[cabfpub] Notes of meeting, CAB Forum, 4 April 2013

Ben Wilson ben at digicert.com
Tue Apr 23 17:46:54 UTC 2013

Here are the notes from our penultimate telephone call, held 4 April 2013.
Item 14 was amended from the draft minutes to clarify that the draft white
paper had been circulated to the code signing working group and not the CABF
as a whole.


1.                   Present:  Rick Andrews, Atsushi Inaba, Dean Coclin,
Robin Alden , Steve Roylance, Wayne Thayer, Gerv Markham , Ben Wilson, Rich
Smith, Phil Hallam-Baker


2.                   Agenda review:  The agenda was not sent out ahead of
time due to a mix-up but was announced at the start of the meeting.


3.                   Approve Minutes of 21 March 2013:  The minutes of 21
March 2013 were approved as published.


4.                   Review of Ballots:  There are no outstanding ballots.


5.                   Latest Version of BR 1.1.3 on website: Wayne was
requested to place latest version on the website. (Was completed after the
call). Steve asked if we are moving away from the “errata” system and going
towards point releases. Ben said that every ballot will produce a new point
release and the “errata” will be shown in each subsequent release. These
will be pdf files.


6.                   Ballot to add DSA into Baseline Requirements Appendix
A: Rick is looking for a second endorser to his proposed ballot. Robin asked
to see the ballot and he would consider endorsing. 


7.                   NIST Workshop:  Ben is preparing slides for the NIST
meeting on behalf of the CABF. Several members will meet for dinner on
Tuesday night before the conference.


8.                   EV SSL Guidelines: Rick said he hasn’t received any
comments since the face to face meeting. He will put to a ballot if no other
comments are received. 


9.                   Technical Constraints on sub CAs: Steve asked for
members to review the language in the email he sent out and respond with
comments. He will format it as a ballot shortly.


10.               Code Signing Working Group: Dean gave an update on the
CSWG. A notice for public participation was posted but no one has responded
from outside the CABF. The first meeting was held where it was agreed to set
the high level goal as: “Prepare Baseline Requirements to reduce the
incidence of signed malware”. The group will initially research the causes
of signed malware by reviewing recent incidents and also reviewing best
practices that may already exist from places like NIST, OTA, “Stop badware”,
as well as code signing guidelines from Microsoft and Mozilla. The working
group will meet in Munich on June 13th.


11.               Munich Meeting: Symantec will provide a website for
participants to register for the conference and to reserve hotel rooms. We
were able to secure a hotel not far from the office and it looks like about
25 participants will attend. Symantec will hold rooms at the hotel for those
that register. Members can pay with their own credit card upon checkout.
Agenda to follow.


12.               IETF:  Phil stated that the “must staple” draft has been
renamed. There are also drafts on “Multi-stapling” and “Cached credentials
for TLS”. 


13.               Status of website rewrites:  Dean stated that most of the
material is up on the wiki and encouraged a smaller group to get together to
complete the updates. We will need Wayne’s help to complete the task and we
might want to take a ½ day in Munich to get peer review of all the


14.               Code Signing and NIST Meeting: Phil wrote a white paper
which he circulated to the Code Signing Working Group which is basically a
“problem statement”.  Every platform has a different approach and developers
have to learn how to sign code for multiple platforms. Phil said there
really isn’t a forum that “owns” code signing as an infrastructure. Dean
said that the CABF CSWG was setup to address this.


15.                Meeting adjourned until the next call – Thursday, 18
April, 2013.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130423/90236838/attachment-0002.html>

More information about the Public mailing list