[cabfpub] [SUSPICIOUS] Final minutes of CA/B Forum call August 20, 2020
Jos Purvis (jopurvis)
jopurvis at cisco.com
Thu Sep 10 20:46:14 UTC 2020
Jos Purvis (jopurvis at cisco.com)
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | Controls and Trust Verification
From: Public <public-bounces at cabforum.org> on behalf of CA/B Forum Public List <public at cabforum.org>
Reply-To: "Dimitris Zacharopoulos (HARICA)" <dzacharo at harica.gr>, CA/B Forum Public List <public at cabforum.org>
Date: Tuesday, September 8, 2020 at 5:26 AM
To: CA/B Forum Public List <public at cabforum.org>
Subject: [SUSPICIOUS] [cabfpub] Final minutes of CA/B Forum call August 20, 2020
Final Minutes of the CA/B Forum Meeting
Amanda Mendieta (Apple)
Andrea Holland (SecureTrust)
Andreas Hentschel (D-TRUST)
Ben Wilson (Mozilla)
Bruce Morton (Entrust Datacard)
Clint Wilson (Apple)
Corey Bonnell (SecureTrust)
Chris Kemmerer (SSL.com)
Curt Spann (Apple)
Daniela Hood (GoDaddy)
Dean Coclin (Digicert)
Doug Beattie (GlobalSign)
Dustin Hollenback (Microsoft)
Hazhar Ismail (MSC Trustgate)
Inaba Atsushi (GlobalSign)
Joanna Fox (GoDaddy)
Jos Purvis (Cisco Systems)
Karina Sirota (Microsoft)
Kirk Hall (Entrust Datacard)
Mads Henriksveen (Buypass AS)
Mayur Manchanda (Visa)
Michelle Coon (OATI)
Neil Dunbar (TrustCor Systems)
Niko Carpenter (SecureTrust)
Patrick Nohe (GlobalSign)
Pedro Fuentes (OISTE Foundation)
Rae Ann Gonzales (Godaddy)
Robin Alden (Sectigo)
Ryan Sleevi (Google)
Stephen Davidson (Digicert)
Tim Callan (Sectigo)
Tim Hollebeek (Digicert)
Tobias Josefowitz (Opera Software AS)
Trevoli Ponds-White (Amazon)
Wayne Thayer (Mozilla)
Wendy Brown (US Federal PKI Management Authority)
1. Roll Call
The Roll Call was taken.
2. Read Antitrust Statement
The Antitrust statement was read.
3. Review Agenda
Dimitris still being on vacation, Dean chaired this meeting.
The agenda was accepted with no modifications.
4. Approval of minutes from last teleconference
The minutes were approved.
5. Forum Infrastructure Subcommittee update
Jos provided the update. The subcommittee met on the 12th August.
Password reminders have been removed from the list, following requests from
some participants that this be done. Jos asked to be notified if those
reminders are still being received. The team are still reviewing the various
lists to ensure this feature has been turned off.
Forum Infrastructure is now tracking GitHub IDs as part of the repository
management, in the Google Docs spreadsheet of membership. This is being done
to allow validation of pull requests against the repository. Jos noted that
not everyone's GitHub ID looks like their name, thus it is advantageous to be
able to recognize the identity of the pull requestor.
A password solution is now online, and the team is busy moving things like
saved list server and infrastructure passwords into that tool. The team will
work with the various committee chairs and vice chairs to ensure that they
have access to the solution.
The subcommittee completed a review of the GitHub account and organization
and has removed a number of people who are no longer part of the CA/B Forum.
Jos believes that they are down to members and interested parties now.
Wayne renamed the "master" branch of the GitHub repository to "main", as part
of the ongoing industry trend to remove that kind of language. No difficulties
have been observed stemming from the rename, but Jos did say that if
parties are having any difficulties it might be useful to check if the renamed
branch could be the source of any problem.
The subcommittee also discussed a proposal to separate out the GitHub
repository to separate documents owned by each working group. At the moment,
all documents exist within a single repository, meaning that if a working
group needs changes to the documents for which they are responsible, that
change needs to be approved by the whole Github organization, and the
changes are against the same repository as the EV Guidelines, the Baseline
Requirements, or even the Bylaws.
The proposal is that there would be a repository for the Bylaws, one for
the Server Certificate Working Group which would cover the EV Guidelines and
the Baseline Requirements, one for the Code Signing Working Group, one for
the S/MIME Working Group, and another which would cover tools like document
templates and graphics to be shared amongst the others. This proposal is
still under examination - there would need to be rules established for managing
the Github repositories, rules for merges, and rules for adding users to roles
within the repository and so on. This proposal is expected to integrate these
rules as some sort of ballot, but probably not as an update to the Bylaws, but
rather a separate document.
Jos reiterated his offer of GitHub training - he has had a few requests for
training, and if people want answers to questions like "What is Github?", "how
does Git work?", Jos is happy to put something together if those interested
would let him know.
6. Code Signing Working Group update
Dean provided the update.
The combined document has been voted in, which is currently in the IPR review
period. In the past call, the working group reviewed the many emails which have
been submitted in the last six months regarding additions, changes and corrections
to the document.
The group has a list of items which are being maintained on the group Google
Drive. The link is in the Code Signing Working Group minutes, so anyone can
follow that link to see what is being worked on. Dean said that the link will
be in the minutes of the call from last Thursday, which should be out shortly.
This list shows the status and disposition of each of the items being considered,
as well as what the group thinks should be done to address each issue.
The group is about half way through the list; some of the items are relatively
easy to fix; some require more input and study. For such items requiring input
and study, the group will be inviting specialists and other experts to help
sort through the list. Dean stated that there has been good progress, with some
excellent participation by a diverse group covering a global audience, who
have worked on, and continue to work on, addressing those issues.
The next meeting of the Code Signing Working Group will be next Thursday [27
7. S/MIME Working Group update
Stephen provided the update.
The S/MIME Certificate Working Group met yesterday [Wednesday 19 August 2020].
This was the third meeting of the group.
Some new members have been added, including a certificate consumer, being an
email gateway provided called Zertificon. A Swiss university has asked to join
as an interested party. The group continues to look for interested members of
the community to join.
The group has started the discussion on S/MIME certificate profiles, similar
to the work performed in other working groups, going through the fields one by
one, looking at known, existing standards and requirements, such as the Mozilla
Root Store Policy, or the GMail policy, or the US Federal PKI Certificate Policy.
This is a useful exercise in rapidly converging on the common ground which
exists, but is leading to a more detailed discussion on what the use cases
are for S/MIME, which may be more varied than individual providers in the
chain might have formed a view upon. Stephen said the group is making good
progress, and continues to invite parties with knowledge of relevant standards
and policies to submit them to the group; at the same time welcoming
additional participants to join.
The next meeting of the S/MIME Certificate Working Group is Wednesday, 2 September
8. Elections update
Dean said that Dimitris had sent out an email on August 17, stating that the
nominations for Officers of the CA/B Forum is now open, and those nominations
remain open through the 23rd. Dean noted that this was interesting, as the wiki says that
the nominations are open through the 31st. He was unsure of which was correct.
Dimitris has asked people to post nominations on the wiki, which is different to
how it has been done in the past, which was to post to the mailing list. On the
wiki page there are nominations for the position of CA/B Forum Chair, Server
Certificate Working Group Chair and the Code Signing Working Group Chair.
At the moment, it shows Dean's name as candidate for CA/B Forum Chair. For
Server Certificate, Wayne Thayer has declined nomination, so an open spot remains
for that position. For Code Signing, Bruce Morton gets an automatic nomination
unless he declines. Those being the positions, Dean asks that people seriously
consider nominating themselves, other people at their companies or other candidates,
if they think those people would be suitable for these
two year positions. Dean would like to see a good level of participation from
the global CA/B Forum membership.
Tim (Hollebeek) added a quick observation that anyone nominating another should
seek the permission of that party to be nominated first. Tim noted that a couple
of years ago, someone got nominated by surprise, and this was an unfortunate
case which shouldn't be repeated. Dean concurred.
Dean said that only the three Chair positions are open now - the Vice Chair positions
open in October.
9. Any Other Business
There was no other business.
The meeting was adjourned and will reconvene on September 3, 2020 at 11:30 am Eastern Time
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3699 bytes
Desc: not available
More information about the Public