<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div dir="ltr"><span
id="gmail-docs-internal-guid-cc6ecd87-7fff-ac73-59f1-00f6bf419eb8">
<p class="MsoNormal">These are the Final Minutes of the
Teleconference described in the subject of this message,
prepared by Tom Zermeno (SSL.com).<br>
<b><br>
</b></p>
<p class="MsoNormal"><b>Attendees</b>: Aaron Poulsen - (Amazon),
Adam Jones - (Microsoft), Adrian Mueller - (SwissSign), Andrea
Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca
Martin - (Amazon), Bruce Morton - (Entrust), Chad Ehlers -
(IdenTrust), Chris Clements - (Google), Chris Kemmerer -
(SSL.com), Christophe Bonjean - (GlobalSign), Clint Wilson -
(Apple), Corey Rasmussen - (OATI), David Kluge - (Google),
Dean Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA),
Dustin Hollenback - (Microsoft), Ellie Lu - (TrustAsia
Technologies, Inc.), Enrico Entschew - (D-TRUST), Fumi Yoneda
- (Japan Registry Services), Inaba Atsushi - (GlobalSign),
Inigo Barreira - (Sectigo), Janet Hines - (VikingCloud), Jos
Purvis - (Fastly), Karina Sirota - (Microsoft), Kiran Tummala
- (Microsoft), Mads Henriksveen - (Buypass AS), Marcelo Silva
- (Visa), Martijn Katerbarg - (Sectigo), Michelle Coon -
(OATI), Nargis Mannan - (VikingCloud), Peter Miskovic -
(Disig), Rollin Yu - (TrustAsia Technologies, Inc.), Ryan
Dickson - (Google), Sissel Hoel - (Buypass AS), Steven Deitte
- (GoDaddy), Steve Topletz - (Cisco Systems), Tadahiko Ito -
(SECOM Trust Systems), Tim Hollebeek - (DigiCert), Tobias
Josefowitz - (Opera Software AS), Trevoli Ponds-White -
(Amazon), Vijayakumar (Vijay) Manjunatha - (eMudhra), Wayne
Thayer - (Fastly).<span style="color:black"></span></p>
</span>
<p class="MsoNormal"><b><span style="color:black">Roll Call</span></b><span
style="color:black">: Dimitris Zacharopoulos read the
attendance.</span></p>
<p class="MsoNormal"><b><span style="color:black">Antitrust
Statement</span></b><span style="color:black">: Dimitris
reminded everyone that they must comply with the CA/B Forum
Antitrust Policy, Code of Conduct and Intellectual Property
Rights Agreement, which can be found in the Bylaws. </span></p>
<p class="MsoNormal"><b><span style="color:black">Review Agenda</span></b><span
style="color:black">: The Agenda was approved with no changes.</span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">1.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-family:"Arial",sans-serif;mso-fareast-font-family:"Times
New Roman"; mso-ansi-language:EN-GB" lang="EN-GB">Begin
Recording - Roll Call</span><span
style="mso-fareast-font-family:"Times New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">2.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-family:"Arial",sans-serif;mso-fareast-font-family:"Times
New Roman"">Read Antitrust Statement </span><span
style="mso-fareast-font-family:"Times New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">3.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-family:"Arial",sans-serif;mso-fareast-font-family:"Times
New Roman"">Review Agenda</span><span
style="mso-fareast-font-family:"Times New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">4.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-family:"Arial",sans-serif;mso-fareast-font-family:"Times
New Roman"; mso-ansi-language:EN-GB" lang="EN-GB">Status
of F2F minutes </span><span style="mso-fareast-font-family:
"Times New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">5.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-family:"Arial",sans-serif;mso-fareast-font-family:"Times
New Roman"">Server Certificate Working Group update</span><span
style="mso-fareast-font-family: "Times New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">6.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-size:12.0pt;font-family:"Arial",sans-serif;mso-fareast-font-family:
"Times New Roman"">Code Signing Certificate Working
Group update</span><span
style="mso-fareast-font-family:"Times New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">7.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-size:12.0pt;font-family:"Arial",sans-serif;mso-fareast-font-family:
"Times New Roman"">S/MIME Certificate Working Group
update</span><span style="mso-fareast-font-family:"Times
New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">8.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-size:12.0pt;font-family:"Arial",sans-serif;mso-fareast-font-family:
"Times New Roman"">Forum Infrastructure Subcommittee
update</span><span style="mso-fareast-font-family:"Times
New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">9.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-size:12.0pt;font-family:"Arial",sans-serif;mso-fareast-font-family:
"Times New Roman"">NetSec Working Group update</span><span
style="mso-fareast-font-family: "Times New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">10.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-family:"Arial",sans-serif;mso-fareast-font-family:"Times
New Roman"; mso-ansi-language:EN-GB" lang="EN-GB">Bylaws
changes</span><span style="mso-fareast-font-family:
"Times New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">11.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-family:"Arial",sans-serif;mso-fareast-font-family:"Times
New Roman"; mso-ansi-language:EN-GB" lang="EN-GB">Any
Other Business</span><span style="mso-fareast-font-family:
"Times New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">12.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-family:"Arial",sans-serif;mso-fareast-font-family:"Times
New Roman"; mso-ansi-language:EN-GB" lang="EN-GB">Next
call: 30 March 2023</span><span
style="mso-fareast-font-family: "Times New Roman""></span></p>
<p class="qt-qt-qt-qt-qt-qt-"
style="margin-left:36.0pt;text-indent:-18.0pt; mso-list:l0
level1 lfo1;tab-stops:list 36.0pt"><span
style="mso-fareast-font-family:Calibri"><span
style="mso-list:Ignore">13.<span style="font:7.0pt
"Times New Roman""> </span></span></span><span
style="font-family:"Arial",sans-serif;mso-fareast-font-family:"Times
New Roman"; mso-ansi-language:EN-GB" lang="EN-GB">Adjourn</span><span
style="mso-fareast-font-family: "Times New Roman""></span></p>
<p class="MsoNormal"><b><span style="color:black">Status of F2F
minutes</span></b><span style="color:black">: The next topic
was the F2F meeting minutes.<span style="mso-spacerun:yes"> </span>Minutes
were pending for the Google Root Program update, CCADB update
and the Definitions and Glossary working Group.<span
style="mso-spacerun:yes"> </span>Trevoli is working on the
Google minutes, Daryn Wright (GoDaddy) has been assigned the
other minutes, but he was not in attendance at the meeting;
Dimitris will contact him directly and ask for updates. <span
style="mso-spacerun:yes"></span>Also, waiting on
presentations from Clint and Karina.<span
style="mso-spacerun:yes"> </span>Approximately 90% of the
minutes have been updated. No other updates to the F2F
minutes.</span></p>
<p class="MsoNormal"><b><span style="color:black">Server
Certificate Working Group update</span></b><span
style="color:black">: Inigo joined late, but was able to
provide the update: The SCWG met at the F2F and the Validation
Subcommittee met on 3/9/23.<span style="mso-spacerun:yes"> </span>At
the F2F Google presented speaker from Princeton University who
discussed multi perspective domain validation. This is a topic
that Inigo would like explored and discussed further. There
was also discussion about different certification flows,
specifically the “Traditional Hosting Provider” flow. </span></p>
<p class="MsoNormal"><span style="color:black">Dimitris handled
the minutes for that call, which were about 90% complete at
the time of the 3/16 call. It is very interesting and
important discussion about the subscriber agreement,
acceptance of the agreement, legal issues, and the
enforceability of the click-through agreement. Other groups
might want to consider the concerns mentioned in the
discussion and the current language in the BRs. Dimitris
pledged to submit the minutes later that day.<span
style="mso-spacerun:yes"> </span></span></p>
<p class="MsoNormal"><span style="color:black">Inigo went on to
list some topics of the next Server Cert Working Group
meeting, later that day: Issues with GitHub and “what to do
with the EV Guidelines”.</span></p>
<p class="MsoNormal"><span style="color:black">Tim Hollebeek
clarified that the SCWG meeting takes place at the end of the
CA/B Forum meeting, in the same teleconference, but it is not
reflected in the calendar.<span style="mso-spacerun:yes"> </span>Dimitris
asked if the Outlook entry for the Forum-level meeting should
be extended to reflect the full duration of the combined
meetings, or if a new entry should be generated specifically
for the SCWG meeting. Dimitris and Inigo will discuss the
update off-line. </span></p>
<p class="MsoNormal"><b><span style="color:black">Code Signing
Working Group Update</span></b><span style="color:black">:
Bruce provided the update to the meeting held the previous
week.<span style="mso-spacerun:yes"> </span>No significant
progress was made on ballots, but they did discuss many of the
same topics from the F2F meeting.<span
style="mso-spacerun:yes"> </span>It was a good refresher
on the topics that helped to guide the pathway forward.<span
style="mso-spacerun:yes"> </span>The group had no
questions for Bruce. </span></p>
<p class="MsoNormal"><b><span style="color:black">S/MIME
Certificate working group</span></b><span
style="color:black">: Steven was not in attendance, so Martijn
presented the update.<span style="mso-spacerun:yes"> </span>The
call took place on 3/15 with discussions on the ETSI
requirements (thanks to Dimitris), the use of pseudonyms in
the CN for legacy profiles, a discrepancy in the BRs which may
be fixed by a random ballot, which, if adopted, would include
EdDSA key usage table and the clarification on the enterprise
for RA text.<span style="mso-spacerun:yes"> </span>No other
questions/discussions from the Forum.</span></p>
<p class="MsoNormal"><b><span style="color:black">Forum
Infrastructure Subcommittee</span></b><span
style="color:black">: Jos reported on the solid meeting held
the previous week.<span style="mso-spacerun:yes"> </span>They
discussed adjusting the date for the Wiki changeover, which
was delayed to accommodate the F2F. The changeover will take
place on Monday, March 20.<span style="mso-spacerun:yes"> </span>The
original wiki will be placed on “read-only” and the content
moved over to the new server.<span style="mso-spacerun:yes">
</span>Members will receive a message that their account is
able to access the new wiki. Jos went on to advise anyone
submitting notes for the F2F to hold off on submitting them to
the Wiki until the new server is active.<span
style="mso-spacerun:yes"> </span>There was also discussion
at the last full CA/B Forum meeting about the problem with
approvals of mergers in GitHub.<span style="mso-spacerun:yes">
</span>Currently, the chair does most of the implementation
work, but then cannot approve the change, since the change
must be approved by someone else.<span
style="mso-spacerun:yes"> </span>The proposed solution is
that anyone who is authorized may create a branch, pull
content, etc., but only the chair can push the merge button to
merge the content.<span style="mso-spacerun:yes"> </span>This
way the other members can do the “heavy lifting” and the chair
can focus on publishing the document. </span></p>
<p class="MsoNormal"><span style="color:black">Dimitris asked
about the situation where a chair wanted to write a ballot.
Would someone else be needed to do an approval?<span
style="mso-spacerun:yes"> </span>Jos answered that the
chair would develop a branch, develop a pull request, and once
the ballot was passed, the chair would do the work (or someone
else could do it) of taking the branch and re-basing it on the
main, but it would still be the responsibility of the chair to
push the button.<span style="mso-spacerun:yes"> </span>Andrea
Holland clarified that the Chair or the Vice Chair would push
the button.<span style="mso-spacerun:yes"> </span>Martijn
asked if that was the setup, currently; Jos explained that a
summary of the configuration changes that need to be made
exists and the change can be made within GitHub at any time.<span
style="mso-spacerun:yes"> </span>Dimitris gave the
go-ahead to move forward with this change. </span></p>
<p class="MsoNormal"><span style="color:black">Finally, there as a
discussion about minutes and minute publication and ways to
adjust the process to better meet the bylaws, which may be
clarified.<span style="mso-spacerun:yes"> </span>An
adjustment to the list-serve management may be in order so
that everyone had a private space to work on minutes and a
public space where those minutes can be published.<span
style="mso-spacerun:yes"> </span>That was all.</span></p>
<p class="MsoNormal"><span style="color:black">Dimitris thanked
Jos and mentioned that there was discussion on some bylaws
changes at the F2F. It was clarified that the working group
meetings and the Forum plenary minutes need to be reviewed on
a private/members list before being published.<span
style="mso-spacerun:yes"> </span>Only working group
minutes need to be published on a public website, but not
subcommittee minutes. </span></p>
<p class="MsoNormal"><b><span style="color:black">NetSec Working
Group</span></b><span style="color:black">: Clint stated
that the group met on Tuesday and that they discussed RPKI.
There was a firm consensus that the group would not be taking
on RPKI work, although a good discussion was held on the
topic. The topic may be approached again in the future.<span
style="mso-spacerun:yes"> </span></span></p>
<p class="MsoNormal"><span style="color:black">Trevoli suggested
that the Clint tell us why RPKI should be avoided by the
NetSec working group.<span style="mso-spacerun:yes"> </span>The
reason is that the NetSec requirements apply to all working
groups, while RPKI does not have clear overlap with all of the
working groups. The RPKI scope was smaller than the NetSec
scope, and instead focused on the TLS domain requirements (and
S/MIME) only.<span style="mso-spacerun:yes"> </span></span></p>
<p class="MsoNormal"><span style="color:black">Tim agreed with the
solution, but not the analysis.<span style="mso-spacerun:yes">
</span>He says that the NetSec charter explicitly calls out
that the group should occasionally provide proposals to other
working groups.<span style="mso-spacerun:yes"> </span>But he
does agree that it would be better to leave the discussion to
the Sever working group, as that seems to be the focus of
RPKI. Clint conceded that if there was a desire to provide
guidance to both the TLS and S/MIME groups, then NetSec would
be a good place to do that, but without signals from both
groups that such guidance was desired, it would be best to
leave the discussion in the TLS group. </span></p>
<p class="MsoNormal"><span style="color:black">Trevoli added that
sometimes any topic dealing with the word “network” means that
it has to do with the internet and therefore should be oved to
NetSec.<span style="mso-spacerun:yes"> </span>However, she
mentioned Corey’s proposal that NetSec should inform how to
secure infrastructure, regardless – like network
infrastructure.<span style="mso-spacerun:yes"> </span>But
whether it (RPKI) gets required and how that works is better
considered a server certificate topic.<span
style="mso-spacerun:yes"> </span>Tim Agreed. <br>
Clint stated that this isn’t the last you’ll hear about RPKI
in the Forum, but likely the last time it gets discussed in
NetSec (for some time, at least). </span></p>
<p class="MsoNormal"><span style="color:black">Clint went on to
detail the continued work that was made to the introductions
to sections of the NetSec, the addition of 2 new sections, and
the reorganization of some of the prior draft updates of the
NSRs.<span style="mso-spacerun:yes"> </span>This was all
that the group had time for in their meeting.</span></p>
<p class="MsoNormal"><b><span style="color:black">Bylaws Changes</span></b><span
style="color:black">: Dimitris spent a little time
writing/improving minutes on the topic, but was not able to
make much progress after the F2F.<span
style="mso-spacerun:yes"> </span>Tim was also unable to
make progress on the topic after the F2F.<span
style="mso-spacerun:yes"> </span>Dimitris still needs to
generate a doodle poll related to the time required to draft
minutes.<span style="mso-spacerun:yes"> </span>The link will
be sent to the management list when it is ready.<span
style="mso-spacerun:yes"> </span>There were no other
questions on the topic of Bylaws.</span></p>
<p class="MsoNormal"><b><span style="color:black">Any other
Business</span></b><span style="color:black">: none.</span></p>
<p class="MsoNormal"><b><span style="color:black">Next
Face-to-Face</span></b><span style="color:black">: June 6 in
Redmond, Washington, USA. The meeting will be hosted by
Microsoft. The wiki page is ready and individuals desiring to
go may start making travel plans as the dates are fixed.<span
style="mso-spacerun:yes"> </span>Please register if you
plan on attending. </span></p>
<p class="MsoNormal"><span style="color:black">Inigo asked if we
should wait to use the wiki, but Dimitris said that people
should just be cautious about using the wiki on/around the
switch over time. <span style="mso-spacerun:yes"><br>
</span></span></p>
<p class="MsoNormal"><span style="color:black"><span
style="mso-spacerun:yes">Meeting adjourned.<br>
</span></span></p>
</div>
</body>
</html>