<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Small correction,<br>
<br>
The minutes of the <b>March 16</b> meeting were approved, not March
30.<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 27/4/2023 6:50 μ.μ., Dimitris
Zacharopoulos (HARICA) via Public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:01000187c3684973-d0ca2586-46b0-4433-8ece-9fcaa725b9db-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"\@Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">These are the Final Minutes of the
Teleconference described in the subject of this message,</p>
<p class="MsoNormal"><br>
</p>
<p class="MsoNormal">Attendees:<o:p></o:p></p>
<p class="MsoNormal">Aaron Poulsen - (Amazon), Adam Jones -
(Microsoft), Adrian Mueller - (SwissSign), Ben Wilson -
(Mozilla), Brianca Martin - (Amazon), Clint Wilson - (Apple),
Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), David
Kluge - (Google), Dean Coclin - (DigiCert), Dimitris
Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin
Hollenback - (Microsoft), Ellie Lu - (TrustAsia Technologies,
Inc.), Enrico Entschew - (D-TRUST), Fumi Yoneda - (Japan
Registry Services), Inaba Atsushi - (GlobalSign), Inigo
Barreira - (Sectigo), Janet Hines - (VikingCloud), Joanna Fox
- (TrustCor Systems), Johnny Reading - (GoDaddy), Jos Purvis -
(Fastly), Mads Henriksveen - (Buypass AS), Martijn Katerbarg -
(Sectigo), Michelle Coon - (OATI), Nargis Mannan -
(VikingCloud), Peter Miskovic - (Disig), Rebecca Kelley -
(Apple), Rollin Yu - (TrustAsia Technologies, Inc.), Ryan
Dickson - (Google), Stephen Davidson - (DigiCert), Tadahiko
Ito - (SECOM Trust Systems), Thomas Zermeno - (SSL.com),
Tobias Josefowitz - (Opera Software AS), Trevoli Ponds-White -
(Amazon), Wayne Thayer - (Fastly), Wendy Brown - (US Federal
PKI Management Authority), Yoshiro Yoneya - (Japan Registry
Services)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Dimitris announced the list of attendees.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Dimitris read the note-well.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Minutes of the March 30th meeting were
approved. F2F 58 minutes were<o:p></o:p></p>
<p class="MsoNormal">also approved.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Inigo gave the servercert-wg update. Last
time, the open Github issues<o:p></o:p></p>
<p class="MsoNormal">were discussed as well as converting the
EVGs to 3647 format. There are<o:p></o:p></p>
<p class="MsoNormal">no plans to combine the EVGs and TLS BRs at
this time.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Dean gave the code signing-wg update.
CSC-18 (malware revocation) is in<o:p></o:p></p>
<p class="MsoNormal">the discussion period. The group all
discussed removing references to<o:p></o:p></p>
<p class="MsoNormal">the TLS BRs in the CS BRs. Dimitris and
Martijn are leading this effort.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Stephen gave the smime-wg update. The group
is answering questions that<o:p></o:p></p>
<p class="MsoNormal">are being raised as CAs implement the
SMBRs. There is an erratum ballot<o:p></o:p></p>
<p class="MsoNormal">that will resolve several minor issues and
clarifications that were<o:p></o:p></p>
<p class="MsoNormal">identified. This draft ballot will be moved
to discussion period soon.<o:p></o:p></p>
<p class="MsoNormal">The ballot will have the same effective
date as the SMBRs itself. CAA<o:p></o:p></p>
<p class="MsoNormal">for SMIME was also discussed. The group has
agreed to wait until the IETF<o:p></o:p></p>
<p class="MsoNormal">specification is published as an RFC to
create a ballot. One Certificate<o:p></o:p></p>
<p class="MsoNormal">Consumer is looking for example hierarchies
that comply with the SMBRs for<o:p></o:p></p>
<p class="MsoNormal">their testing. It was also announced that
DigiCert will be releasing a<o:p></o:p></p>
<p class="MsoNormal">new linting suite for SMIME.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Jos reported that the Infrastructure SC did
not meet this week.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Clint gave the netsec-wg update. Henry
Birge-Lee joined the meeting to<o:p></o:p></p>
<p class="MsoNormal">discuss their research on DNSSEC and its
potential utility as a mitigation<o:p></o:p></p>
<p class="MsoNormal">against network hijacking. Such a
requirement may be proposed for inclusion<o:p></o:p></p>
<p class="MsoNormal">in the NCSSRs. The group discussed the
relative priority for such a proposal,<o:p></o:p></p>
<p class="MsoNormal">especially in comparison with the working
being done for multi-perspective<o:p></o:p></p>
<p class="MsoNormal">domain validation. Clint said he will lead
a sub-group to develop a concrete<o:p></o:p></p>
<p class="MsoNormal">proposal.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Dimitris said that multi-perspective domain
validation and DNSSEC falls more<o:p></o:p></p>
<p class="MsoNormal">firmly into servercert as opposed to
netsec. Clint said that every CA for<o:p></o:p></p>
<p class="MsoNormal">all certificate types will be making
outbound connections as part of their<o:p></o:p></p>
<p class="MsoNormal">validation processes, so they are relevant.
Trev said this is why concrete<o:p></o:p></p>
<p class="MsoNormal">ballot language is needed to see whether
changes to NCSSRs are needed.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Dimitris walked through the proposed Bylaws
changes and the associated Github<o:p></o:p></p>
<p class="MsoNormal">PR. Several members have provided feedback.
Dimitris will reach out to the<o:p></o:p></p>
<p class="MsoNormal">contributors to the discussion on how to
best resolve the outstanding items.<o:p></o:p></p>
<p class="MsoNormal">Dimitris also called for endorsers to these
changes.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There was no other business. Meeting
adjourned and the servercert-wg session began.<o:p></o:p></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/public">https://lists.cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>