[cabfpub] Potential F2F Topics

Tue Oct 11 10:47:14 UTC 2016

I think the discussion would be better led by somebody who is more
motivated to solve the policy issues relating to redaction.  Rick just
posted a lengthy message about Recourse for domain owners, so I nominate
him.  ;-)

As Ryan noted, redaction will undoubtedly come up in the Browser News
slot anyway, so we might not need to have a separate slot to discuss
redaction.

On 10/10/16 22:32, Dean Coclin wrote:
> Yes, there are open slots and I can add it. Assume you will lead the discussion.
> 
> Dean
> 
> -----Original Message-----
> From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Rob Stradling via Public
> Sent: Monday, October 10, 2016 5:30 PM
> To: Peter Bowen <pzb at amzn.com>; CABFPub <public at cabforum.org>
> Subject: Re: [cabfpub] Potential F2F Topics
> 
> Are there still any slots to fill?  I think it would be good to discuss the way forward (if indeed there is one!) for CT domain redaction.
> 
> On 01/10/16 17:00, Peter Bowen wrote:
>> I haven’t seen much recent activity on topics for the F2F.  It looks like we still have most of the second day with placeholders to be filled in.
>>
>> I would like to suggest two topics:
>>
>> 1) Non-FIPS algorithms for customer public keys and certificate 
>> signing
>>
>> The Baseline Requirements current primarily use the Federal Information Processing Standards (FIPS) published by the United States National Institute of Standards and Technology as a reference for hash and digital signature algorithms.  A number of groups are doing work on new algorithms that are not likely to be memorialized in a FIPS or will take a very long time to do so.  These include EdDSA (including Ed25519 and Ed448) from Dan Bernstein and the IRTF/IETF, SM2 & SM3 from the China Office of State Commercial Cryptography Administration, GOST R 34.10-2012 from the Euroasian Interstate Council for Standardization, Metrology and Certification, and ECGDSA from Germany, and ECKCDSA from Korea.  Additionally there are “Post-Quantum” algorithms coming down the pipeline that will arrive at some future point.
>>
>> How do we want to handle these?  What requirements should be in place before we added these to the BRs and allow CAs start to utilize these?
>>
>>
>> 2) Network and Certificate Systems Security Requirements
>>
>> The Network and Certificate Systems Security Requirements (NCSSR) were discussed at the last F2F but it was kind of dropped.  What challenges are CAs finding?  Are there places where they are not clear or where they can be interpreted to ban practices the Forum feels are appropriate?  As they are a separate document from the BRs, do trust store maintainers expect that all CAs (whether for SSL or not) are audited as meeting the requirements or do they only apply to “SSL” CAs?
>>
>> Ideally members would send data on their experiences ahead of time so we can have a productive discussion.
> 
> --
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> 

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
  3rd Floor, 26 Office Village, Exchange Quay,
  Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed.  If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.