<div dir="ltr"><div>Here are the draft minutes of yesterday's meeting.</div><div><br></div><div>
<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><b>Present:</b><span> </span>Corey
Bonnell, David Kluge, Jos<span>é</span> Guzman, Niko Carpenter, Sean Bangerter, Steven Deitte,
Tim Crawford, Tobias Josefowitz, Tyler Myers, Trev Ponds-White, Clint Wilson,
Ben Wilson, Dustin Hollenbeck<span></span></p>
<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><b>Overview:</b> Ben explained to new attendees that this
NetSec group has had subgroups in the past
centered on the following topics: Threat Analysis, Pain Points, and Document
Structure. A newer group also exists - the Cloud Security subgroup.<span></span></p>
<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><b>Replacement for Neil:</b><span>
</span>Clint Wilson will check with his company to see whether he can chair
this group.<span> </span>Second in line would be
David Kluge, and then Dustin Hollenbeck, if Clint and David cannot.<span></span></p>
<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><b>Webex Host Backups:</b> <span> </span>Ben will reschedule the meeting and see if Webex
will allow anyone to start the meeting. Otherwise, he will add David, Toby, Clint,
Trev and possibly others as users in the Webex account so that they can help
start the meetings. <span></span></p>
<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><b>Cloud Security Subgroup Update:</b><span> </span>David explained that originally, we started by performing a
component-by-component review of the typical CA system and focused our work on those
CA components and their respective risks, and then we would review the
requirements that we needed to have in place in a cloud setting to maintain an
expected level of security. Then, at the recent Face-to-Face meeting in June
2021, some browsers expressed a desire that instead of looking at the
substantive requirements, we look at the modalities and models
for performing the audit of the cloud service provider. As a result, we changed
our priorities so that during our most recent last three calls we have focused
on the different audit models that exist.<span>
</span>Most recently, we have begun preparing a briefing document for the Server
Certificate Working Group on what that model might be. Also, we decided that it would
be best to examine both the components and the audit models because we need to
identify exactly each service that would be audited.<b><span></span></b></p>
<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><b>Ballot SC34:</b> With Neil gone, Toby needs another
endorser for Ballot SC34 (not require manual review of inactive user accounts).
Trev will check with her legal folks and get back to Toby before our next call.<span></span></p>
<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif">Meeting adjourned. <span></span></p>
</div></div>