Here are the approved minutes of the subject call:
1. RollCall 2. Anti-Trust Statement read 3. Approval of Prior Minutes-- Approved 4. Forum Infrastructure Working group a. Considerable discussion on Github updates and reformatting documents i. Separate repo for tooling that is producing these documents 1. Introducing ballots to clean out the old tooling and consolidate that into a single repo 2. Introduction of depend-o-bot which will keep track of security issues with tooling b. Membership management i. Please use a Google Form for any change requests ii. Link here: Membership Change Request (google.com) <https://docs.google.com/forms/d/e/1FAIpQLSedEJpyWC7tCn-yiJL5SnLiC-WARsWyY2H b0NNakl4_jCIY3w/viewform> c. Moving from Turbobridge to Webex for future bi-weekly meetings d. Questions i. Dean: Who get alerted when changes are made to the list? ii. Wayne: You can subscribe to the worksheet and get notifications that way e. FYI: Everyone in the management list got the invite for Forum Infrastructure group, no obligation for anyone to attend. 5. Code Signing Working Group a. Latest Ballot CSWG7 has new version of ballot (merging EV and non-EV together). Currently in Discussion period, entering voting period soon. b. Requiring FIPS level 2-vs level 3. Level 2 is the minimum, but Level 3 will be looked at for Cloud based environment c. Looked at Comments from Cory re: supporting SHA-1--Can support SHA-1 to respond to revocation requests after the sunset date. It's acceptable to issue SHA-1 timestamping certs until April 30, 2022 d. Confusion around 3k keys- Requirements say 3k but Microsoft requirements say 4k- only new roots must be 4k. Any existing roots can issue 3k. e. 3072 tokens that meet FIPS. Devices should be coming to market in the Spring and group will monitor. No devices currently on market. f. Questions: i. Tim Crawford: audit update key requirements 1. Ian: Subscriber can provide key generation and vault logs ii. Tim: How can this be standardized? SOC-2? 1. Ian: will look into it iii. Sebastian: What if a cert is cross-signed with an older root? 1. Ian: As long as the existing root meets the expiration requirements of 2030, it should be okay. g. Next meeting is next week 6. S/MIME Working Group a. Discussions on different types of S/MIME Certificates i. Legacy, Multi-purpose certificates vs strict certificates ii. 8 Different types of certificates. Group will send out mail for group approval of these certificates 7. F2F a. March 2-3 Spring Virtual Meeting b. Similar to last meeting with similar time. Draft schedule will be out shortly as well. c. We will resume weekly meetings using WebEx. d. Future meeting in June will be likely be virtual e. Fall meeting is still too early to tell 8. Any other business? a. None 9. Next call in 2 weeks. Thanks to Karina for taking the minutes! Dean Coclin CA/B Forum Chair
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/public
