From bwilson at mozilla.com Thu Jan 13 21:19:08 2022 From: bwilson at mozilla.com (Ben Wilson) Date: Thu, 13 Jan 2022 14:19:08 -0700 Subject: [cabf_netsec] Minutes of Meeting of 04-January-2022 Message-ID: This email from Miguel got held up in the mailer - Meeting of 04-January-2022 Minute Taker - Miguel Sanchez -Antitrust Statement ready by Clint Wilson -Roll Call: Adam Jones, Clint Wilson, Corey Rasmussen, Daniel Jefferey, David Kluge, Kati Davids, Miguel Sanchez, Prachi Jain, Quan Nham -Agenda Items: - Catch up on Risk Assessment - Switching over to NetSec Working Group - NetSec Working Group - Comments on the ballot (Prachi) - Head?s up - will be starting discussion Period SC52 probably this Thursday -Risk Assessment - Expecting carve out this week for it (Daniel Jeffery) - No major strides - No major concerns. Still on everyone?s radar - Dan sat down to review aspects with Ben Wilson (Mozilla) and Trev (AWS) - Made progress and was helpful - If anyone wants to jump in on tomorrow?s (Wednesday?s) morning session ppl are more than welcome to - Might be better to wait until it comes into shape before sending out to everyone else -NetSec Working Group - Subcommittee working as is until membership in WG gets completed - Subcommittee will continue meeting probably one more time (hopefully last one) and then transition to WG - To join Netsec WG - Email questions at cabforum.org - Intention (company) - Certificate issuer or consumer - ID designated representatives (voting or not) - Clint can?t for now but hoping to join before first actual meeting - Question from Prachi on whether we?ve decided on what to do with the Cloud NetSec Subcommittee? - Haven?t decided yet but imagine that Cloud and Threat Modeling might become subcommittees but haven?t decided yet and will need to have a discussion about this - Need to decide this in the Working Group - Probably will be some overlap - having official subcommittee might help flesh this out -Comments on change (https://github.com/cabforum/servercert/pull/329 ) - Prachi is clarifying the Certificate Management system vs. PKI System - Perhaps having Certificate Management system and Certificate system should encompass PKI system - Anyone else have thoughts around this? - Prachi will take a stab at writing definitions for PKI system and will post on the BR and take it from there - Though might add to the confusion but if overarching term to include all systems then it should be fine - Dan J: might require looking at the BRs and see where PKI System is being used - Clint: Not defined in the BRs and PKI System is only used once. It?s never used in the NSR but we are concerned with how it?s being used in the BR and NSRs - Clint: Original intent was to remove PKI System with existing terms but need to ask CAs how they defined PKI system internally before removing PKI system or defining that term to be comprehensive - Dan J: agreed with Prachi on replacing undefined term (PKI System) with defined term (Certificate Management System, Certificate System, etc.) - Prachi to send a reminder - This discussion will remain with the Server Certificate Working group and will not move over to NetSec WG -Planning to meet as NetSec WG in the next couple of weeks. Still keeping Subcommittee meeting on the calendar for now -Will meet again in two weeks as either subcommittee or WG -------------- next part -------------- An HTML attachment was scrubbed... URL: From bwilson at mozilla.com Mon Jan 17 21:00:10 2022 From: bwilson at mozilla.com (Ben Wilson) Date: Mon, 17 Jan 2022 14:00:10 -0700 Subject: [cabf_netsec] List Changes for Network Security Working Group Message-ID: Because the Network Security Working Group has new membership, the moderation bit has been set for everyone on this list who did not formally indicate their participation in the NetSec Working Group. The list will remain public and accessible here: https://lists.cabforum.org/pipermail/netsec/ . Thanks, Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: