[cabf_netsec] NetSec Working Group Meeting Minutes 2022-02-15

Paul van Brouwershaven Paul.vanBrouwershaven at entrust.com
Thu Feb 17 13:52:55 UTC 2022

Glad to see that there is an opportunity to move this meeting to a better time slot for those in Europe.

If we move to the Tuesdays, would it be possible to schedule the meeting during the even weeks (instead of the current odd weeks)? There is a PKI Consortium<https://pkic.org/> meeting at the same time during the odd weeks.

From: Netsec <netsec-bounces at cabforum.org> on behalf of Dustin Hollenback via Netsec <netsec at cabforum.org>
Sent: Thursday, February 17, 2022 05:50
To: CABF Network Security List <netsec at cabforum.org>
Subject: [EXTERNAL] [cabf_netsec] NetSec Working Group Meeting Minutes 2022-02-15

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

Clint Wilson leading the meeting.

Dustin Hollenback volunteered to take minutes.

Clint Wilson read the anti-trust statement

Attendees: Adam Jones (Microsoft), Antti Backman (Telia Company), Ben Wilson (Mozilla), Christophe Bonjean (GlobalSign), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Curt Spann (Apple), Daniel Jeffery (Fastly), Daryn Wright (GoDaddy), David Kluge (Google), Don Sheehy (WebTrust), Dustin Hollenback (Microsoft), Heather Warnke (Amazon Trust Services), Israel Ventura (US Federal PKI), Jillian Karner (Let’s Encrypt / ISRG), Joanna Fox (TrustCor), Jozef Nigut (Disig), Marcelo Silva (Visa), Thomas Connelly (US Federal PKI), Tim Crawford (WebTrust), Prachi Jain (Fastly), Rebecca Kelley (Apple), Ruben Annemans, Tobias Josefowitz (Opera), Tony Seymour (Comsign), Trevoli Ponds-White (Amazon Trust Services)

Discussion of previous meeting minutes. Daniel Jeffery sent minutes from previous meeting. There were no objections to the 2022-02-01 meeting minutes. Minutes approved.

Discussion of a new recurring meeting time and the Doodle poll

  *   Tuesdays at 8 a.m. Pacific time (4 pm UTC) was the most popular option
  *   Wednesday at the same time was also popular
  *   Clint Wilson asked if there were any objections to setting the meeting time to Tuesdays at 8 a.m. Pacific time (4 pm UTC) and there were no concerns raised by the group. The new time will be Tuesdays at 8 a.m. PST / 4 p.m. UTC. Clint will send an updated meeting invite for the new time slot.

Discussion about upcoming meetings. The next meeting is a week after the f2f. Clint Wilson asked if we should continue to have our scheduled meeting, which is a week after the f2f. There were no objections with keeping the scheduled meeting in 2 weeks on the calendar.

Discussion of Ballot NS-001

  *   This is expected to pass and has a few hours before the voting period ends
  *   There is a 60 day review period before adopting the NCSSRs
  *   There were no questions or comments about the ballot

Cloud Services Subcommittee update

  *   The subcommittee is working on risk assessment guidelines
     *   https://docs.google.com/spreadsheets/d/1cmiJMnt-elXyi64F-NouJRnUt_ObN_9P0-yIo8i0AOE/edit#gid=93244111<https://urldefense.com/v3/__https://docs.google.com/spreadsheets/d/1cmiJMnt-elXyi64F-NouJRnUt_ObN_9P0-yIo8i0AOE/edit*gid=93244111__;Iw!!FJ-Y8qCqXTj2!Mbo24tW5yPrlBk28yyrFAUlTttQsShVnuSpMiPL6EJHfKQI-43idXvxcTVpwKocx3Pip1kM1HQ$>
  *   Daniel Jeffery mentioned that the methodology has shifted a bit and that it feels like there is good progress.
  *   Davide Kluge agreed that the methodology feels good. We’ll continue to make progress.
  *   Clint Wilson mentioned that once assets and risks are identified, we’ll reach out to the larger audience for feedback.
  *   Dustin Hollenback mentioned a discussion in the most recent subcommittee meeting about the subcommittee scope. The Cloud Services Subcommittee is focusing on the Risk Assessment now. Clint Wilson mentioned that the active work is security related. While the subcommittee has not been formally established yet, Clint will propose a ballot to establish the subcommittee and include a recommended name for the subcommittee. There was agreement among multiple commenters and some suggestions on names.
  *   Ben Wilson mentioned that there are 2 ballots that he would still like to work on: 1) Zones ballot and 2) Offline air gapped CA ballot. Clint Wilson asked if these were being introduced now that there has been more progress on the Risk Assessment. Ben said that he did not need to wait for the finalized Risk Assessment. Trevoli Ponds agreed that we do not need to wait for the final Risk Assessment. Clint will add the ballot discussion to the next meeting agenda. Trev and Clint discussed that these could possibly be discussed at the f2f, but can wait until the next meeting if there’s not enough time.

F2F discussion:

  *   Clint Wilson mentioned that the NetSec working group meeting was removed from the f2f agenda and the only NetSec presentation will be the Summary presentation about the past year progress and next year plan.
  *   Clint asked if he should attempt to get time back at f2f. Daniel Jeffery suggested that we could work on Risk Assessment as an ad hoc discussion on Thursday that won’t have a formal time slot. Daniel will coordinate the ad hoc meeting once we agree to meet. Ben Wilson suggested sending details to NetSec mailing list that includes all group members.
  *   There was a short discussion about in-person versus remote attendees and a large majority of the NetSec members attending will be remote.
  *   There were no other comments about adding content to the f2f agenda so Clint will not ask for more time.

Meeting adjourned.

Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20220217/49d5ed1a/attachment.html>

More information about the Netsec mailing list