[Cscwg-public] Final minutes of CSCWG Sept 10th

Dean Coclin dean.coclin at digicert.com
Thu Sep 24 13:56:21 MST 2020 

Here are the final minutes of the subject call:

 

1.	Roll call: Dean Coclin, Tim Crawford, Atsushi Inaba, Tim Callan,
Bruce Morton, Daniela Hood, Tomas Gustavson, Karthik Ramasamy, Hugh Mercer,
Ian McMillan, Dimitris Zacharopoulos
2.	Antitrust statement: Read by Dean
3.	Approval of minutes of last call (August 27th): Minutes approved and
will be sent to public list
4.	Discuss key size changes coming up in Jan 2021 -Dean raised this
item on the list and asked what the appetite was to moving it to later in
the year to avoid lockdown and holiday periods. Ian stated that Microsoft
was already issuing these certs and was curious if there were technical
issues. Dimitris said that some HSM devices do not support 3072 keys and
cited a Yubikey 5 as an example. Hugh also mentioned some issues. Ian
mentioned cloud protected devices as an option as they already support this
key size. At the end of the discussion, Dean proposed moving the date to the
end of the 1st quarter. After further discussion around availability of
popular products, it was agreed to move it to end of 2nd quarter 2021. Dean
will propose a ballot. Dimitris asked if there was a plan to deprecate the
P-256 curves. Ian said not now. But Ian did propose to eliminate the use of
software based keys for code signing and will propose a ballot for
discussion.
5.	EV vs. Non-EV items- Bruce presented the attached document where he
looked through the BRs with an eye toward examining the differences for EV
vs non EV requirements and where they can be merged. The team reviewed
sections about ½ way through the document before running out of time. This
will be taken up at a future call. Bruce was asked to excerpt the relevant
items to a spreadsheet to make it an easy reference for reviewers. 
6.	Passage of CSCWG-2: Updates to website and wiki were made although
there is an issue with the update showing up under the CS Working Group
page. Jos Purvis will look at that.
7.	Next meeting:  Sept 24th. We are planning a discussion around high
risk requests on this date. Please contact Dean if you have someone that
wants to speak on this issue so they can be added to the agenda.
8.	Adjourn

 

Dean Coclin

CSCWG Chair

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200924/8c58bd38/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline Requirements for the Issuance and Management of Code Signing.v.2.0_NonEVvsEV v2.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 129533 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200924/8c58bd38/attachment-0001.docx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200924/8c58bd38/attachment-0001.p7s>

More information about the Cscwg-public mailing list