[Cscwg-public] Draft Minutes CSCWG Apr 23

Bruce Morton Bruce.Morton at entrustdatacard.com
Thu Apr 23 09:48:41 MST 2020

These are the draft minutes of the subject call

  1.  Roll Call: Bruce Morton, Joanna Fox, Atsushi Inaba, Daniela Hood, Mike Reilly, Ian McMillan, Oliver Kuley, Ben Wilson, Rich Smith
  2.  Antitrust statement read by Ben
  3.  Prior minutes of April 9th approved
  4.  Virtual F2F: The CA/Browser Forum Virtual F2F is scheduled for the week of 9 June 2020. The CSWG has bi-weekly calls scheduled for 4 and 18 June 2020. It was decided that the CSWG does not need a period schedule for the Virtual F2F.
  5.  Document Merger:
     *   All input from the meeting on 9 April 2020 has been added to the document, which has been sent out to the CSWG
     *   Section 1 through 6 have not been updated. Bruce will update these sections.
     *   The following open items were reviewed:

                                                    i.     Validity period for Signing Service has a maximum 39 month requirement from the BRs and maximum 135 month from EV. The purpose of 135 month is to allow the signature to be trusted longer. It was decided since the signature can be trusted for a longer period of time if the signature is time-stamped, that the 135 month maximum will be dropped. The merged document will have a maximum validity of 39 months.

                                                   ii.     The BRs have a requirement that the minimum key size must be 3072-bit RSA effective 1 January 2021. This is not a requirement for EV. It was discussed that this requirement would apply to both non-EV and EV code signing certificates.

                                                  iii.     Appendix B allows for EKUs for Subordinate CAs of documentSigning and emailProtection and for Code Signing Certificates of documentSigning, lifetimeSigning, and emailProtection. EV does not have this allowance. It was decided that the EKUs would be allowed for both non-EV and EV code signing certificates. However, it was not known why EKU for documentSigning and emailProtection are allowed. There is also a risk that certificates with emailProtection will be subject to the policies created by the future S/MIME Working Group. As such, it was decided to put removal of EKUs documentSigning and emailProtection on the parking lot list.

     *   Bruce will update the document based on the discussion above. The updated document should be sent to the list early next week, the week of April 27th.
  1.  Any other business: There was no other business discussed
  2.  Next meeting: May 7th
  3.  Adjourn

Thanks, Bruce.

From: Dean Coclin <dean.coclin at digicert.com>
Sent: Wednesday, April 22, 2020 4:18 PM
To: cscwg-public at cabforum.org; Bruce Morton <Bruce.Morton at entrustdatacard.com>
Subject: [EXTERNAL]Agenda CSCWG Apr 23

Bruce-I may not be available for tomorrow's call, are you able to lead it?

Here is the agenda for the subject call:

  1.  Roll call
  2.  Antitrust statement
  3.  Approval of minutes of last call (Apr 9)
  4.  Update on combined document: final review, auditors?, parking lot complete list. Any additions to parking lot?
  5.  Any other business?
  6.  Next meeting:  May 7th
  7.  Adjourn

Dean Coclin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20200423/fa098338/attachment.html>

More information about the Cscwg-public mailing list