[cabfpub] Revised draft F2F Agenda for Shanghai meeting

Mon Oct 1 12:31:44 MST 2018

I'm not sure I understand that question - I've offered several explanations
on the list and the call. Perhaps the confusion is coming from the
conflicting approaches from what was requested to how it'd been originally
scheduled.

I'm not sure when you've spoken with the auditor representatives, but given
that they're active on the list, perhaps it might be a good chance to hear
from them first hand. I've had conversations with both WebTrust and ETSI
folks in the past week as well regarding the topic, so perhaps you're
working on outdated information? In any event, having them chime in
directly can help resolve issues better than indirectly, especially when we
know some of the messaging was lost previously.

As I've offered several times now, on the call and the list, the goal is to
examine our current state of audits - by exploring how we got here, the
objectives that browsers have with audits, the similarities and differences
that the two approaches take in terms of assessment, reporting, and auditor
qualifications, and arriving at an interoperable set of understanding,
vocabulary, and expectations reflecting this. Because it is intended to be
a breadth survey, and because its value is driven by taking a holistic look
at these two approaches rather than our traditional depth-first exercises,
it's necessary to treat this holistically as a single presentation.
Following the presentation, I think there will be ample room for discussion
to make sure that there is a collective understanding and agreement about
the artifacts produced and their suitability for various purposes (whether
regulatory, for inclusion in browser programs, or for membership
recognition).

Wayne's examination that follows then maps these various artifacts, as best
as possible, to the browser inclusion process and timeline, with the goal
of providing greater clarity of expectations in a way that harmonizes
across both programs.

This is why I think the auditor presentations having the opportunity to
follow will greatly benefit their reception and their discussion - by
having arrived at a common vocabulary that works for all of the various
constituencies, and a common understanding of goals and expectations,
taking a depth-first examination of the present and future auditor
offerings will help map onto the discussions that precede or to call out
differences that are more minute than the broad stroke approach. It will no
doubt also help further understanding about the pending changes and their
significance - the contextualization of, say, WebTrust for RAs or the work
on TS 119 403-2 and 403-3.

On Mon, Oct 1, 2018 at 3:04 PM Kirk Hall <Kirk.Hall at entrustdatacard.com>
wrote:

> Actually, the auditor representatives asked me what your presentation “Discussion
> of current state of audits and membership requirements” will cover, and I
> said I didn’t know.
>
>
>
> Do you have any more details?  Is this a lecture-style presentation, or
> will this be an interactive presentation where the auditor reps can offer
> their responses and suggestions?  It may be most useful to get feedback
> from the auditor reps on specific issues as we go along.
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Monday, October 1, 2018 11:11 AM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>
> *Cc:* CABFPub <public at cabforum.org>
> *Subject:* [EXTERNAL]Re: [cabfpub] Revised draft F2F Agenda for Shanghai
> meeting
>
>
>
> Thanks for clarifying.
>
>
>
> That's unfortunate, because having the time following would provide a lot
> more flexibility for the representatives to adjust their conversations to
> the discussion topics and questions raised, providing greater clarity and
> direction. Presuming the presentations are similar in content and structure
> to our past F2F, as they have been, will leave a lot of missed opportunity
> for clarity on the table.
>
>
>
> On Mon, Oct 1, 2018 at 1:52 PM Kirk Hall <Kirk.Hall at entrustdatacard.com>
> wrote:
>
> I checked with the WebTrust and ETSI reps, and they don’t think it would
> be a good idea to move their 15 minute “refresher” course presentations to
> time slots after the presentations by you and Wayne – their purpose in
> doing a refresher presentation on existing WebTrust and ETSI reports is to
> help the Members get more out of the following presentations from you and
> Wayne.
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Sunday, September 30, 2018 5:50 PM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CABFPub <
> public at cabforum.org>
> *Subject:* [EXTERNAL]Re: [cabfpub] Revised draft F2F Agenda for Shanghai
> meeting
>
>
>
> On Fri, Sep 28, 2018 at 9:20 PM Kirk Hall via Public <public at cabforum.org>
> wrote:
>
> Here is an updated Agenda for the Shanghai F2F meeting in just over two
> weeks.  The draft is based on time requests from different discussion
> leaders, and as you see the meeting runs too long on Thursday.  I am going
> to check with discussion leaders to see if they really need all the time
> they have requested, and will likely make adjustments to this draft.
>
>
>
> If you have suggestions or requests, please let me know.
>
>
> Tuesday, 16 October 2018 - Working Group and Subcommittee Meetings
>
> Start
>
> Stop
>
> Slot
>
> Description
>
> Discussion Leader / Notes
>
> 8:00
>
> 9:00
>
> Meeting room open
>
> 8:30
>
> 9:00
>
> Breakfast - Continental
>
> 9:00
>
> 9:15
>
> Welcome, Preliminary Matters, Logistics, Antitrust Statement
>
> Yi, Kirk
>
> 9:15
>
> 10:15
>
> 1
>
> Forum Infrastructure Working Group Meeting
>
> Jos
>
> 10:15
>
> 10:35
>
> Break
>
> 10:35
>
> 12:00
>
> 2
>
> Forum Committee of the Whole: Governance and Bylaws Issues Pre-meeting (1)
> Governance WG or Subcommittee, (2) Review Bylaws Change List
>
> Ben, Jos, Dimitris
>
> 12:00
>
> 12:45
>
> Lunch
>
> 12:45
>
> 14:15
>
> 3
>
> SCWG Network Security Subcommittee
>
> Ben
>
> 14:15
>
> 14:35
>
> Break
>
> 14:35
>
> 16:35
>
> 4
>
> SCWG Validation Subcommittee
>
> Tim
>
> 16:35
>
> Adjourn
> Wednesday, 17 October 2018 - Plenary Meeting (Day 1)
>
> Start
>
> Stop
>
> Slot
>
> Description
>
> Discussion Leader / Notes
>
> 8:00
>
> 9:00
>
> Meeting room open
>
> 8:30
>
> 9:00
>
> Breakfast - Continental
>
> 9:00
>
> *Call to Order and Welcome - CA/Browser Forum Plenary Meeting*
>
> Kirk, Yi
>
> 9:00
>
> 9:15
>
> Recap of Preliminary Matters, Logistics, Antitrust Statement, Assign
> Minute Taking
>
> Yi, Kirk
>
> 9:15
>
> 9:30
>
> 1
>
> Report from Forum Infrastructure Working Group
>
> Jos
>
> 9:30
>
> 9:50
>
> 2
>
> Report on Governance Change, Bylaws Issues: (1) Governance WG or
> Subcommittee, (2) Review Bylaws Change List
>
> Ben, Jos, Dimitris
>
> 9:50
>
> 10:05
>
> 3
>
> Potential Amendments to SCWG Charter
>
> Dimitris, Tim
>
> 10:05
>
> 10:35
>
> 4
>
> Creation of additional Working Groups - Code Signing
>
> Ben
>
> 10:35
>
> 10:50
>
> Break
>
> 10:50
>
> 11:20
>
> 5
>
> Creation of additional Working Groups - Secure Mail; Other
>
> Ben
>
> 11:20
>
> 11:30
>
> 6
>
> Pending Forum Ballots
>
> Kirk
>
> 11:30
>
> Adjourn CA/Browser Plenary Meeting
>
> Kirk
>
> 11:30
>
> *Call to Order - Server Certificate Working Group Plenary Meeting*
>
> Kirk
>
> 11:30
>
> 11:35
>
> Assign Minute Taking
>
> Kirk
>
> 11:35
>
> 11:55
>
> 7
>
> Opera Root Program Update
>
> Tomasz
>
> 11:55
>
> 12:15
>
> 8
>
> Mozilla Root Program Update
>
> Wayne
>
> 12:15
>
> 12:45
>
> Lunch
>
> 12:45
>
> 13:05
>
> 9
>
> Microsoft Root Program Update
>
> Mike
>
> 13:05
>
> 13:25
>
> 10
>
> Google Root Program Update
>
> Ryan
>
> 13:25
>
> 13:45
>
> 11
>
> Cisco Systems Root Program Update
>
> J.P.
>
> 13:45
>
> 14:05
>
> 12
>
> Apple Root Program Update
>
> Geoff
>
> 14:05
>
> 14:25
>
> 13
>
> 360 Root Program Update
>
> Iñigo
>
> 14:25
>
> 14:55
>
> 14
>
> WebTrust Update
>
> Jeff
>
> 14:55
>
> 15:15
>
> Break
>
> 15:15
>
> 15:45
>
> 15
>
> ETSI Update
>
> Arno, Phillipe
>
> 15:45
>
> 16:00
>
> 16
>
> Report from SCWG Validation Subcommittee
>
> Tim
>
> 16:00
>
> 16:30
>
> 17
>
> Improving validation for identity certificates
>
> Tim
>
> 16:30
>
> 16:40
>
> Announcements, Evening Social Event
>
> Kirk, Yi
>
> 16:40
>
> Adjourn
>
> Evening: Group Social Event -- details to be provided later
> Thursday, 18 October 2018 - Plenary Meeting (Day 2)
>
> Start
>
> Stop
>
> Slot
>
> Description
>
> Discussion Leader / Notes
>
> 8:00
>
> 9:00
>
> Meeting room open
>
> 8:30
>
> 9:00
>
> Breakfast - Continental
>
> 9:00
>
> *Continuation of Server Certificate Working Group Plenary Meeting*
>
> Kirk
>
> 9:00
>
> 9:15
>
> Recap of Preliminary Matters, Logistics, Antitrust Statement, Assign
> Minute Taking
>
> Yi, Kirk
>
> 9:15
>
> 10:15
>
> 18
>
> Report from SCWG Network Security Subcommittee
>
> Ben
>
> 10:15
>
> 10:35
>
> Break
>
> 10:35
>
> 10:55
>
> 19
>
> Report from SCWG Network Security Subcommittee (continued)
>
> Ben
>
> 10:55
>
> 11:25
>
> 20
>
> Update on London Protocol
>
> Chris
>
> 11:25
>
> 12:25
>
> 21
>
> Report on Name Clash Service
>
> Daymion
>
> 12:25
>
> 12:55
>
> Lunch
>
> 12:55
>
> 13:55
>
> 22
>
> Potential changes to server certificate issuance processes for increased
> transparency
>
> Daymion
>
> 13:55
>
> *Discussion of Audit Terminology, Problems, Ideal Life Cycle for Root CA
> Audits*
>
> 13:55
>
> 14:10
>
> 23
>
> (a) Types of audits/reports under WebTrust
> <https://www.cabforum.org/wiki/WebTrust> and their terminology
>
> Jeff, Don
>
> 14:10
>
> 14:25
>
> 24
>
> (b) Types of audits/reports under ETSI and their terminology
>
> Arno, Clemens, Phillipe
>
> 14:25
>
> 15:15
>
> 25
>
> (c) Discussion of current state of audits and membership requirements
>
> Ryan
>
> 15:15
>
> 15:30
>
> Break
>
> 15:30
>
> 16:10
>
> 26
>
> (c) Discussion of current state of audits and membership requirements
> (continued)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20181001/ad5aaaed/attachment-0001.html>