<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1242450877;
mso-list-template-ids:-1114195552;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:1965235203;
mso-list-type:hybrid;
mso-list-template-ids:-113352494 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><b>FINAL MINUTES</b><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>MINUTE TAKER: Bruce<o:p></o:p></p><ol style='margin-top:0in' start=1 type=1><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Roll Call - Adriano Santoni, Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dimitris Zacharopoulos, Ian McMillan, Jeff Ward, Sebastian Schulz, Tomas Gustavsson<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Antitrust statement – Bruce read the antitrust statement<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Meeting minutes from 8 April 2021 were approved<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Cross-sign Roots – Reviewed that the cleanup ballot will address the cross-sign or roots. It is understood that a 2048-bit root can cross-sign a 4096-bit root for ubiquity. The condition is the cross-certificate must expire by 31 December 2030. Corey stated concern that there might be 2048-bit roots which expire after 2030 and may have cross-certificates which also expire after 2030. Corey will provide a message to the mailing list requesting Microsoft to state their position on this issue.<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Certificate Policy OID for Time-stamping – Based on the dedicated root which will only support certificates which are compliant to the CSBRs, Bruce has proposed that we create a certificate policy OID for timestamp certificates. This issue was brought up on the CAB Forum call also on 15 April 2021 and Ryan stated that time-stamping certificates are outside the scope of the CSCWG. Bruce stated that the CAB Forum has two code signing documents which address timestamping and the CSCWG is trying to bridge the gap to support code signing, where there is a timestamping requirement. It may be argued that timestamp certificates are already in scope or we could create a Forum ballot to change the CSCWG charter. Dimitris will discuss the issue with Dean.<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Common Criteria requirement – Common Criteria statements in the CSBR may still not be stated correctly. We need ensure the CC EAL4+ devices are certificated for key generation and protection. Adriano will provide text to start the discussion.<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>CSCWG-6 ballot - No status update at this time. Ian will prepare another version of the ballot and provide at a later time.<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Clean-up ballot – Bruce has started a clean-up ballot to address items from the parking lot list and other items which we have an agreed understanding, but have not addressed in the CSBRs. Bruce is working with Corey, Tim, Ian and Dimitris and will provide a draft ballot in the next week or two. The ballot will address items such as SAN, CRL, FIPS 140-<b>2</b>, Root/SubCA Key size, Cross-certificate, TS SHA-1, and Interoperability verification.<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Any other business<o:p></o:p></li><ol style='margin-top:0in' start=1 type=a><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level2 lfo3'>FIPS 140 – Ian discussed just stating FIPS 140 and not including -2. It was agreed that the CSBRs should state FIPS 140-2 or 140-3. This change can be made in the clean-up ballot.<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level2 lfo3'>Oracle – Ian was able to contact Oracle, but the response on the expiry of a timestamp certificate was inconclusive on how it impacts the signature as such, we will not decrease the timestamp certificate expiry period at the time. Oracle has been requested to test. Ian to follow-up.<o:p></o:p></li></ol><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Next Meeting Apr 22<sup>nd</sup> <o:p></o:p></li></ol><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b><o:p> </o:p></b></p><p class=MsoNormal><b>Bruce.<o:p></o:p></b></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>