[cabf_netsec] Minutes of Meeting of 04-January-2022

Ben Wilson bwilson at mozilla.com
Thu Jan 13 21:19:08 UTC 2022

This email from Miguel got held up in the mailer -

Meeting of 04-January-2022

Minute Taker - Miguel Sanchez

-Antitrust Statement ready by Clint Wilson

-Roll Call: Adam Jones, Clint Wilson, Corey Rasmussen, Daniel Jefferey,
David Kluge, Kati Davids, Miguel Sanchez, Prachi Jain, Quan Nham

-Agenda Items:

   - Catch up on Risk Assessment
   - Switching over to NetSec Working Group
   - NetSec Working Group
   - Comments on the ballot (Prachi)
   - Head’s up - will be starting discussion Period SC52 probably this

-Risk Assessment

   - Expecting carve out this week for it (Daniel Jeffery)
      - No major strides
      - No major concerns. Still on everyone’s radar
   - Dan sat down to review aspects with Ben Wilson (Mozilla) and Trev (AWS)
      - Made progress and was helpful
      - If anyone wants to jump in on tomorrow’s (Wednesday’s) morning
      session ppl are more than welcome to
      - Might be better to wait until it comes into shape before sending
      out to everyone else

-NetSec Working Group

   - Subcommittee working as is until membership in WG gets completed -
   Subcommittee will continue meeting probably one more time (hopefully last
   one) and then transition to WG
   - To join Netsec WG
      - Email questions at cabforum.org
      - Intention (company)
      - Certificate issuer or consumer
      - ID designated representatives (voting or not)
   - Clint can’t for now but hoping to join before first actual meeting
   - Question from Prachi on whether we’ve decided on what to do with the
   Cloud NetSec Subcommittee?
      - Haven’t decided yet but imagine that Cloud and Threat Modeling
      might become subcommittees but haven’t decided yet and will need
to have a
      discussion about this
      - Need to decide this in the Working Group
      - Probably will be some overlap - having official subcommittee might
      help flesh this out

-Comments on change (https://github.com/cabforum/servercert/pull/329

   - Prachi is clarifying the Certificate Management system vs. PKI System
      - Perhaps having Certificate Management system and Certificate system
      should encompass PKI system
   - Anyone else have thoughts around this?
      - Prachi will take a stab at writing definitions for PKI system and
      will post on the BR and take it from there
      - Though might add to the confusion but if overarching term to
      include all systems then it should be fine
      - Dan J: might require looking at the BRs and see where PKI System is
      being used
         - Clint: Not defined in the BRs and PKI System is only used once.
         It’s never used in the NSR but we are concerned with how it’s
being used in
         the BR and NSRs
         - Clint: Original intent was to remove PKI System with existing
         terms but need to ask CAs how they defined PKI system
internally before
         removing PKI system or defining that term to be comprehensive
         - Dan J: agreed with Prachi on replacing undefined term (PKI
         System) with defined term (Certificate Management System, Certificate
         System, etc.)
         - Prachi to send a reminder
      - This discussion will remain with the Server Certificate Working
   group and will not move over to NetSec WG

-Planning to meet as NetSec WG in the next couple of weeks. Still keeping
Subcommittee meeting on the calendar for now

-Will meet again in two weeks as either subcommittee or WG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20220113/a5c9e75a/attachment.html>

More information about the Netsec mailing list