[cabfpub] Final minutes of CA/B Forum call February 4, 2021

Dean Coclin dean.coclin at digicert.com
Thu Feb 18 21:26:20 UTC 2021 

Here are the final minutes of the subject call:

 

1.	Roll Call: Ali Gholami (Telia), Andrea Holland (SecureTrust), Arno
Fiedler (D-TRUST), Ben Wilson (Digicert), Bruce Morton (Entrust), Chris
Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey
Bonnell (DigiCert), Daniela Hood (GoDaddy), David Kluge (Google), Dean
Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie
(GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST),
Eusebio Herrera (AC Camerfirma), Hazhar Ismail (MSC Trustgate), Inaba
Atsushi (GlobalSign), Jeff Ward (CPA Canada/WebTrust), Jim Gorz (GoDaddy),
Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Juan-Angel Martin (AC
Camerfirma SA), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS),
Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor
Systems), Niko Carpenter (SecureTrust), Noorul Halimin Mansol (PoS
Digicert), Patrick Nohe (GlobalSign), Paul van Brouwershaven (Entrust),
Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley
(Apple), Ryan Sleevi (Google), Sebastian Schulz (GlobalSign), Shelley Brewer
(Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems),
Tim Callan (Sectigo), Tobias Josefowitz (Opera Software AS), Wendy Brown (US
Federal PKI Management Authority)

 

2.	Antitrust Statement read by Dean

 

3.	Agenda: The agenda was reviewed

 

4.	Approval of prior minutes: The minutes of January 21st were
approved.

 

5.	Forum Infrastructure Update: Jos Purvis gave the update from the
last subcommittee meeting. (1) There was a discussion of updates under
github. If someone wants experience using github, they can create their own
repository and everything will be copied to their account so they can
experiment. (2) There was discussion of a bot account which would send
periodic summaries of discussions on github, since members are not seeing
these discussions on the list now. The bot would collect the discussions and
send to the SCWG email list. (3) Sending updates from tools: Github could
send out red lines and updates saving the Chair from doing so,
automatically. (4) Creation of redlines are difficult with tables. This will
get easier with passage of SC40. (5) The wiki SCWG page will have links to
master versions of artifacts. If someone needs a copy of the word version,
they can get it there. (6) A mind map of the website will be generated for
folks to review. (7) Table formatting for BRs. Suggestion to release
versions in separate sections for better rendering or balloting. (8) Future
things to look at: how to push items to the public website.

 

6.	Code Signing Update: Dean gave the update. Ballot CSCWG-7 was
approved and is in IPR review. A suggestion to put high risk requests in the
same category for all requests was made by Ian of Microsoft. CAs should
check their internal database for prior requests from the customer. If there
was a denial before, refer to section 11.7 for how to deal with it. If a key
compromise had occurred, step them up to an HSM. Further discussion on using
a 3rd party service to host data related to breaches. Another topic was
using CAA to potentially check to see if CA is authorized to issue for the
company. There was also a discussion on private key protection and the
standards related to this. Further discussion on the next call.  Ryan asked
if the CSCWG planned to use markdowns in the future. Dean said he will bring
this up on the next call.

 

7.	S/MIME Working group update: Stephen Davidson gave the update. A new
member has joined the working group from Austria: RundQuadrat, which
manufactures email software for mobile devices. The group is focusing on two
types of S/MIME certs: (1) multipurpose for legacy purposes and (2) Strict
S/MIME only. They are looking at specific cert profiles under these
categories.

 

8.	2021 F2F meeting schedule: Looking for guest speakers for March
meeting. Suggestions for topics, speakers sought. June will also be virtual.
Beyond that is TBD.

 

9.	Other Business - Membership Applications: Discussion about the
application received from AT&T for Interested Party membership. Concern
among members that someone with the authority to bind AT&T to the IPR did
not sign the agreement nor have the proper authority to do so. Members
wanted to be sure the IP obligations are binding. Dean will draft a response
for member review before sending to AT&T.

 

10.	Next call February 18th

 

11.	Adjourn

 

 

 

Dean Coclin

CA/B Forum Chair

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20210218/0b43797e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20210218/0b43797e/attachment.p7s>

More information about the Public mailing list