[Cscwg-public] CSCWG Final minutes for Apr 15, 2021

Dean Coclin dean.coclin at digicert.com
Fri Apr 23 21:20:45 UTC 2021




1.	Roll Call - Adriano Santoni, Andrea Holland, Atsushi Inaba, Bruce
Morton, Corey Bonnell, Dimitris Zacharopoulos, Ian McMillan, Jeff Ward,
Sebastian Schulz, Tomas Gustavsson
2.	Antitrust statement - Bruce read the antitrust statement
3.	Meeting minutes from 8 April 2021 were approved
4.	Cross-sign Roots - Reviewed that the cleanup ballot will address the
cross-sign or roots. It is understood that a 2048-bit root can cross-sign a
4096-bit root for ubiquity. The condition is the cross-certificate must
expire by 31 December 2030. Corey stated concern that there might be
2048-bit roots which expire after 2030 and may have cross-certificates which
also expire after 2030. Corey will provide a message to the mailing list
requesting Microsoft to state their position on this issue.
5.	Certificate Policy OID for Time-stamping - Based on the dedicated
root which will only support certificates which are compliant to the CSBRs,
Bruce has proposed that we create a certificate policy OID for timestamp
certificates. This issue was brought up on the CAB Forum call also on 15
April 2021 and Ryan stated that time-stamping certificates are outside the
scope of the CSCWG. Bruce stated that the CAB Forum has two code signing
documents which address timestamping and the CSCWG is trying to bridge the
gap to support code signing, where there is a timestamping requirement. It
may be argued that timestamp certificates are already in scope or we could
create a Forum ballot to change the CSCWG charter. Dimitris will discuss the
issue with Dean.
6.	Common Criteria requirement - Common Criteria statements in the CSBR
may still not be stated correctly. We need ensure the CC EAL4+ devices are
certificated for key generation and protection. Adriano will provide text to
start the discussion.
7.	CSCWG-6 ballot -  No status update at this time. Ian will prepare
another version of the ballot and provide at a later time.
8.	Clean-up ballot - Bruce has started a clean-up ballot to address
items from the parking lot list and other items which we have an agreed
understanding, but have not addressed in the CSBRs. Bruce is working with
Corey, Tim, Ian and Dimitris and will provide a draft ballot in the next
week or two. The ballot will address items such as SAN, CRL, FIPS 140-2,
Root/SubCA Key size, Cross-certificate, TS SHA-1, and  Interoperability
9.	Any other business

a.	FIPS 140 - Ian discussed just stating FIPS 140 and not including -2.
It was agreed that the CSBRs should state FIPS 140-2 or 140-3. This change
can be made in the clean-up ballot.
b.	Oracle - Ian was able to contact Oracle, but the response on the
expiry of a timestamp certificate was inconclusive on how it impacts the
signature as such, we will not decrease the timestamp certificate expiry
period at the time. Oracle has been requested to test. Ian to follow-up.

10.	Next Meeting Apr 22nd 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210423/b49f7103/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210423/b49f7103/attachment-0001.p7s>

More information about the Cscwg-public mailing list