<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>Some of this overlaps with work being currently done in the NetSec working group, which has discussed threat modeling for CAs. IIRC, in the past, we’ve discussed SDLC-related issues and deployment practices within that WG as well.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>-Tim<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Public <public-bounces@cabforum.org> <b>On Behalf Of </b>Jeremy Rowley via Public<br><b>Sent:</b> Thursday, January 23, 2020 8:10 PM<br><b>To:</b> CA/Browser Forum Public Discussion List <public@cabforum.org><br><b>Subject:</b> [cabfpub] Development and deployment working group<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='background:white'><span style='color:#212121'>Hey Dimitris,<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='color:#212121'><o:p> </o:p></span></p><p class=MsoNormal style='background:white'><span style='color:#212121'>Can you add a spot during the face to face to talk about software deployment and development? I thought a working group on that topic may be beneficial given the number of software issues reported on Mozilla. I can present on what I'm thinking there, but the goal would be to talk about best practices in development and deployment of pki software and some of the unique challenges associated with doing so as a CA.<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='color:#212121'><o:p> </o:p></span></p><p class=MsoNormal style='background:white'><span style='color:#212121'>Thanks, <o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='color:#212121'>Jeremy<o:p></o:p></span></p><div id=ms-outlook-mobile-signature><div><p class=MsoNormal><o:p> </o:p></p></div></div></div></div></body></html>