[Cscwg-public] Final CSCWG minutes of July 30, 2021

Dean Coclin dean.coclin at digicert.com
Thu Aug 12 16:08:39 UTC 2021 

Here are the final minutes of the subject meeting:

 

Attendees:

*	Dean Coclin
*	Atsushi Inaba
*	Iñigo Barreira
*	Andrea Holland (SecureTrust)
*	Roberto Quiñones
*	Sebastian Schulz (GlobalSign)
*	Bruce Morton
*	Corey Bonnell
*	Dimitris Zacharopoulos
*	Karthik Ramasamy
*	Tim Hollebeek
*	Vikas Khanna

 

First item

*	Anti-Trust statement read

 

Next item, review previous meeting minutes

*	meeting minutes from July 15th session, sent out by Bruce on July
20th 
*	No objections to minutes as captured. Approved for publishing

 

Next item, CSBR 2.0 Web Trust audit ballot

 

*	Bruce sent out email proposing limits on using the old standard and
clarifications from combination of the two audit criteria documents.
*	Limit old criteria for audit periods starting before Nov 1, 2020
*	No response to the email
*	To make the ballot Bruce will need 2 endorsers
*	Bruce shared emailed that was sent on 2021-July-20 which include the
added items highlighted
*	Added wording “For Audit Periods starting before 1 November 2020” in
alignment with direction that WebTrust is taking
*	Added a new item (#3) stating “WebTrust for CAs v2.0 or newer” AND
“WebTrust for Certification Authorities – Code Signing Baseline Requirements
v2.0 or newer”
*	Dean: asked for comments from anyone on the call. And for anyone
interesting in endorsing the ballot
*	Dean: is this clear or time needed to study this?
*	Sebastian:  its clear, no need for more time to study. GlobalSign
will endorse
*	Iñigo: Sectigo will also endorse
*	Bruce: he can send out in the form of a ballot today or tomorrow for
the discussion period.
*	Dean: was there any feedback from Microsoft?
*	Bruce: only comments were from Ben, from the errors he was getting
in CCADB
*	Vikas: trying to understand the context. This ballot is saying which
audit criteria should apply?
*	Bruce: we currently have items 1, 2, 4 and 5 (as described in the
email from 2021-July-20). This clarification removes 1 and 2 and combines
them into item 3. Moving forward one report will cover non-EV and EV
*	Vikas: will existing items 1 and 2 stay in the document?
*	Bruce: for now it will stay and when the year is over, a new ballot
can be submitted to remove this text
*	Vikas: when was the combined criteria published?
*	Dean: per website, version 2 effective date September 2nd 2020
*	Bruce: the November date is based on what WebTrust published. We are
leaving open so you can adopt item 3 sooner and start to phase 1 and 2 out.

 

Next item, Ballot CSC-9

 

*	In discussion period. Its been greater than 7 days. No comments to
change it. Only comments were for items that can  be addressed in separate
ballot
*	There was a lot of discussion and review so none were expected
during discussion period
*	Bruce will publish for voting today. Will be out office next week,
asking that Dean please monitor results and send reminder

If it passes, Bruce will documents the following Monday night

 

Next item,  moving CSBR to new format

 

*	Dean: was this covered in the last meeting?
*	Corey: Dimitris created spreadsheet in Google docs with the mappings
needed from old to new document, to track each section as it gets migrated. 
*	Dimitris: the idea is that some will be easy to migrate and the
mappings are clear. Others might require breaking up sections. Focus on the
easy ones, then work on the more difficult areas.  
*	Anyone that wants to help, send Dimitris google email address and he
can grant edits access

 

Next item, other business

 

*	Dean: There was a meeting about the signing service and how we will
handle that. What was the result?
*	Bruce: Plan is to NOT create a subcommittee. Current team is small,
and most would probably join. Instead create separate session , maybe 2 hour
meeting to move this along
*	Move next session to September, some folks out on vacation this
month.
*	Call for any other business to discuss. Nothing more, meeting
adjourned at 09:25 PST

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210812/48df4671/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210812/48df4671/attachment-0001.p7s>

More information about the Cscwg-public mailing list