<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title>
<style type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style>
</head>
<body>
<div><b>Attendance</b><br>
</div>
<div><i>Present:</i><b><br>
</b></div>
<ul>
<li>Aaron Gable - (Let's Encrypt)<br>
</li>
<li>Aaron Poulsen - (Amazon)<br>
</li>
<li>Adrian Mueller - (SwissSign)<br>
</li>
<li>Andrea Holland - (VikingCloud)<br>
</li>
<li>Brianca Martin - (Amazon)<br>
</li>
<li>Bruce Morton - (Entrust)<br>
</li>
<li>Clint Wilson - (Apple)<br>
</li>
<li>Corey Bonnell - (DigiCert)<br>
</li>
<li>Corey Rasmussen - (OATI)<br>
</li>
<li>Daryn Wright - (GoDaddy)<br>
</li>
<li>David Kluge - (Google)<br>
</li>
<li>Dean Coclin - (DigiCert)<br>
</li>
<li>Dimitris Zacharopoulos - (HARICA)<br>
</li>
<li>Dustin Hollenback - (Microsoft)<br>
</li>
<li>Enrico Entschew - (D-TRUST)<br>
</li>
<li>Fumi Yoneda - (Japan Registry Services)<br>
</li>
<li>Hannah Sokol - (Microsoft)<br>
</li>
<li>Inaba Atsushi - (GlobalSign)<br>
</li>
<li>Inigo Barreira - (Sectigo)<br>
</li>
<li>Joanna Fox - (TrustCor Systems)<br>
</li>
<li>Marco Schambach - (IdenTrust)<br>
</li>
<li>Michelle Coon - (OATI)<br>
</li>
<li>Nargis Mannan - (VikingCloud)<br>
</li>
<li>Nate Smith - (GoDaddy)<br>
</li>
<li>Nome Huang - (TrustAsia Technologies, Inc.)<br>
</li>
<li>Paul van Brouwershaven - (Entrust)<br>
</li>
<li>Pedro Fuentes - (OISTE Foundation)<br>
</li>
<li>Peter Miskovic - (Disig)<br>
</li>
<li>Rollin Yu - (TrustAsia Technologies, Inc.)<br>
</li>
<li>Scott Rea - (eMudhra)<br>
</li>
<li>Stephen Davidson - (DigiCert)<br>
</li>
<li>Tadahiko Ito - (SECOM Trust Systems)<br>
</li>
<li>Thomas Zermeno - (SSL.com)<br>
</li>
<li>Tobias Josefowitz - (Opera Software AS)<br>
</li>
<li>Wayne Thayer - (Fastly)<br>
</li>
<li>Yashwanth TM - (eMudhra)<br>
</li>
<li>Yoshiro Yoneya - (Japan Registry Services)<br>
</li>
</ul>
<div><b>1. Introductory</b><b><br>
</b></div>
<ul>
<li>Dimitris read the roll for the call.<br>
</li>
<li>The Notewell was read by the Chair.<br>
</li>
<li>The agenda for the meeting was reviewed and no changes were
made.<br>
</li>
<li>The minutes from the 20 July meeting were approved.<br>
</li>
</ul>
<div><b>2. Working Group Updates</b><b><br>
</b></div>
<div><b>Server Certificate Working Group</b><b><br>
</b></div>
<div>Inigo reported they had a standard meeting two weeks ago. They
discussed the open issues and pull requests on GitHub, in
particular any items identified for inclusion in a clean-up
ballot. The EV Guidelines have been converted to RFC3647 format
and a pull request has been submitted to update them in GitHub.
Corey reported that there was no Validation Subcommittee meeting
the previous week, so they had no updates to report.<br>
</div>
<div><br>
</div>
<div><b>Code Signing Certificate Working Group</b><b><br>
</b></div>
<div>Bruce reported that they had a short meeting: Dimitris' ballot
to remove the SSL Server Cert references from the CSCWG Baseline
Requirements has passed and is now in IPR review. Based on that
ballot, Bruce drafted language that can be used for 3 more ballots
in the future, updating the guidelines to address code-signing
services, high-risk requests, and time-stamping (from the last
Face-to-Face meeting). That draft text is available from Bruce,
but he'll need help getting those into GitHub to get ballots in
process. Dean was going to reach out to DigiCert to follow up on
getting a presentation on certificate transparency for
code-signing, but there isn't a status update on that yet.
Dimitris noted some discussions on the code-signing language about
aligning language to be consistent between the TLS Guidelines and
the Code-Signing language, but the group resolved these were
actually about aligning the TLS Guidelines with the Mozilla Root
Store policy.<br>
</div>
<div><br>
</div>
<div><b>S/MIME Certificate Working Group</b><b><br>
</b></div>
<div>Stephen noted that SMC-03, the Clarifications and Corrections
ballot, emerges from IPR on 11 August (Friday), and encouraged
members to review for IPR conflicts. That should be
contemporaneous with the issuance of the S/MIME BRs on 1
September. Various audit groups have asked to review the new BR
version to update audit criteria. Ben Wilson also posted on the
Mozilla Wiki about the transitions for existing S/MIME issuing
CAs: Mozilla has released their guidance relating to the
re-issuance of an existing CA in order to bring it into compliance
with the new S/MIME BRs. Stephen noted that most CAs are very busy
updating themselves into compliance with the ballots and there
have been many questions requesting clarifications or
interpretations of the BR text. He thanked everyone for their
perseverance and patience with the process, and looked forward to
a successful launch of the BRs, and the forthcoming discussions of
S/MIME ballot SMC-62.<br>
</div>
<div><br>
</div>
<div><b>Forum Infrastructure Subcommittee</b><b><br>
</b></div>
<div>There was no update from Infrastructure; there was no meeting
held prior to this call.<br>
</div>
<div><br>
</div>
<div><b>Network Security Working Group</b><b><br>
</b></div>
<div>David was not on the last call of the NSWG, but was on the
Cloud Services call. He and Dimitris offered from the Cloud
Services subcommittee that they were continuing with a ballot to
adopt some language from the Cloud Security Alliance's (CSA) Cloud
Controls Matrix into the NSWG Requirements, particularly into
section 4. They are preparing a memorandum of understanding with
the CSA to sort out licensing concerns and considerations and
whether the two groups might want to work together further in the
future. Dimitris noted that this was a new process for the Forum:
while some language had been adopted from ETSI in the past, this
was the first time we were adopting language from an
entirely-outside organization. He recommended that they prepare a
Forum-level ballot to describe the memorandum and agreement and
then approve that and the language of the NSWG requirements
updates, once a stable draft was ready.<br>
</div>
<div><br>
</div>
<div>Aaron Poulsen volunteered that he had attended the NSWG meeting
and could provide an update. There's a lot of work going on in
cleanup of the NSRs: Clint has started going through section 1 and
intends to proceed through the whole requirements document to
clean up language and terminology and consolidate requirements.
There is some discussion going about whether to make those changes
in an upcoming ballot around section 4 around vulnerability
management. Hopefully updates will be presented on this in the
next few weeks. Dimitris noted that Clint had sent out some
proposed red-line changes to various sections of the NSRs, but
felt that more discussion needed to take place before those were
ready for inclusion. Aaron anticipates that the changes and
cleanups will likely fall into a separate ballot to isolate them
from the section-4 changes that are more focused on changes to
specific requirements.<br>
</div>
<div><br>
</div>
<div><b>3. Server Certificate Working Group Charter Changes</b><b><br>
</b></div>
<div>Dimitris noted that there is a proposal afoot to change the
charter of the Server Certificate Working Group, proposed by Ben
Wilson. Ben was not on the call, so the group opted to move this
discussion forward to the next Plenary call.<br>
</div>
<div><br>
</div>
<div><b>4. Any Other Business</b><b><br>
</b></div>
<div>Dimitris said the next Forum call is on 17 August, but he will
be unable to attend. After discussion with Vice-Chair Paul van
Brouwershaven, Dimitris proposed cancelling the next meeting since
many people will be on vacation. The consensus of the group was to
cancel the 17 August meeting and resume on 31 August.<br>
</div>
<div>There were no further updates or business; Dimitris closed the
meeting.<br>
</div>
</body>
</html>