[cabfpub] Final minutes July 9, 2015 CA/Browser Forum Teleconference
Dean_Coclin at symantec.com
Fri Jul 24 18:14:50 UTC 2015
Approved Minutes July 9, 2015
Attendees: Atsushi Inaba, Ben Wilson, Billy VanCannon, Bruce Morton, Burak
Kalkan, Davut Tokgoz, Dean Coclin, Doug Beattie, Gerv Markham, Jody
Cloutier, Kirk Hall, Mads Henriksveen, Mat Caughron, Patrick Tonnier, Peter
Miscovic, Rick Andrews, Robin Alden, Tim Hollebeek, Tim Shirley, Volkan
Nergiz, Wayne Thayer, Marcelo Silva, Dimitris Zacharopoulos
1. Antitrust statement was read by Robin Alden
2. Roll Call
3. Review Agenda: No changes to agenda
4. Approve minutes of June 11, 2015 meeting: Minutes approved. Dean
asked for remaining note takers to submit minutes from F2F meeting as there
were still a few sections missing. Robin said he would submit his items
5. Ballot Status: Ballot 149: Voting closes tomorrow and it looks like
it will pass. Domain Validation: Jeremy was not on the call and Ben asked
that we defer this to the Working Group update later in the call. IV OIDs
Ballot 150: This ballot was circulated and a few comments came back which
Dean said he needed to discuss with Jeremy. Kirk suggested that the OID list
online be updated to say "Organizational Validated" rather than "Identity
Verified". Dean to discuss with Jeremy.
6. Microsoft Root Program Updates: Jody joined later in the call and
we reviewed certain provisions that were discussed in Zurich. Jody is
reviewing the open questions on OCSP and subcontractors and is willing to
revise the latter provision. Dean pointed out 2 other areas that could be
interpreted differently. Jody didn't agree with those interpretations but
will be talking to their attorneys to insure there are no ambiguities.
Revised Root Program rules are expected to be published shortly.
7. CNNIC Application: All items were received from CNNIC however
members questioned whether they were licensed in China and the wisdom of
having a CA also be a domain registrar for a TLD. The latter was dismissed
as not being relevant. Regarding the licensing, Gerv said they had a valid
WebTrust audit (where something like this should be checked). Kirk said we
should just ask CNNIC if they believe they should be licensed in China and
explain. Dean said he sent them a note on 6/29 but had not received a
response. Dean sent a follow-up request today. Admission is pending the
answer to the email. [UPDATE: Explanation received from CNNIC after the call
and forwarded to members]
8. IAB Paper on PKI: Bruce discussed a paper he had seen on the IETF
web site. Some members have sent in comments. Kirk asked if such a paper was
typical for the IETF. Rick thought it was.
9. Request to form PAG (Patent Advisory Group): Ryan Sleevi was unable
to join. Dean gave a summary of the PAG per the IPR Policy (section 7) and
referred to Ryan's memo to the public list. He also called for volunteers
and the following came forward: Mat-Apple, Gerv-Mozilla, Ben-Digicert,
Dean-Symantec, Jody-Microsoft. It was assumed that someone from Google will
also join but that is not confirmed. Dean will publish a request to the
membership for other volunteers. The PAG will need to appoint a chair and
convene a meeting. Dean will request that a new mailing list be created.
10. Open SSL Vulnerability: A short discussion ensued on the latest Open
SSL vulnerability. Bruce thought the vulnerability required client
authentication. Gerv said he thought it applied beyond that. Mat agreed. Tim
and Wayne said browsers were unlikely to be affected but other applications
would be. Tim said VPNs would be one example. Bruce said the impact is
limited to those releases that came in June. Mat said Apple products don't
appear to be affected.
11. Working Group Updates: Validation: Ben gave the update. Revised drafts
went out after the last call. Still working on "well known certificate
directory". Need to specify port numbers. Code Signing: Dean said there
were still 1-2 open items that need resolution and we are waiting for some
input from Microsoft. Policy: the working group continues to move forward
reviewing the document. Information Sharing: Meeting tomorrow at 1600 UTC.
12. Other business: Istanbul meeting still on for Oct. 6-8th. Davut
reported that he is finalizing offers from hotels for the meeting in
Istanbul and expects to announce it in 2 weeks. He will provide a lower cost
option that will be nearby for those that wish to choose that. Dean advised
not to book travel until hotels are finalized. The wiki page will be up for
registration shortly. For the Feb 2016 meeting, Dean asked that members
respond to the online poll regarding the exact dates. 19 responses have been
received so far.
13. Next Teleconference July 23rd.
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5747 bytes
Desc: not available
More information about the Public