a different environment for transitions between environments discussion of recombining software fields Clint calls time and agreement to continue discussion in tomorrow’s working group meeting.
March 29, 2022 by Clint Wilson2022-03-29 | CABF NetSecWG Minutes Attendees: Adam Jones, Antti Backman, Ben Wilson, Brittany Randall, Bruce Morton, Clint Wilson, Corey Bonnell, Daniel Jeffery, Daryn Wright, David Kluge, Dustin Hollenback, Inigo Barreira, Jillian Karner, Joanna Fox, Jozef Nigut, Kiran Tumala, Marcelo Silva, Pedro Fuentes, Rebecca Kelley, Ruben Annemans, Thomas Connelly, Tim Crawford, Tobias Josefowitz, Tony Seymour, Trevoli Ponds-White Minutes Clint Wilson reads anti-trust statement, verifies recording Dan Jeffery volunteers to take minutes Approval of last meeting minutes Settled on Wednesday 9am Pacific time for this meeting Discussion of Ben’s progress on better defining offline and high security zones Ben asked us to follow up with him during the week to help him stay focused Clint offered to ping later in the week Transition to discussing the risk assessment work Dan presents current progress green striped the new assets tab discussed environment definitions discussed the structure of the tabs now explanation of the concept of green-striped tabs next tab to focus is the scoring explanations tab Discussion of whether we should do further work here Marcello asks a question as to whether root CA and offline CA should be different assessments Clarification that root CA and offline CA will be the same Call for questions Clint identifies some internal resources would be happy to engage and help us refine the risk assessment, when should we do that once we have green stripes done would be one good point, once we have the offline/root CA done would be another good point probably within the next week or two discussion of how that will be done, Clint will see how they want to do it David points out that there has been little progress on filling out scenarios that people had volunteered to look at can we pick what to focus on look at the doc and find the pages David looks over the items and suggests picking one Some discussion of which to pick with Trev, David and Dan Trev will take an unassigned category tomorrow Trev points out we don’t have anything else today Agree to discuss the assets tab right now since it’s ‘done’ quick recap of what green stripe/done means Sharing of assets tab and discussion of how we got to this list Take five minutes to let everyone read over the current assets Marcello raises concern with the data transfer capabilities and underlying software assets covering too much and us missing things Trev and Dan responds and long discussion with Marcello about why the categories are organised as they are Marcello agrees to make a comment on items on how he thinks they could be broken up so we can review them Trev suggests putting a comment on the column heading to explain the contents and purpose better Marcello raises line 21 to understand why registration is with OCSP and CRL explain the grouping as to why they are set up how they are (to reflect the types of risks and exposure the things in the environment are exposed to) Further question and discussion of the meaning of the OCSP, CRL registration environment discussion of how to best represent the environments and transitions between them discussion of line 9 and where data is included at should we have a different environment for transitions between environments discussion of recombining software fields Clint calls time and agreement to continue discussion in tomorrow’s working group meeting.