CA/Browser Forum posts
2022-04-14 Minutes of the CA/Browser Forum Teleconference
April 14, 2022 by Jos PurvisOpening Procedures – Dean Roll Call Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Inaba Atsushi (GlobalSign), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Khairil Nizam Abdul Malek (MSC Trustgate Sdn Bhd), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services)
April 14, 2022 by Jos PurvisOpening Procedures – Dean Roll Call Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Inaba Atsushi (GlobalSign), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Khairil Nizam Abdul Malek (MSC Trustgate Sdn Bhd), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services)
2022-04-14 Minutes of the Server Certificate Working Group
April 14, 2022 by Jos PurvisAttendees Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Inaba Atsushi (GlobalSign), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Khairil Nizam Abdul Malek (MSC Trustgate Sdn Bhd), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services)
April 14, 2022 by Jos PurvisAttendees Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Inaba Atsushi (GlobalSign), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Khairil Nizam Abdul Malek (MSC Trustgate Sdn Bhd), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Yoshiro Yoneya (Japan Registry Services)
2022-04-13 Minutes of the S/MIME Certificate Working Group
April 13, 2022 by Stephen DavidsonMinutes of SMCWG April 13, 2022 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller (SwissSign), Andreas Henschel (D-TRUST), Ashish Dhiman (GlobalSign), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dimitris Zacharopoulos (HARICA), Don Sheehy (CPA Canada/WebTrust), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Martijn Katerbarg (Sectigo), Matthias Wiedenhorst (ACAB Council), Mauricio Fernandez (TeleTrust), Morad Abou Naser (TeleTrust), Patrycja Tulinska (PSW), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Pekka Lahtiharju (Telia Company), Rebecca Kelley (Apple), Stefan Selbitschka (runQuadrat), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Connelly (US Federal PKI Management Authority), Tsung-Min Kuo (Chunghwa Telecom), Wendy Brown (US Federal PKI Management Authority)
April 13, 2022 by Stephen DavidsonMinutes of SMCWG April 13, 2022 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller (SwissSign), Andreas Henschel (D-TRUST), Ashish Dhiman (GlobalSign), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dimitris Zacharopoulos (HARICA), Don Sheehy (CPA Canada/WebTrust), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Martijn Katerbarg (Sectigo), Matthias Wiedenhorst (ACAB Council), Mauricio Fernandez (TeleTrust), Morad Abou Naser (TeleTrust), Patrycja Tulinska (PSW), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Pekka Lahtiharju (Telia Company), Rebecca Kelley (Apple), Stefan Selbitschka (runQuadrat), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Connelly (US Federal PKI Management Authority), Tsung-Min Kuo (Chunghwa Telecom), Wendy Brown (US Federal PKI Management Authority)
2022-04-12 Minutes of the Network Security Working Group
April 12, 2022 by Clint WilsonNetSec Working Group – April 12th, 2022 Attendees: Antti Backman Adam Jones Ben Wilson Brittany Randall Bruce Morton Clint Wilson Corey Bonnell Corey Rasmussen Christophe Bonjean Daryn Wright David Kluge Dustin Hollenback Heather Warncke Jillian Karner Joanna Fox Jozef Nigut Prachi Jain Tim Crawford Tony Seymour Trevoli Ponds-White 1. Read Antitrust Statement Clint Wilson read the antitrust statement. Roll Call Clint Wilson read the roll. 3. Discussion Items a. We currently don’t have any ballots in discussion.
April 12, 2022 by Clint WilsonNetSec Working Group – April 12th, 2022 Attendees: Antti Backman Adam Jones Ben Wilson Brittany Randall Bruce Morton Clint Wilson Corey Bonnell Corey Rasmussen Christophe Bonjean Daryn Wright David Kluge Dustin Hollenback Heather Warncke Jillian Karner Joanna Fox Jozef Nigut Prachi Jain Tim Crawford Tony Seymour Trevoli Ponds-White 1. Read Antitrust Statement Clint Wilson read the antitrust statement. Roll Call Clint Wilson read the roll. 3. Discussion Items a. We currently don’t have any ballots in discussion.
2022-04-07 Minutes of the Code Signing Certificate Working Group
April 7, 2022 by Corey BonnellAttendees Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Mohit Kumar (GlobalSign), Tim Crawford (CPA Canada/WebTrust) Minute-taker: Tim Crawford Minutes Antitrust Statement: Read by Dean Minutes for the March 24th meetings were approved Interested party application from Insta Oy No comment was offered, and the application was accepted. Updates on Ballot CSC-13 – Private Key Protection Bruce mentioned that the ballot received eight (8) votes and is deemed to have passed.
April 7, 2022 by Corey BonnellAttendees Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Mohit Kumar (GlobalSign), Tim Crawford (CPA Canada/WebTrust) Minute-taker: Tim Crawford Minutes Antitrust Statement: Read by Dean Minutes for the March 24th meetings were approved Interested party application from Insta Oy No comment was offered, and the application was accepted. Updates on Ballot CSC-13 – Private Key Protection Bruce mentioned that the ballot received eight (8) votes and is deemed to have passed.
Ballot CSC-13 – Update to Subscriber Key Protection Requirements
April 6, 2022 by Corey BonnellResults of Review Period (Mailing list post is available here.) The review period has ended and no exclusion notices were filed. The final documents, with the effective date being 2022-05-09, are available here. Results of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers Certum (Asseco), DigiCert, eMudhra, Entrust, HARICA, Sectigo, SSL.com Certificate Consumers Microsoft The ballot has PASSED. Purpose of the Ballot Update the subscriber private key protection requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.
April 6, 2022 by Corey BonnellResults of Review Period (Mailing list post is available here.) The review period has ended and no exclusion notices were filed. The final documents, with the effective date being 2022-05-09, are available here. Results of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers Certum (Asseco), DigiCert, eMudhra, Entrust, HARICA, Sectigo, SSL.com Certificate Consumers Microsoft The ballot has PASSED. Purpose of the Ballot Update the subscriber private key protection requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.
2022-03-31 Minutes of the CA/Browser Forum Teleconference
March 31, 2022 by Jos PurvisAttendees Adam Jones (Microsoft), Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Ben Wilson (Mozilla), Brian Keogh (Microsoft), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Hogeun Yoo (NAVER Cloud), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Miguel Sanchez (Google), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Ryan Dickson (Google), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)Read Antitrust Statement- Jos Purvis
March 31, 2022 by Jos PurvisAttendees Adam Jones (Microsoft), Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Ben Wilson (Mozilla), Brian Keogh (Microsoft), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Hogeun Yoo (NAVER Cloud), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Miguel Sanchez (Google), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Ryan Dickson (Google), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)Read Antitrust Statement- Jos Purvis
2022-03-31 Minutes of the Server Certificate Working Group
March 31, 2022 by Jos PurvisAttendees Adam Jones (Microsoft), Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Ben Wilson (Mozilla), Brian Keogh (Microsoft), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Hogeun Yoo (NAVER Cloud), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Miguel Sanchez (Google), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Ryan Dickson (Google), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
March 31, 2022 by Jos PurvisAttendees Adam Jones (Microsoft), Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Ben Wilson (Mozilla), Brian Keogh (Microsoft), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Heather Warncke (Amazon), Hogeun Yoo (NAVER Cloud), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Miguel Sanchez (Google), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Ryan Dickson (Google), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
2022-03-30 Minutes of the S/MIME Certificate Working Group
March 30, 2022 by Stephen DavidsonMinutes of SMCWG March 30, 2022 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller (SwissSign), Ashish Dhiman (GlobalSign), Bruce Morton (Entrust), Cade Cairns (Google), Clint Wilson (Apple), Corey Bonnell (Digicert), Daniel Zens (GlobalTrust), Dimitris Zacharopoulos (HARICA), Don Sheehy (CPA Canada/WebTrust), Eusebio Herrera (AC Camerfirma SA), Fotis Loukos (Google), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Li-Chun Chen (Chunghwa Telecom), Martijn Katerbarg (Sectigo), Mauricio Fernandez (TeleTrust), Mrugesh Chandarana (IdenTrust), Patrycja Tulinska (PSW), Pedro Fuentes (OISTE Foundation), Pekka Lahtiharju (Telia Company), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Connelly (US Federal PKI Management Authority), Tim Crawford (CPA Canada/WebTrust), Tsung-Min Kuo (Chunghwa Telecom), Wendy Brown (US Federal PKI Management Authority)
March 30, 2022 by Stephen DavidsonMinutes of SMCWG March 30, 2022 These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller (SwissSign), Ashish Dhiman (GlobalSign), Bruce Morton (Entrust), Cade Cairns (Google), Clint Wilson (Apple), Corey Bonnell (Digicert), Daniel Zens (GlobalTrust), Dimitris Zacharopoulos (HARICA), Don Sheehy (CPA Canada/WebTrust), Eusebio Herrera (AC Camerfirma SA), Fotis Loukos (Google), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Joanna Fox (TrustCor Systems), Li-Chun Chen (Chunghwa Telecom), Martijn Katerbarg (Sectigo), Mauricio Fernandez (TeleTrust), Mrugesh Chandarana (IdenTrust), Patrycja Tulinska (PSW), Pedro Fuentes (OISTE Foundation), Pekka Lahtiharju (Telia Company), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Connelly (US Federal PKI Management Authority), Tim Crawford (CPA Canada/WebTrust), Tsung-Min Kuo (Chunghwa Telecom), Wendy Brown (US Federal PKI Management Authority)
2022-03-29 Minutes of the Network Security Working Group
March 29, 2022 by Clint Wilson2022-03-29 | CABF NetSecWG Minutes Attendees: Adam Jones, Antti Backman, Ben Wilson, Brittany Randall, Bruce Morton, Clint Wilson, Corey Bonnell, Daniel Jeffery, Daryn Wright, David Kluge, Dustin Hollenback, Inigo Barreira, Jillian Karner, Joanna Fox, Jozef Nigut, Kiran Tumala, Marcelo Silva, Pedro Fuentes, Rebecca Kelley, Ruben Annemans, Thomas Connelly, Tim Crawford, Tobias Josefowitz, Tony Seymour, Trevoli Ponds-White Minutes Clint Wilson reads anti-trust statement, verifies recording Dan Jeffery volunteers to take minutes Approval of last meeting minutes Settled on Wednesday 9am Pacific time for this meeting Discussion of Ben’s progress on better defining offline and high security zones Ben asked us to follow up with him during the week to help him stay focused Clint offered to ping later in the week Transition to discussing the risk assessment work Dan presents current progress green striped the new assets tab discussed environment definitions discussed the structure of the tabs now explanation of the concept of green-striped tabs next tab to focus is the scoring explanations tab Discussion of whether we should do further work here Marcello asks a question as to whether root CA and offline CA should be different assessments Clarification that root CA and offline CA will be the same Call for questions Clint identifies some internal resources would be happy to engage and help us refine the risk assessment, when should we do that once we have green stripes done would be one good point, once we have the offline/root CA done would be another good point probably within the next week or two discussion of how that will be done, Clint will see how they want to do it David points out that there has been little progress on filling out scenarios that people had volunteered to look at can we pick what to focus on look at the doc and find the pages David looks over the items and suggests picking one Some discussion of which to pick with Trev, David and Dan Trev will take an unassigned category tomorrow Trev points out we don’t have anything else today Agree to discuss the assets tab right now since it’s ‘done’ quick recap of what green stripe/done means Sharing of assets tab and discussion of how we got to this list Take five minutes to let everyone read over the current assets Marcello raises concern with the data transfer capabilities and underlying software assets covering too much and us missing things Trev and Dan responds and long discussion with Marcello about why the categories are organised as they are Marcello agrees to make a comment on items on how he thinks they could be broken up so we can review them Trev suggests putting a comment on the column heading to explain the contents and purpose better Marcello raises line 21 to understand why registration is with OCSP and CRL explain the grouping as to why they are set up how they are (to reflect the types of risks and exposure the things in the environment are exposed to) Further question and discussion of the meaning of the OCSP, CRL registration environment discussion of how to best represent the environments and transitions between them discussion of line 9 and where data is included at should we have a different environment for transitions between environments discussion of recombining software fields Clint calls time and agreement to continue discussion in tomorrow’s working group meeting.
March 29, 2022 by Clint Wilson2022-03-29 | CABF NetSecWG Minutes Attendees: Adam Jones, Antti Backman, Ben Wilson, Brittany Randall, Bruce Morton, Clint Wilson, Corey Bonnell, Daniel Jeffery, Daryn Wright, David Kluge, Dustin Hollenback, Inigo Barreira, Jillian Karner, Joanna Fox, Jozef Nigut, Kiran Tumala, Marcelo Silva, Pedro Fuentes, Rebecca Kelley, Ruben Annemans, Thomas Connelly, Tim Crawford, Tobias Josefowitz, Tony Seymour, Trevoli Ponds-White Minutes Clint Wilson reads anti-trust statement, verifies recording Dan Jeffery volunteers to take minutes Approval of last meeting minutes Settled on Wednesday 9am Pacific time for this meeting Discussion of Ben’s progress on better defining offline and high security zones Ben asked us to follow up with him during the week to help him stay focused Clint offered to ping later in the week Transition to discussing the risk assessment work Dan presents current progress green striped the new assets tab discussed environment definitions discussed the structure of the tabs now explanation of the concept of green-striped tabs next tab to focus is the scoring explanations tab Discussion of whether we should do further work here Marcello asks a question as to whether root CA and offline CA should be different assessments Clarification that root CA and offline CA will be the same Call for questions Clint identifies some internal resources would be happy to engage and help us refine the risk assessment, when should we do that once we have green stripes done would be one good point, once we have the offline/root CA done would be another good point probably within the next week or two discussion of how that will be done, Clint will see how they want to do it David points out that there has been little progress on filling out scenarios that people had volunteered to look at can we pick what to focus on look at the doc and find the pages David looks over the items and suggests picking one Some discussion of which to pick with Trev, David and Dan Trev will take an unassigned category tomorrow Trev points out we don’t have anything else today Agree to discuss the assets tab right now since it’s ‘done’ quick recap of what green stripe/done means Sharing of assets tab and discussion of how we got to this list Take five minutes to let everyone read over the current assets Marcello raises concern with the data transfer capabilities and underlying software assets covering too much and us missing things Trev and Dan responds and long discussion with Marcello about why the categories are organised as they are Marcello agrees to make a comment on items on how he thinks they could be broken up so we can review them Trev suggests putting a comment on the column heading to explain the contents and purpose better Marcello raises line 21 to understand why registration is with OCSP and CRL explain the grouping as to why they are set up how they are (to reflect the types of risks and exposure the things in the environment are exposed to) Further question and discussion of the meaning of the OCSP, CRL registration environment discussion of how to best represent the environments and transitions between them discussion of line 9 and where data is included at should we have a different environment for transitions between environments discussion of recombining software fields Clint calls time and agreement to continue discussion in tomorrow’s working group meeting.