From bwilson at mozilla.com Thu Jan 13 21:19:08 2022 From: bwilson at mozilla.com (Ben Wilson) Date: Thu, 13 Jan 2022 14:19:08 -0700 Subject: [cabf_netsec] Minutes of Meeting of 04-January-2022 Message-ID: This email from Miguel got held up in the mailer - Meeting of 04-January-2022 Minute Taker - Miguel Sanchez -Antitrust Statement ready by Clint Wilson -Roll Call: Adam Jones, Clint Wilson, Corey Rasmussen, Daniel Jefferey, David Kluge, Kati Davids, Miguel Sanchez, Prachi Jain, Quan Nham -Agenda Items: - Catch up on Risk Assessment - Switching over to NetSec Working Group - NetSec Working Group - Comments on the ballot (Prachi) - Head?s up - will be starting discussion Period SC52 probably this Thursday -Risk Assessment - Expecting carve out this week for it (Daniel Jeffery) - No major strides - No major concerns. Still on everyone?s radar - Dan sat down to review aspects with Ben Wilson (Mozilla) and Trev (AWS) - Made progress and was helpful - If anyone wants to jump in on tomorrow?s (Wednesday?s) morning session ppl are more than welcome to - Might be better to wait until it comes into shape before sending out to everyone else -NetSec Working Group - Subcommittee working as is until membership in WG gets completed - Subcommittee will continue meeting probably one more time (hopefully last one) and then transition to WG - To join Netsec WG - Email questions at cabforum.org - Intention (company) - Certificate issuer or consumer - ID designated representatives (voting or not) - Clint can?t for now but hoping to join before first actual meeting - Question from Prachi on whether we?ve decided on what to do with the Cloud NetSec Subcommittee? - Haven?t decided yet but imagine that Cloud and Threat Modeling might become subcommittees but haven?t decided yet and will need to have a discussion about this - Need to decide this in the Working Group - Probably will be some overlap - having official subcommittee might help flesh this out -Comments on change (https://github.com/cabforum/servercert/pull/329 ) - Prachi is clarifying the Certificate Management system vs. PKI System - Perhaps having Certificate Management system and Certificate system should encompass PKI system - Anyone else have thoughts around this? - Prachi will take a stab at writing definitions for PKI system and will post on the BR and take it from there - Though might add to the confusion but if overarching term to include all systems then it should be fine - Dan J: might require looking at the BRs and see where PKI System is being used - Clint: Not defined in the BRs and PKI System is only used once. It?s never used in the NSR but we are concerned with how it?s being used in the BR and NSRs - Clint: Original intent was to remove PKI System with existing terms but need to ask CAs how they defined PKI system internally before removing PKI system or defining that term to be comprehensive - Dan J: agreed with Prachi on replacing undefined term (PKI System) with defined term (Certificate Management System, Certificate System, etc.) - Prachi to send a reminder - This discussion will remain with the Server Certificate Working group and will not move over to NetSec WG -Planning to meet as NetSec WG in the next couple of weeks. Still keeping Subcommittee meeting on the calendar for now -Will meet again in two weeks as either subcommittee or WG -------------- next part -------------- An HTML attachment was scrubbed... URL: From bwilson at mozilla.com Mon Jan 17 21:00:10 2022 From: bwilson at mozilla.com (Ben Wilson) Date: Mon, 17 Jan 2022 14:00:10 -0700 Subject: [cabf_netsec] List Changes for Network Security Working Group Message-ID: Because the Network Security Working Group has new membership, the moderation bit has been set for everyone on this list who did not formally indicate their participation in the NetSec Working Group. The list will remain public and accessible here: https://lists.cabforum.org/pipermail/netsec/ . Thanks, Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: From clintw at apple.com Mon Jan 31 17:09:17 2022 From: clintw at apple.com (Clint Wilson) Date: Mon, 31 Jan 2022 09:09:17 -0800 Subject: [cabf_netsec] Discussion Begins: Ballot NS-001: Adopt Network and Certificate System Security Requirements Message-ID: <84EE14C4-148E-49A6-8BFE-A9147734C9AC@apple.com> This email begins the discussion period for Ballot NS-001: Adopt Network and Certificate System Security Requirements PURPOSE OF BALLOT The purpose of this ballot is for the Networking Security Working Group to formally adopt version 1.7 of the Network and Certificate System Security Requirements as currently published by the CA/Browser Forum. MOTION The following motion has been proposed by Clint Wilson of Apple and endorsed by Tim Hollebeek of DigiCert and Ben Wilson of Mozilla. -----Motion Begins----- In accordance with the Bylaws and Intellectual Property Rights (IPR) Policy of the CA/Browser Forum, version 1.7 of the Network and Certificate System Security Requirements are adopted in full. -----Motion Ends----- This ballot proposes a Final Guideline. The procedure for approval of this ballot is as follows: Discussion (7+ days) Start Time: January 31 2022 17:00 UTC End Time: February 07 2022 17:00 UTC Vote for approval (7 days) Start Time: TBD End Time: TBD -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3621 bytes Desc: not available URL: From clintw at apple.com Mon Jan 31 22:49:53 2022 From: clintw at apple.com (Clint Wilson) Date: Mon, 31 Jan 2022 14:49:53 -0800 Subject: [cabf_netsec] Draft Agenda NS WG | February 1, 2022 Message-ID: <6F2398F3-FC3E-474D-848F-CFFDE4556843@apple.com> Draft Agenda NS WG | February 1, 2022 Assign Minute Taker - let me know if you?d like to volunteer Start Recording and Read Antitrust Statement Take Attendance Review Minutes of previous call Doodle Poll - New NS WG Meeting Time https://doodle.com/poll/38en6wmmhfacze2k Cloud Services Subgroup -> Subcommittee? Review ballots in Voting: N/A Review ballots in Discussion: Ballot NS-001: Adopt Network and Certificate System Security Requirements Review proposed ballots: N/A -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3621 bytes Desc: not available URL: