CA/Browser Forum posts
Posts by author Clint Wilson
2022-03-29 Minutes of the Network Security Working Group
March 29, 2022 by Clint Wilson2022-03-29 | CABF NetSecWG Minutes Attendees: Adam Jones, Antti Backman, Ben Wilson, Brittany Randall, Bruce Morton, Clint Wilson, Corey Bonnell, Daniel Jeffery, Daryn Wright, David Kluge, Dustin Hollenback, Inigo Barreira, Jillian Karner, Joanna Fox, Jozef Nigut, Kiran Tumala, Marcelo Silva, Pedro Fuentes, Rebecca Kelley, Ruben Annemans, Thomas Connelly, Tim Crawford, Tobias Josefowitz, Tony Seymour, Trevoli Ponds-White Minutes Clint Wilson reads anti-trust statement, verifies recording Dan Jeffery volunteers to take minutes Approval of last meeting minutes Settled on Wednesday 9am Pacific time for this meeting Discussion of Ben’s progress on better defining offline and high security zones Ben asked us to follow up with him during the week to help him stay focused Clint offered to ping later in the week Transition to discussing the risk assessment work Dan presents current progress green striped the new assets tab discussed environment definitions discussed the structure of the tabs now explanation of the concept of green-striped tabs next tab to focus is the scoring explanations tab Discussion of whether we should do further work here Marcello asks a question as to whether root CA and offline CA should be different assessments Clarification that root CA and offline CA will be the same Call for questions Clint identifies some internal resources would be happy to engage and help us refine the risk assessment, when should we do that once we have green stripes done would be one good point, once we have the offline/root CA done would be another good point probably within the next week or two discussion of how that will be done, Clint will see how they want to do it David points out that there has been little progress on filling out scenarios that people had volunteered to look at can we pick what to focus on look at the doc and find the pages David looks over the items and suggests picking one Some discussion of which to pick with Trev, David and Dan Trev will take an unassigned category tomorrow Trev points out we don’t have anything else today Agree to discuss the assets tab right now since it’s ‘done’ quick recap of what green stripe/done means Sharing of assets tab and discussion of how we got to this list Take five minutes to let everyone read over the current assets Marcello raises concern with the data transfer capabilities and underlying software assets covering too much and us missing things Trev and Dan responds and long discussion with Marcello about why the categories are organised as they are Marcello agrees to make a comment on items on how he thinks they could be broken up so we can review them Trev suggests putting a comment on the column heading to explain the contents and purpose better Marcello raises line 21 to understand why registration is with OCSP and CRL explain the grouping as to why they are set up how they are (to reflect the types of risks and exposure the things in the environment are exposed to) Further question and discussion of the meaning of the OCSP, CRL registration environment discussion of how to best represent the environments and transitions between them discussion of line 9 and where data is included at should we have a different environment for transitions between environments discussion of recombining software fields Clint calls time and agreement to continue discussion in tomorrow’s working group meeting.
March 29, 2022 by Clint Wilson2022-03-29 | CABF NetSecWG Minutes Attendees: Adam Jones, Antti Backman, Ben Wilson, Brittany Randall, Bruce Morton, Clint Wilson, Corey Bonnell, Daniel Jeffery, Daryn Wright, David Kluge, Dustin Hollenback, Inigo Barreira, Jillian Karner, Joanna Fox, Jozef Nigut, Kiran Tumala, Marcelo Silva, Pedro Fuentes, Rebecca Kelley, Ruben Annemans, Thomas Connelly, Tim Crawford, Tobias Josefowitz, Tony Seymour, Trevoli Ponds-White Minutes Clint Wilson reads anti-trust statement, verifies recording Dan Jeffery volunteers to take minutes Approval of last meeting minutes Settled on Wednesday 9am Pacific time for this meeting Discussion of Ben’s progress on better defining offline and high security zones Ben asked us to follow up with him during the week to help him stay focused Clint offered to ping later in the week Transition to discussing the risk assessment work Dan presents current progress green striped the new assets tab discussed environment definitions discussed the structure of the tabs now explanation of the concept of green-striped tabs next tab to focus is the scoring explanations tab Discussion of whether we should do further work here Marcello asks a question as to whether root CA and offline CA should be different assessments Clarification that root CA and offline CA will be the same Call for questions Clint identifies some internal resources would be happy to engage and help us refine the risk assessment, when should we do that once we have green stripes done would be one good point, once we have the offline/root CA done would be another good point probably within the next week or two discussion of how that will be done, Clint will see how they want to do it David points out that there has been little progress on filling out scenarios that people had volunteered to look at can we pick what to focus on look at the doc and find the pages David looks over the items and suggests picking one Some discussion of which to pick with Trev, David and Dan Trev will take an unassigned category tomorrow Trev points out we don’t have anything else today Agree to discuss the assets tab right now since it’s ‘done’ quick recap of what green stripe/done means Sharing of assets tab and discussion of how we got to this list Take five minutes to let everyone read over the current assets Marcello raises concern with the data transfer capabilities and underlying software assets covering too much and us missing things Trev and Dan responds and long discussion with Marcello about why the categories are organised as they are Marcello agrees to make a comment on items on how he thinks they could be broken up so we can review them Trev suggests putting a comment on the column heading to explain the contents and purpose better Marcello raises line 21 to understand why registration is with OCSP and CRL explain the grouping as to why they are set up how they are (to reflect the types of risks and exposure the things in the environment are exposed to) Further question and discussion of the meaning of the OCSP, CRL registration environment discussion of how to best represent the environments and transitions between them discussion of line 9 and where data is included at should we have a different environment for transitions between environments discussion of recombining software fields Clint calls time and agreement to continue discussion in tomorrow’s working group meeting.
2022-03-15 Minutes of the Network Security Working Group
March 15, 2022 by Clint WilsonAttendance: Adam Jones – Microsoft Ben Wilson – Mozilla Brittany Randall – Go Daddy Bruce Morton – Entrust Christophe Bonjean – GlobalSign Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – Go Daddy David Kluge – Google Trust Services Don Sheehy – WebTrust Dustin Hollenback – Microsoft Jeff Ward – CPA Canada/WebTrust Jillian Karner – Let’s Encrypt Joanna Fox – TrustCor Jozef Nigut – Disig Kiran Tummala – Microsoft Marcelo Silva – Visa Pedro Fuentes – OISTE Prachi Jain – Fastly Rebecca Kelley – Apple Ruben Annemans – GlobalSign Shwetagaur – Go Daddy Trevoli Ponds-White – Amazon Trust Services
March 15, 2022 by Clint WilsonAttendance: Adam Jones – Microsoft Ben Wilson – Mozilla Brittany Randall – Go Daddy Bruce Morton – Entrust Christophe Bonjean – GlobalSign Clint Wilson – Apple Corey Bonnell – DigiCert Corey Rasmussen – OATI Daryn Wright – Go Daddy David Kluge – Google Trust Services Don Sheehy – WebTrust Dustin Hollenback – Microsoft Jeff Ward – CPA Canada/WebTrust Jillian Karner – Let’s Encrypt Joanna Fox – TrustCor Jozef Nigut – Disig Kiran Tummala – Microsoft Marcelo Silva – Visa Pedro Fuentes – OISTE Prachi Jain – Fastly Rebecca Kelley – Apple Ruben Annemans – GlobalSign Shwetagaur – Go Daddy Trevoli Ponds-White – Amazon Trust Services
2022-03-01 Minutes of the Network Security Working Group
March 1, 2022 by Clint WilsonNetSec Working Group – March 1, 2022 Attendees: Antti Backman Ben Wilson Brittany Randall Bruce Morton Clint Wilson Corey Bonnell Daryn Wright Don Sheehy Dustin Hollenback Jillian Karner Joanna Fox Jozef Nigut Kati Davids Niko Carpenter Prachi Jain Pedro Fuentes Rebecca Kelley Ruben Anne Ryan Dickson Tim Crawford Tobias Josefowitz Trevoli Ponds-White Tyler Myers Christophe Bonjean 1. Read Antitrust Statement Clint Wilson read the antitrust statement. Roll Call Clint Wilson read the roll.
March 1, 2022 by Clint WilsonNetSec Working Group – March 1, 2022 Attendees: Antti Backman Ben Wilson Brittany Randall Bruce Morton Clint Wilson Corey Bonnell Daryn Wright Don Sheehy Dustin Hollenback Jillian Karner Joanna Fox Jozef Nigut Kati Davids Niko Carpenter Prachi Jain Pedro Fuentes Rebecca Kelley Ruben Anne Ryan Dickson Tim Crawford Tobias Josefowitz Trevoli Ponds-White Tyler Myers Christophe Bonjean 1. Read Antitrust Statement Clint Wilson read the antitrust statement. Roll Call Clint Wilson read the roll.
2022-02-15 Minutes of the Network Security Working Group
February 15, 2022 by Clint WilsonClint Wilson leading the meeting. Dustin Hollenback volunteered to take minutes. Clint Wilson read the anti-trust statement Attendees: Adam Jones (Microsoft), Antti Backman (Telia Company), Ben Wilson (Mozilla), Christophe Bonjean (GlobalSign), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Curt Spann (Apple), Daniel Jeffery (Fastly), Daryn Wright (GoDaddy), David Kluge (Google), Don Sheehy (WebTrust), Dustin Hollenback (Microsoft), Heather Warnke (Amazon Trust Services), Israel Ventura (US Federal PKI), Jillian Karner (Let’s Encrypt / ISRG), Joanna Fox (TrustCor), Jozef Nigut (Disig), Marcelo Silva (Visa), Thomas Connelly (US Federal PKI), Tim Crawford (WebTrust), Prachi Jain (Fastly), Rebecca Kelley (Apple), Ruben Annemans, Tobias Josefowitz (Opera), Tony Seymour (Comsign), Trevoli Ponds-White (Amazon Trust Services)
February 15, 2022 by Clint WilsonClint Wilson leading the meeting. Dustin Hollenback volunteered to take minutes. Clint Wilson read the anti-trust statement Attendees: Adam Jones (Microsoft), Antti Backman (Telia Company), Ben Wilson (Mozilla), Christophe Bonjean (GlobalSign), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Curt Spann (Apple), Daniel Jeffery (Fastly), Daryn Wright (GoDaddy), David Kluge (Google), Don Sheehy (WebTrust), Dustin Hollenback (Microsoft), Heather Warnke (Amazon Trust Services), Israel Ventura (US Federal PKI), Jillian Karner (Let’s Encrypt / ISRG), Joanna Fox (TrustCor), Jozef Nigut (Disig), Marcelo Silva (Visa), Thomas Connelly (US Federal PKI), Tim Crawford (WebTrust), Prachi Jain (Fastly), Rebecca Kelley (Apple), Ruben Annemans, Tobias Josefowitz (Opera), Tony Seymour (Comsign), Trevoli Ponds-White (Amazon Trust Services)
2022-02-01 Minutes of the Network Security Working Group
February 1, 2022 by Clint WilsonClint Wilson leading the meeting. Request a volunteer for minutes. Dan Jeffery volunteers. Clint reads the antitrust statement Attendees: Adam Jones, Antti Backman, Ben Wilson, Brittany Randal, Christophe Bonjean, Clint Wilson, Corey Bonnell, Corey Rasmussen, Curt Spann, Daniel Jeffery, Daryn Wright, David Kluge, Dustin Hollenback, Israel Ventura, Jillian Karner, Kati Davids, Martjin Katerbarg, Niko Carpenter, Prachi Jain, Roman Fischer, Ruben Annemans, Thomas Connelly, Tim Crawford, Tobias Josefowitz, Tony Seymour, Trevoli Ponds-White
February 1, 2022 by Clint WilsonClint Wilson leading the meeting. Request a volunteer for minutes. Dan Jeffery volunteers. Clint reads the antitrust statement Attendees: Adam Jones, Antti Backman, Ben Wilson, Brittany Randal, Christophe Bonjean, Clint Wilson, Corey Bonnell, Corey Rasmussen, Curt Spann, Daniel Jeffery, Daryn Wright, David Kluge, Dustin Hollenback, Israel Ventura, Jillian Karner, Kati Davids, Martjin Katerbarg, Niko Carpenter, Prachi Jain, Roman Fischer, Ruben Annemans, Thomas Connelly, Tim Crawford, Tobias Josefowitz, Tony Seymour, Trevoli Ponds-White