[cabfpub] Revised draft F2F Agenda for Shanghai meeting
Kirk Hall
Kirk.Hall at entrustdatacard.com
Mon Oct 1 12:46:20 MST 2018
Thanks for the explanation – that helps, and offers more details than were previously available.
The auditors’ 15-minute “refresher” preparations will work very well before your presentation and Wayne’s presentation (which are 90 minutes each) to make your presentations more meaningful and understandable to the members. The auditor presentations will be prepared in advance, meaning it won’t be possible for them to rewrite them after hearing your presentation and Wayne’s.
From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Monday, October 1, 2018 12:32 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>
Cc: CABFPub <public at cabforum.org>
Subject: [EXTERNAL]Re: [cabfpub] Revised draft F2F Agenda for Shanghai meeting
I'm not sure I understand that question - I've offered several explanations on the list and the call. Perhaps the confusion is coming from the conflicting approaches from what was requested to how it'd been originally scheduled.
I'm not sure when you've spoken with the auditor representatives, but given that they're active on the list, perhaps it might be a good chance to hear from them first hand. I've had conversations with both WebTrust and ETSI folks in the past week as well regarding the topic, so perhaps you're working on outdated information? In any event, having them chime in directly can help resolve issues better than indirectly, especially when we know some of the messaging was lost previously.
As I've offered several times now, on the call and the list, the goal is to examine our current state of audits - by exploring how we got here, the objectives that browsers have with audits, the similarities and differences that the two approaches take in terms of assessment, reporting, and auditor qualifications, and arriving at an interoperable set of understanding, vocabulary, and expectations reflecting this. Because it is intended to be a breadth survey, and because its value is driven by taking a holistic look at these two approaches rather than our traditional depth-first exercises, it's necessary to treat this holistically as a single presentation. Following the presentation, I think there will be ample room for discussion to make sure that there is a collective understanding and agreement about the artifacts produced and their suitability for various purposes (whether regulatory, for inclusion in browser programs, or for membership recognition).
Wayne's examination that follows then maps these various artifacts, as best as possible, to the browser inclusion process and timeline, with the goal of providing greater clarity of expectations in a way that harmonizes across both programs.
This is why I think the auditor presentations having the opportunity to follow will greatly benefit their reception and their discussion - by having arrived at a common vocabulary that works for all of the various constituencies, and a common understanding of goals and expectations, taking a depth-first examination of the present and future auditor offerings will help map onto the discussions that precede or to call out differences that are more minute than the broad stroke approach. It will no doubt also help further understanding about the pending changes and their significance - the contextualization of, say, WebTrust for RAs or the work on TS 119 403-2 and 403-3.
On Mon, Oct 1, 2018 at 3:04 PM Kirk Hall <Kirk.Hall at entrustdatacard.com<mailto:Kirk.Hall at entrustdatacard.com>> wrote:
Actually, the auditor representatives asked me what your presentation “Discussion of current state of audits and membership requirements” will cover, and I said I didn’t know.
Do you have any more details? Is this a lecture-style presentation, or will this be an interactive presentation where the auditor reps can offer their responses and suggestions? It may be most useful to get feedback from the auditor reps on specific issues as we go along.
From: Ryan Sleevi [mailto:sleevi at google.com<mailto:sleevi at google.com>]
Sent: Monday, October 1, 2018 11:11 AM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com<mailto:Kirk.Hall at entrustdatacard.com>>
Cc: CABFPub <public at cabforum.org<mailto:public at cabforum.org>>
Subject: [EXTERNAL]Re: [cabfpub] Revised draft F2F Agenda for Shanghai meeting
Thanks for clarifying.
That's unfortunate, because having the time following would provide a lot more flexibility for the representatives to adjust their conversations to the discussion topics and questions raised, providing greater clarity and direction. Presuming the presentations are similar in content and structure to our past F2F, as they have been, will leave a lot of missed opportunity for clarity on the table.
On Mon, Oct 1, 2018 at 1:52 PM Kirk Hall <Kirk.Hall at entrustdatacard.com<mailto:Kirk.Hall at entrustdatacard.com>> wrote:
I checked with the WebTrust and ETSI reps, and they don’t think it would be a good idea to move their 15 minute “refresher” course presentations to time slots after the presentations by you and Wayne – their purpose in doing a refresher presentation on existing WebTrust and ETSI reports is to help the Members get more out of the following presentations from you and Wayne.
From: Ryan Sleevi [mailto:sleevi at google.com<mailto:sleevi at google.com>]
Sent: Sunday, September 30, 2018 5:50 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com<mailto:Kirk.Hall at entrustdatacard.com>>; CABFPub <public at cabforum.org<mailto:public at cabforum.org>>
Subject: [EXTERNAL]Re: [cabfpub] Revised draft F2F Agenda for Shanghai meeting
On Fri, Sep 28, 2018 at 9:20 PM Kirk Hall via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:
Here is an updated Agenda for the Shanghai F2F meeting in just over two weeks. The draft is based on time requests from different discussion leaders, and as you see the meeting runs too long on Thursday. I am going to check with discussion leaders to see if they really need all the time they have requested, and will likely make adjustments to this draft.
If you have suggestions or requests, please let me know.
Tuesday, 16 October 2018 - Working Group and Subcommittee Meetings
Start
Stop
Slot
Description
Discussion Leader / Notes
8:00
9:00
Meeting room open
8:30
9:00
Breakfast - Continental
9:00
9:15
Welcome, Preliminary Matters, Logistics, Antitrust Statement
Yi, Kirk
9:15
10:15
1
Forum Infrastructure Working Group Meeting
Jos
10:15
10:35
Break
10:35
12:00
2
Forum Committee of the Whole: Governance and Bylaws Issues Pre-meeting (1) Governance WG or Subcommittee, (2) Review Bylaws Change List
Ben, Jos, Dimitris
12:00
12:45
Lunch
12:45
14:15
3
SCWG Network Security Subcommittee
Ben
14:15
14:35
Break
14:35
16:35
4
SCWG Validation Subcommittee
Tim
16:35
Adjourn
Wednesday, 17 October 2018 - Plenary Meeting (Day 1)
Start
Stop
Slot
Description
Discussion Leader / Notes
8:00
9:00
Meeting room open
8:30
9:00
Breakfast - Continental
9:00
Call to Order and Welcome - CA/Browser Forum Plenary Meeting
Kirk, Yi
9:00
9:15
Recap of Preliminary Matters, Logistics, Antitrust Statement, Assign Minute Taking
Yi, Kirk
9:15
9:30
1
Report from Forum Infrastructure Working Group
Jos
9:30
9:50
2
Report on Governance Change, Bylaws Issues: (1) Governance WG or Subcommittee, (2) Review Bylaws Change List
Ben, Jos, Dimitris
9:50
10:05
3
Potential Amendments to SCWG Charter
Dimitris, Tim
10:05
10:35
4
Creation of additional Working Groups - Code Signing
Ben
10:35
10:50
Break
10:50
11:20
5
Creation of additional Working Groups - Secure Mail; Other
Ben
11:20
11:30
6
Pending Forum Ballots
Kirk
11:30
Adjourn CA/Browser Plenary Meeting
Kirk
11:30
Call to Order - Server Certificate Working Group Plenary Meeting
Kirk
11:30
11:35
Assign Minute Taking
Kirk
11:35
11:55
7
Opera Root Program Update
Tomasz
11:55
12:15
8
Mozilla Root Program Update
Wayne
12:15
12:45
Lunch
12:45
13:05
9
Microsoft Root Program Update
Mike
13:05
13:25
10
Google Root Program Update
Ryan
13:25
13:45
11
Cisco Systems Root Program Update
J.P.
13:45
14:05
12
Apple Root Program Update
Geoff
14:05
14:25
13
360 Root Program Update
Iñigo
14:25
14:55
14
WebTrust Update
Jeff
14:55
15:15
Break
15:15
15:45
15
ETSI Update
Arno, Phillipe
15:45
16:00
16
Report from SCWG Validation Subcommittee
Tim
16:00
16:30
17
Improving validation for identity certificates
Tim
16:30
16:40
Announcements, Evening Social Event
Kirk, Yi
16:40
Adjourn
Evening: Group Social Event -- details to be provided later
Thursday, 18 October 2018 - Plenary Meeting (Day 2)
Start
Stop
Slot
Description
Discussion Leader / Notes
8:00
9:00
Meeting room open
8:30
9:00
Breakfast - Continental
9:00
Continuation of Server Certificate Working Group Plenary Meeting
Kirk
9:00
9:15
Recap of Preliminary Matters, Logistics, Antitrust Statement, Assign Minute Taking
Yi, Kirk
9:15
10:15
18
Report from SCWG Network Security Subcommittee
Ben
10:15
10:35
Break
10:35
10:55
19
Report from SCWG Network Security Subcommittee (continued)
Ben
10:55
11:25
20
Update on London Protocol
Chris
11:25
12:25
21
Report on Name Clash Service
Daymion
12:25
12:55
Lunch
12:55
13:55
22
Potential changes to server certificate issuance processes for increased transparency
Daymion
13:55
Discussion of Audit Terminology, Problems, Ideal Life Cycle for Root CA Audits
13:55
14:10
23
(a) Types of audits/reports under WebTrust<https://www.cabforum.org/wiki/WebTrust> and their terminology
Jeff, Don
14:10
14:25
24
(b) Types of audits/reports under ETSI and their terminology
Arno, Clemens, Phillipe
14:25
15:15
25
(c) Discussion of current state of audits and membership requirements
Ryan
15:15
15:30
Break
15:30
16:10
26
(c) Discussion of current state of audits and membership requirements (continued)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20181001/bc6a775b/attachment-0001.html>
More information about the Public
mailing list