[cabf_netsec] Draft Minutes of Meeting 3-Aug-2021

Ben Wilson bwilson at mozilla.com
Wed Aug 4 17:04:27 UTC 2021

Here are the draft minutes of yesterday's meeting.

*Present:*  Corey Bonnell, David Kluge, José Guzman, Niko Carpenter, Sean
Bangerter, Steven Deitte, Tim Crawford, Tobias Josefowitz, Tyler Myers,
Trev Ponds-White, Clint Wilson, Ben Wilson, Dustin Hollenbeck

*Overview:* Ben explained to new attendees that this NetSec group has had
subgroups in the past centered on the following topics: Threat Analysis,
Pain Points, and Document Structure. A newer group also exists - the Cloud
Security subgroup.

*Replacement for Neil:*  Clint Wilson will check with his company to see
whether he can chair this group.  Second in line would be David Kluge, and
then Dustin Hollenbeck, if Clint and David cannot.

*Webex Host Backups:*  Ben will reschedule the meeting and see if Webex
will allow anyone to start the meeting. Otherwise, he will add David, Toby,
Clint, Trev and possibly others as users in the Webex account so that they
can help start the meetings.

*Cloud Security Subgroup Update:*  David explained that originally, we
started by performing a component-by-component review of the typical CA
system and focused our work on those CA components and their respective
risks, and then we would review the requirements that we needed to have in
place in a cloud setting to maintain an expected level of security. Then,
at the recent Face-to-Face meeting in June 2021, some browsers expressed a
desire that instead of looking at the substantive requirements, we look at
the modalities and models for performing the audit of the cloud service
provider. As a result, we changed our priorities so that during our most
recent last three calls we have focused on the different audit models that
exist.  Most recently, we have begun preparing a briefing document for the
Server Certificate Working Group on what that model might be. Also, we
decided that it would be best to examine both the components and the audit
models because we need to identify exactly each service that would be

*Ballot SC34:* With Neil gone, Toby needs another endorser for Ballot SC34
(not require manual review of inactive user accounts). Trev will check with
her legal folks and get back to Toby before our next call.

Meeting adjourned.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20210804/0a5f853b/attachment.html>

More information about the Netsec mailing list