<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:512647256;
mso-list-template-ids:-1574263556;}
@list l0:level1
{mso-level-start-at:5;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-start-at:3;
mso-level-number-format:alpha-lower;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:539126901;
mso-list-template-ids:1067855394;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2
{mso-list-id:1160198618;
mso-list-type:hybrid;
mso-list-template-ids:-910145534 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l2:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Here are the final minutes of the subject call:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><ol style='margin-top:0in' start=1 type=1><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level1 lfo3'>Roll call: Dean Coclin, Atsushi Inaba, Bruce Morton, Daniel Hood, Tomas Gustavson, Tim Crawford, Corey Bonnell, Sebastian Schulz, Doug Beattie, Ian McMillan<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level1 lfo3'>Antitrust statement: read by Dean<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level1 lfo3'>Approval of minutes of last call: Minutes approved<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level1 lfo3'>Ballot Status CSCWG-7: Reviewed the current status of the document. Dean agreed to endorse. Bruce will send to the list and start the discussion period. <o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level1 lfo3'>Open items from last meeting: <o:p></o:p></li><ol style='margin-top:0in' start=1 type=a><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level2 lfo3'>Ian’s email from Nov 2<sup>nd</sup> regarding FIPS Level 2 vs Level 3: Level 2 will be the minimum now according to Ian but will look at Level 3 as more cloud based key protections are improved. <o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level2 lfo3'>Corey’s email from 12/17: <o:p></o:p></li></ol></ol><p class=MsoListParagraph style='margin-left:1.5in;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l2 level3 lfo3'><![if !supportLists]><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'> </span>i.<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>Ian agreed that CAs can support SHA1 to respond to revocation requests after the sunset date. <o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.5in;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l2 level3 lfo3'><![if !supportLists]><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'> </span>ii.<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>It’s acceptable to issue SHA1 timestamp certificates until April 30, 2022.<o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.5in;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l2 level3 lfo3'><![if !supportLists]><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'> </span>iii.<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>EE and sub CAs must have 3072 keys. Root program rules say new roots must be 4096. If root already exists, it’s ok to issue with existing root but new roots must be 4096<o:p></o:p></p><ol style='margin-top:0in' start=5 type=1><ol style='margin-top:0in' start=3 type=a><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level2 lfo3'>3072 tokens that meet FIPS: Ian stated devices should be coming to market in the spring. The group will monitor this effort. Dean said DigiCert’s investigation found some products advertising this capability but in testing did not meet it <o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level2 lfo3'>Tim Crawford: how to audit cloud based key requirements? Ian: key generation and vault logs can be provided by the subscriber. Tim asked how this can be standardized. Could they be SOC2? Ian will look into it.<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level2 lfo3'>Sebastian: what if a cert is cross signed with an older root? Ian: as long as existing root doesn’t exceed the expiration requirement of 2030, should be ok.<o:p></o:p></li></ol><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level1 lfo3'>Next meeting: Next meeting Jan 28th.<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l2 level1 lfo3'>Adjourned<o:p></o:p></li></ol><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Dean Coclin<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>