<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="2050" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Here are the draft minutes of yesterday’s meeting.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Notes of meeting<o:p></o:p></p><p class=MsoNormal>CAB Forum <o:p></o:p></p><p class=MsoNormal>7 June 2012<o:p></o:p></p><p class=MsoNormal>Version 1<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>1. Present: John Espinoza, Rich Smith, Ben Wilson, Atsushi Inaba, Renne Rodriguez, Kirk Hall, Jeremy Rowley, Wayne Thayer, Brad Hill, Stephen Davidson, Mads Henriksveen, Eddy Nigg, Dean Coclin, Carsten Dahlenkamp, Gerv Markham, Chris Palmer, Yngve Pettersen, Ryan Sleevi, Robin Alden, Rick Andrews, Steve Roylance, and Bruce Morton <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>2. Agenda review<o:p></o:p></p><p class=MsoNormal>Discussion of the emergency motion to postpone IPR Agreement submission deadline added to discussion before Item 5.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>3. Minutes of Meeting on 24 May<o:p></o:p></p><p class=MsoNormal>Minutes of 24 May 2012 unanimously approved.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>4. Ballots status<o:p></o:p></p><p class=MsoNormal>Ballot 75 - NameConstraints criticality flag closes at 21:00 UTC on 8 June 2012 <o:p></o:p></p><p class=MsoNormal>Ballot 76- Public Review of Network Security Controls will close at 21:00 UTC on 12 June 2012<o:p></o:p></p><p class=MsoNormal>Emergency Ballot closes at 23:59 UTC on 7 June 2012<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Emergency Ballot Discussion Item<o:p></o:p></p><p class=MsoNormal>It was stated that if this ballot passes that those who have not signed and submitted the IPR Agreement should engage in good faith to inform everyone of their intentions at the earliest point possible and not hold off until the last minute. If any review of the IPR Policy occurs, it should occur sooner rather than later. IdenTrust has volunteered to facilitate discussions in this regard. Members should have everything squared away with their material reviews and any modifications to address inclusive or exclusive effects of the IPR policy should be conducted before August 1<sup>st</sup>. It was noted that much conversation, debate, and negotiation took place over many months on this issue and that any defects should have been worked out before now. There is also the concern that changing the balance from one side to the other might mean that other members drop out. <o:p></o:p></p><p class=MsoNormal>According to the IPR Policy, observers (anyone commenting on CAB Forum topics) are also covered by the IPR Policy, so converting non-signing existing members into observers will not solve the problem. The practical solution may be decided by the Emergency Ballot, which is likely to pass. Several members expressed concern about the way that the vote was handled. Some acknowledged that many organizations have such procedures that allow exceptions or suspension of procedure in certain cases. It was also acknowledged that formal written procedures for such situations are needed. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>5. Gjovik agenda<o:p></o:p></p><p class=MsoNormal>Item 7 on the agenda (EV Code Signing) is a remnant of the copied agenda from the last face-to-face meeting. It is being replaced with extended discussion of agenda item 6 (Baseline Requirement Issues List) and new item 7 IPR Policy and IPR implementation.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>6. IPR boilerplate<o:p></o:p></p><p class=MsoNormal>The draft IPR policy click-through agreement and agenda notice disclosure (for contributors) reads, “By submitting a contribution to the CA/Browser Forum (“Forum”), you hereby grant the Forum and its members an unlimited, irrevocable, worldwide, and sublicensable right to publish, modify, use, distribute, sell, display, license, and create derivative works of the contribution in any manner the Forum sees fit and without attribution of authorship. You hereby agree that the contribution discloses all patents or patent applications of which you are aware that are necessary to implement the ideas described in the contribution. You acknowledge that your failure to disclose such patents and patent applications as part of the contribution grants the Forum, its members, and any entity implementing a Forum work product an irrevocable, non-exclusive, worldwide, and royalty-free license to any registered, pending, or unregistered intellectual property rights in the contribution that you or the entity you represent possesses or may possess in the future.” <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>7. Individual name as commonName attribute<o:p></o:p></p><p class=MsoNormal>This is related to Ballot 69 and BR Issue Item Number 14. Further discussion is needed to determine whether Ballot 69 can be amended to go forward to a vote.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>8. BR Issues list<o:p></o:p></p><p class=MsoNormal>Ballot 74 (Updates to Domain and IP Validation, High Risk Requests, and Data Source in the Baseline Requirements) failed for lack of a quorum and is being reintroduced as Ballot 78. Yngve is looking for two endorsers to a motion that would resolve BR 1.1 issues #5, #6, #7, #8, #10, and #21 (#16 was superseded by #15). See his email of 24-May-2012 13:43 GMT titled, [cabfman] Update of Yngve's BR 1.1 issues + #10. He will separate E. (13.2.7 Response for non-issued certificates) from that motion in order to simplify the motion by avoiding debate about responding with a status reason code for an unauthorized certificate (DigiNotar). <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>9. Governance reform<o:p></o:p></p><p class=MsoNormal>The Committee has been meeting on Wednesdays. Four proposals are currently on table, and recent efforts have been made to consolidate the proposals down to three for simplification. The group does not plan to present any ballot or poll until after the meeting in Norway, but there are efforts to get the proposals out to the Forum for review. Generally, the proposals can be identified as follows: TrendMicro – current Forum governance but with added participation from public/observers; PayPal – a governing Board with Board voting by all groups (CAs, Browsers, and Interested Parties); Microsoft – a representative governing Board with a set number of Board members (e.g., 4 CAs, 3 Browser Reps., 2 Interested Party representatives); and DigiCert – guidelines adopted by membership at large, but Board of unlimited size must ratify (only CAs and Browsers contributing $10,000 annually are Board Members).<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>10. Any other business<o:p></o:p></p><p class=MsoNormal>Extension-of-Deadlines Voting -- One suggestion to resolve the granting of extensions to deadlines (like the IPR Policy instance) would be a specific procedure to allow a one-time extension based on normal voting process (one week of ballot review followed by one week of voting). In addition, a shortened emergency ballot with different criteria is also needed.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Also, the Flame incident is making a lot of news lately. It appears to be sophisticated and combines several vulnerability exploits, including MD5, predictable serial numbers, prefix attacks, etc., and it also involves good computing power and expertise. More information is available from a Microsoft release and an article posted on arstechnica.com.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>11. Next meeting is on 21 June 2012<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>12. Meeting adjourned.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:black'>Benjamin T. Wilson, JD CISSP <br>General Counsel and SVP Industry Relations<br>DigiCert, Inc.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a href="http://www.digicert.com/"><span style='font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;text-decoration:none'><img border=0 width=224 height=58 id="Picture_x0020_1" src="cid:image001.gif@01CD458E.11E204B0" alt="Visit DigiCert.com"></span></a><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.5pt;font-family:"Arial","sans-serif";color:#666666'>Online: <a href="http://www.digicert.com/" target="_blank"><span style='color:blue'>www.DigiCert.com</span></a><br>Email: <a href="mailto:ben@digicert.com"><span style='color:blue'>ben@digicert.com</span></a><br>Toll Free: <b>1-800-896-7973</b> (US & Canada)<br>Direct: <b>1-801-701-9678</b><br>Fax: <b>1-866-842-0223</b> (Toll Free if calling from the US or Canada) <o:p></o:p></span></p><div class=MsoNormal align=center style='text-align:center'><hr size=1 width="100%" noshade style='color:#007DC0' align=center></div><p class=MsoNormal><span style='font-size:7.0pt;font-family:"Arial","sans-serif";color:#007DC0'>The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Thank You</span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>