[Cscwg-public] Final Minutes of CSCWG January 14

Dean Coclin dean.coclin at digicert.com
Thu Jan 28 20:08:57 UTC 2021 

 

Here are the final minutes of the subject call:

 

1.	Roll call: Dean Coclin, Atsushi Inaba, Bruce Morton, Daniel Hood,
Tomas Gustavson, Tim Crawford, Corey Bonnell, Sebastian Schulz, Doug
Beattie, Ian McMillan
2.	Antitrust statement: read by Dean
3.	Approval of minutes of last call: Minutes approved
4.	Ballot Status CSCWG-7: Reviewed the current status of the document.
Dean agreed to endorse. Bruce will send to the list and start the discussion
period. 
5.	Open items from last meeting: 

a.	Ian's email from Nov 2nd regarding FIPS Level 2 vs Level 3: Level 2
will be the minimum now according to Ian but will look at Level 3 as more
cloud based key protections are improved. 
b.	Corey's email from 12/17: 

                                                               i.      Ian
agreed that CAs can support SHA1 to respond to revocation requests after the
sunset date. 

                                                             ii.      It's
acceptable to issue SHA1 timestamp certificates until April 30, 2022.

                                                           iii.      EE and
sub CAs must have 3072 keys. Root program rules say new roots must be 4096.
If root already exists, it's ok to issue with existing root but new roots
must be 4096

c.	3072 tokens that meet FIPS: Ian stated devices should be coming to
market in the spring. The group will monitor this effort. Dean said
DigiCert's investigation found some products advertising this capability but
in testing did not meet it 
d.	Tim Crawford: how to audit cloud based key requirements? Ian: key
generation and vault logs can be provided by the subscriber. Tim asked how
this can be standardized. Could they be SOC2? Ian will look into it.
e.	Sebastian: what if a cert is cross signed with an older root? Ian:
as long as existing root doesn't exceed the expiration requirement of 2030,
should be ok.

5.	Next meeting:  Next meeting Jan 28th.
6.	Adjourned

 

 

Dean Coclin

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210128/dd4b91c3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210128/dd4b91c3/attachment.p7s>

More information about the Cscwg-public mailing list