<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>CSCWG Minutes July 27, 2023<o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal>Attendance: <o:p></o:p></p><p class=MsoNormal><span lang=FR>Roberto Quiñones - Intel<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Brianca Martin - Amazon<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Bruce Morton - Entrust<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Atsushi INABA - GlobalSign<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Dean Coclin-DigiCert<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Andrea Holland - VikingCloud<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Mohit Kumar - GlobalSign<o:p></o:p></span></p><p class=MsoNormal>Scott Rea - eMudhra<o:p></o:p></p><p class=MsoNormal>Tim Crawford - WebTrust<o:p></o:p></p><p class=MsoNormal>lan McMillan - Microsoft<o:p></o:p></p><p class=MsoNormal>Brianca Martin - Amazon<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b><u>Minutes of the meeting:<o:p></o:p></u></b></p><p class=MsoNormal>Minutes approved for F2F<o:p></o:p></p><p class=MsoNormal>Interested party application from Adobe was discussed. Legal contact in Adobe is waiting for Authorization of application. No immediate action on us. <o:p></o:p></p><p class=MsoNormal>Adobe has Adobe air so significant to the group. <o:p></o:p></p><p class=MsoNormal>CSC Ballot 19 was discussed and need for the votes for Quorum was highlighted. Request made to members to place the vote.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>Ballot on Signing Service:<o:p></o:p></b></p><p class=MsoNormal>Bruce circulated the drafts not only for Signing service but also Timestamping and High Risk ballots. Suggestion made that people should start taking look, as group would move forward after current ballots are passed and published. <o:p></o:p></p><p class=MsoNormal>Ian to look what is proposed on Timestamping and High risks ballot and share comments.<o:p></o:p></p><p class=MsoNormal>Digicert to present their views on CT logs for next time as SME were not available this week.<o:p></o:p></p><p class=MsoNormal><b><o:p> </o:p></b></p><p class=MsoNormal><b>Proposal on merging EV and OV certificates:<o:p></o:p></b></p><p class=MsoNormal>Ian proposed to work on text for combining OV and EV together and find a middle ground to eliminate need for EV Codesigning certificates. In principle, standard to be maintained for organization validation that EV does today and making that as new only standard – calling it OV. <o:p></o:p></p><p class=MsoNormal>Question was raised on challenges to subscriber with that. <o:p></o:p></p><p class=MsoNormal>Organization identifier scenario in SMIME was discussed as part of this discussion. In SMIME, Org ID was introduced as single field that has all the requirements vs EV which has 3-4 fields for same information. So this makes certificate better than OV and close to EV in terms of Identity.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Another change discussed was need for verification of certificate requestor, contractor, signer etc because a lot of effort goes in there. It required in EV and not for OV today. Also do we need dual verification that is done today. <o:p></o:p></p><p class=MsoNormal>Feedback is there that EV is very hard and do they provide the value or not. <o:p></o:p></p><p class=MsoNormal>As there is no Domain in Codesigning certs so it boils down to the need for such verifications.<o:p></o:p></p><p class=MsoNormal>In SMIME BRs, there is no EV just a upgraded level of OV. SMIME to be studied further and to be observed in terms of feedback for SMIME for next few months from SMIME BRs effective date. <o:p></o:p></p><p class=MsoNormal>The expected timeline is 5-6 months atleast for this ballot given 3 ballots ahead already. It’s a big change. <o:p></o:p></p><p class=MsoNormal>Also discussed what should be the timeline to issue more than 1 certificate in a subscription and how to use shorter lived certificates. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Bruce also raised that CAs should provide feedback how Private Key ballot landed may be in 1-2 months. He proposed that group should gather feedback from CAs. Some CAs might be facing same issues, so we should have feedback loop so we can iron out. This to be added to Agenda item for next time. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Meeting was adjourned. <o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='mso-ligatures:none'><o:p> </o:p></span></p></div><p class=MsoNormal><o:p> </o:p></p></div></body></html>