[cabfpub] Final Minutes of CA/B Forum Call January 21, 2021

Thu Feb 4 19:53:36 UTC 2021

Here are the approved minutes of the subject call:

1.       RollCall

2.       Anti-Trust Statement read

3.       Approval of Prior Minutes-- Approved

4.       Forum Infrastructure Working group

a.       Considerable discussion on Github updates and reformatting
documents

i.            Separate repo for tooling that is producing these documents

1.       Introducing ballots to clean out the old tooling and consolidate
that into a single repo

2.       Introduction of depend-o-bot which will keep track of security
issues with tooling

b.       Membership management 

i.            Please use a Google Form for any change requests

ii.            Link here: Membership Change Request (google.com)
<https://docs.google.com/forms/d/e/1FAIpQLSedEJpyWC7tCn-yiJL5SnLiC-WARsWyY2H
b0NNakl4_jCIY3w/viewform> 

c.       Moving from Turbobridge to Webex for future bi-weekly meetings 

d.       Questions

i.            Dean: Who get alerted when changes are made to the list? 

ii.            Wayne: You can subscribe to the worksheet and get
notifications that way

e.       FYI: Everyone in the management list got the invite for Forum
Infrastructure group, no obligation for anyone to attend.

5.       Code Signing Working Group

a.       Latest Ballot CSWG7 has new version of ballot (merging EV and
non-EV together). Currently in Discussion period, entering voting period
soon. 

b.       Requiring FIPS level 2-vs level 3. Level 2 is the minimum, but
Level 3 will be looked at for Cloud based environment

c.       Looked at Comments from Cory re: supporting SHA-1--Can support
SHA-1 to respond to revocation requests after the sunset date. It's
acceptable to issue SHA-1 timestamping certs until April 30, 2022

d.       Confusion around 3k keys- Requirements say 3k but Microsoft
requirements say 4k- only new roots must be 4k. Any existing roots can issue
3k. 

e.       3072 tokens that meet FIPS. Devices should be coming to market in
the Spring and group will monitor. No devices currently on market. 

f.        Questions: 

i.            Tim Crawford: audit update key requirements

1.       Ian: Subscriber can provide key generation and vault logs

ii.            Tim: How can this be standardized? SOC-2? 

1.       Ian: will look into it

iii.            Sebastian: What if a cert is cross-signed with an older
root? 

1.        Ian: As long as the existing root meets the expiration
requirements of 2030, it should be okay. 

g.       Next meeting is next week 

6.       S/MIME Working Group

a.       Discussions on different types of S/MIME Certificates

i.            Legacy, Multi-purpose certificates vs strict certificates

ii.            8 Different types of certificates. Group will send out mail
for group approval of these certificates

7.       F2F

a.       March 2-3 Spring Virtual Meeting

b.       Similar to last meeting with similar time. Draft schedule will be
out shortly as well. 

c.       We will resume weekly meetings using WebEx. 

d.       Future meeting in June will be likely be virtual

e.       Fall meeting is still too early to tell

8.       Any other business? 

a.       None

9.       Next call in 2 weeks. 

Thanks to Karina for taking the minutes!

Dean Coclin

CA/B Forum Chair

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20210204/d2b022c7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20210204/d2b022c7/attachment-0001.p7s>