[Cscwg-public] Final Minutes CSCWG July 16

Dean Coclin dean.coclin at digicert.com
Tue Aug 11 12:34:38 MST 2020

Here are the final minutes of the subject call:


1.	Roll call: Dean Coclin, Atsushi Inaba, Bruce Morton, Tim Crawford,
Daniela Hood, Hugh Mercer, Ian McMillan, Joanna Fox, Mike Reilly, Tomas
2.	Antitrust statement: Read by Dean
3.	Approval of minutes of last call (July 7): Minutes approved
4.	Ballot Status and discussion:  A clerical error in the numbering of
a section in the document sent out for comments was pointed out by Atsushi
and fixed by Bruce. No restart of the discussion period is necessary. Dean
reminded Bruce to announce the start of the voting period. Tim Crawford said
he is working on the audit criteria for the combined document but will wait
till the 3647 version comes out. Bruce said there would be an interim period
where there would not be audit criteria against the new document. Mike
Reilly said it was ok, under the Microsoft root program rules, to use the
old criteria for now (CA's choice). Mike said that once the ballot passes,
he can reach out to issuers that have audits coming up and discuss options.
A parking lot item was added to discuss a combined audit (section 17.1 (2))
after the ballot passes.  Other parking lot items were also discussed: Ian
mentioned that he's been talking to internal people about high risk requests
(11.5) and would present something soon. Mike said we could likely drop the
insurance requirement (8.5). Tim said this is checked as part of the audit.
Mike said maybe we should leave it in then. This needs further discussion.
For section 7.1, Government CAs audits, they will need the standard audits
(WebTrust, ETSI) in the future. For Section 16.3, Tomas had sent a memo on
the mailing list regarding the CC EAL4+ with suggested new wording. The
topic of short lived certificates by Ian was discussed briefly. These are
used in the Microsoft Store. Tomas said this is also used in the EU for
remote signatures.  Ian asked if a different standard level should be used
for these. Tomas said you have to keep in mind the key generation
requirements. Dean suggested we bring this up on a future call to discuss
5.	Next meeting:  July 30
6.	Adjourn


Dean Coclin




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200811/db6660cf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200811/db6660cf/attachment-0001.p7s>

More information about the Cscwg-public mailing list