The CA/Browser Forum's Bylaws at Section 2.3(c) allow the Forum Chair (currently me) to invite Interested Parties to participate in Working Group meetings.
I hereby extend an invitation to Forum Interested Parties to participate in person or remotely in the all-day Validation Working Group meeting on Tuesday, March 6, 2018 at Amazon's offices in Herndon, VA (located near Dulles Airport). If you are employed by a Forum member, please coordinate with your company's regular Forum representatives. This invitation is for the Tuesday Validation Working Group meeting only, and does not extend to the Forum's plenary sessions on Wednesday and Thursday. All Interested Parties who want to participate should send their name and contact information (email address and phone, preferably) to Tim Hollebeek and Wayne Thayer, [tim-dot-hollebeek-at-digicert -dot-com and wthayer-at-mozilla-dot-com]. Tim and Wayne will provide you with additional details and logistics for participating in the meeting. To become an Interested Party who is eligible to participate, before the meeting you must sign and return a copy of the Forum's "Intellectual Property Rights Agreement-1.2-PKI-enabled" found here: https://cabforum.org/ipr-policy/ https://cabforum.org/wp-content/uploads/Intellectual-Property-Rights-Agreement-1.2-PKI-enabled.pdf Participants must also follow the Forum's Code of Conduct found at Exhibit C of the Bylaws, https://cabforum.org/wp-content/uploads/CA-Browser-Forum-Bylaws-v.-1.7.pdf Thanks to all for your interest. Kirk Hall, Chair CA/Browser Forum From: Public [mailto:[email protected]] On Behalf Of Tim Hollebeek via Public Sent: Monday, February 5, 2018 12:37 PM To: CA/Browser Forum Public Discussion List <[email protected]> Subject: [EXTERNAL][cabfpub] Recruiting experts for the Validation Summit CA/Browser Forum Members, I would like to invite you to consider who you may know who would be a valuable addition to the domain validation security analysis. It would be great if we could get participation from a wide variety of people who don't normally participate in CA/Browser discussions. As a reminder, we are going to be discussing topics like the following: (1) What is domain control/domain ownership/IP validation/validation of authorization intended to validate? (2) How is validation typically done, for each method? Are there any vulnerabilities? Can they be fixed? This is already an ambitious agenda, so we are looking for participants who can participate in an intelligent, constructive conversation without going off on too many tangents or descending into too many ratholes. I'll be doing my best to keep us on topic and moving forward. It would be particularly helpful to have participants who have experience in the following areas: (1) Real-world experience with the validation procedures as they are currently practiced by public certificate authorities (2) Experience with threat modeling, analyzing a variety of protocols, or other methods for rigorously analyzing processes and procedures for potential vulnerabilities (3) Deep technical expertise related to how validation-related technologies perform and/or fail in the real world (DNS, WHOIS, Domain Registrars, Reverse IP lookup, and so on) (4) Technical challenges that prevent various validation methods from being usable by a significant fraction of certificate applicants, and thus drive users towards less desirable methods (5) Automation of validation protocols (i.e. ACME) We will be collecting lists of participants and doing what we can to allow them to participate. In preparation for the March 6th meeting, we would ask that prospective participants be willing to participate in a special meeting of the Validation Working Group on Thursday, March 1st, 11 am Eastern Time. -Tim
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
