<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
These are the final Minutes of the Teleconference described in the
subject of this message, prepared by Eva Van Steenberge
(Globalsign).<br>
<br>
<br>
<b>Attendees:</b><br>
<br>
Aaron Poulsen - (Amazon), Adam Jones - (Microsoft), Ben Wilson -
(Mozilla), Bruce Morton - (Entrust), Cade Cairns - (Google), Chad
Ehlers - (IdenTrust), Clint Wilson - (Apple), Corey Bonnell -
(DigiCert), Corey Rasmussen - (OATI), Daryn Wright - (GoDaddy), Dean
Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA), Doug Beattie
- (GlobalSign), Dustin Hollenback - (Microsoft), Ellie Lu -
(TrustAsia Technologies, Inc.), Enrico Entschew - (D-TRUST), Eva
Vansteenberge - (GlobalSign), Fumi Yoneda - (Japan Registry
Services), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo),
Jamie Mackey - (US Federal PKI Management Authority), Joanna Fox -
(TrustCor Systems), Jos Purvis - (Fastly), Karina Sirota -
(Microsoft), Kiran Tummala - (Microsoft), Kyle Duren - (Yahoo Inc),
Lynn Jeun - (Visa), Mads Henriksveen - (Buypass AS), Marco Schambach
- (IdenTrust), Michelle Coon - (OATI), Miguel Sanchez - (Google),
Nate Smith - (GoDaddy), Paul van Brouwershaven - (Entrust), Pedro
Fuentes - (OISTE Foundation), Peter Miskovic - (Disig), Rebecca
Kelley - (Apple), Rollin Yu - (TrustAsia Technologies, Inc.), Ryan
Dickson - (Google), Scott Rea - (eMudhra), Tadahiko Ito - (SECOM
Trust Systems), Thomas Zermeno - (SSL.com), Tim Hollebeek -
(DigiCert), Tobias Josefowitz - (Opera Software AS), Trevoli
Ponds-White - (Amazon), Wendy Brown - (US Federal PKI Management
Authority), Yoshiro Yoneya - (Japan Registry Services).<br>
<br>
<br>
<b>Approval of minutes:</b><br>
<ul>
<li>April 27th, circulated may 12th: approved</li>
<li>March 30th, ciculated may 8th: approved</li>
<li>May 11th, circulated May 12th: approved</li>
</ul>
<b>Updates: <br>
<br>
</b>Server cert working group - Iñigo Barreira (Sectigo)<br>
<ul>
<li>Membership application of Yahoo (interested party, waiting for
IPR), QikFox (certificate consumer consumer) which has been
affected by the member moratorium by Mozilla.</li>
<li>Log-use from server certs to SMIME</li>
<li>Validation sub:</li>
<ul>
<li>topic of domain validation: Chrome to prepare document and
circulate</li>
<li>upcoming f2f items: mainly on delegation of domain
validation</li>
<li>Ben Wilson (Mozilla) and Justin working on something on
Subscribers.</li>
<li>No meeting next week.</li>
</ul>
<li>Dean Coclin (DigiCert) confirmed that Comscope responded,
forwarded, with updated IPR.</li>
</ul>
CodeSign cert WG - Bruce Morton (Entrust)<br>
<ul>
<li>Malware based revocation ballot: passed, in IPR period</li>
<li>Working on other ballots.</li>
<li>External question on subject name stability – Microsoft will
address that and will get back to reporter</li>
<li>F2f agenda</li>
<li>Dimitris Zacharopoulos (HARICA) had an update: completed the
work on import of SSL BRs in CodeSign BRs, few controversial
topics, working with Martin to resolve, hopefully ballot soon.</li>
</ul>
SMIME: Update to follow<br>
<br>
Forum infrastructure: No update<br>
<br>
Netsec: Trevoli Ponds-White (Amazon Trust Services): review agenda
of the f2f<br>
<br>
Bylaws changes - Dimitris Zacharopoulos (HARICA)<br>
<ul>
<li>Dimitris Zacharopoulos (HARICA) and Tim Hollebeek (DigiCert)
working on changes.</li>
<li>Changes to election changes, all on github. Workingon
addressing comments.</li>
<li>Introduction of class of probationary member as discussed on
F2F</li>
<ul>
<li>Ben Wilson (Mozilla) wanted to widen scope to certificate
consumers.</li>
<li>Split probationary members and link them to consumers and
issuers.</li>
</ul>
<li>If voting member loses qualifying membership criteria,
currently suspension, losing voting rights, rights to propose
ballots/endorse ballots. </li>
<ul>
<li>Map exactly to probationary members as well. To be presented
at F2F.</li>
</ul>
<li>Discussion period to start next week, there’s 2 endorsers,
just checking language.</li>
<li>Tim Hollebeek (DigiCert) asked if we could use prospective
member instead of probationary? He suggested that there may be
possible negative connotations, maybe not appropriate for
excited new member.</li>
<li>Dimitris Zacharopoulos (HARICA) confirmed that he was happy to
change the name, and that’s exactly the sort of discussion
that’s needed.</li>
<li>Ben Wilson (Mozilla) raised the consideration that there’s a
group of members that after suspension are on probation.
Associate member has already been taken.</li>
<li>Dimitris mentioned the opportunity to discuss at F2F.</li>
</ul>
Server cert charter update (Ben Wilson): <br>
<ul>
<li>updating requirements for consumers, only three new
requirements: mandatory compliance to BRs, maintain of a list of
CA, having criteria for adding and removing CAs from the list.
Some other vague ones have been removed (or not clear what
objectives were).</li>
<li>“Probationary members”: Attend 30% of the teleconference and
at least 1 F2F (which can be virtual), in a year, or at least
before voting on the membership.</li>
<li>Updated language to conform to suggestions made by Aaron and
Dimitris, so it’s more based on meeting the requirements.</li>
<li>Update on attendance language, 1st of January 2024 as a start
date, difficult to accomplish, trying to find a date of mandate
this requirement.</li>
<li>Dimitris Zacharopoulos (HARICA) reminded the group that the
charter needs to be discussed at a forum level, of course these
discussions can be held in the groups. He suggested to combine
the two discussions, server cert update and bylaws – break 1
slot into 2 for guest speaker.</li>
<li>Dimitris Zacharopoulos (HARICA) reminded of the registration
of the F2F attendance.</li>
<li>Dimitris Zacharopoulos (HARICA) said that for the approval
agenda of F2F, we don’t have the titles of the guest speaker
presentations.</li>
<li>Tim Hollebeek (DigiCert) raised that there may be IPR issues
with regards to forum presentations? Suggested to take this to
the list.</li>
<li>Dimitris Zacharopoulos (HARICA) mentioned he wasn’t sure what
the titles are on the presentations, so was not sure to which
level they relate to.</li>
<li>Background: presentations that are scheduled in a timeslot
under forum level part, Tim Hollebeek (DigiCert) was concerned
to move that to server cert slot, similar for guest speakers,
move to relevant slots . Forum level not protected by IPR.</li>
<li>Trevoli Ponds-White (Amazon Trust Services) explained that the
presentation was just going to talk about TLS, and she didn’t
particularly care which slot.</li>
<li>Tim Hollebeek (DigiCert) was mostly concerned about this
presentation. Guest speakers, less of a concern, historically
done on forum level, no change needed.</li>
<li>Karina Sirota (Microsoft) confirmed there was not a topic yet,
not on specific cert type.</li>
<li>Tim Hollebeek (DigiCert) mentioned that the forum is supposed
to be charters and working groups, not technical or policy, and
that it’s not appropriate forum for those discussions that
relate to multiple working groups. He reiterated that the forum
was intended to protect people from discussions they’d like to
avoid. Path forward to more cross cutting working groups, within
well defined scopes that protect everyone, like Netsec and the
discussions about the definitions working group. Perhaps good
for putting forward to discussions.</li>
<li>Paul van Brouwershaven (Entrust) gave the example of the
presentation of AWS on CA rotation, that it could apply to
multiple WGs, so that’s why it was decided to do that on forum
level, to take it into the working group, and discuss if needed.
But definitely to consider on how to move forward.</li>
<li>Trevoli Ponds-White (Amazon Trust Services) notes that Amazon
trust services is presenting, not AWS. </li>
<li>Tim Hollebeek (DigiCert) suggested taking 15 minutes for a
governance overview.</li>
<li>Trevoli Ponds-White (Amazon Trust Services) asked that you
don’t have to be part to part of a group attend in f2f,
functionally?</li>
<li>Dimitris Zacharopoulos (HARICA) confirmed yes, but can’t
contribute, the can listen in.</li>
<li>Paul van Brouwershaven (Entrust) confirmed that that’s why the
presentation was suggested at forum level, and discussions in
WG.</li>
<li>Tim Hollebeek (DigiCert) highlighted that being in room when
discussion happen can expose you to legal risk. If you choose to
attend, then the risk on you. But we shouldn’t put people at
risk because they are listening in and then the discussion veers
off into another working group’s topic, good to keep things in
chartered working groups.</li>
<li>Dimitris Zacharopoulos (HARICA) suggested to make some changes
to agenda. Add a 15 slot for governance issue?</li>
<li>Paul van Brouwershaven (Entrust) suggested moving governance
issue on day one, and bylaws changes to one session and shift
the agenda later the day.</li>
<li>Dimitris Zacharopoulos (HARICA) proposed to make slot 3.1 for
governance, 20 min slot, lead by Tim? Only have bylaws update
for 40 minutes on Wednesday. There’s still 20 minute slot for
website? Are there significant updates? There’s no updates –
maybe we make that one governance, slot number 4?</li>
</ul>
<br>
No other business.<br>
<br>
Next meeting: June 22nd<br>
<br>
<br>
</body>
</html>