<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1166018212;
mso-list-template-ids:-495024062;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:1191601457;
mso-list-type:hybrid;
mso-list-template-ids:1563216286 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2
{mso-list-id:1698391786;
mso-list-template-ids:-516135414;}
@list l2:level1
{mso-level-start-at:7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Meeting Minutes<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><ol style='margin-top:0in' start=1 type=1><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Call to Order – Assign Note taker (need a volunteer) – Bruce Morton volunteered<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Reading of Anti-Trust Statement - complete<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Roll Call - Bruce Morton, Tim Callen, Jason Cooper, Gordon Bock, Hugh Mercer, Daniela Hood, Rich Smith, and Jeff Ward<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Approval of prior minutes – Minutes from 12 September 2019 were approved<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Potential new members status – No new members were discussed<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Potential changes <o:p></o:p></li><ol style='margin-top:0in' start=1 type=a><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level2 lfo3'>SHA-1 prohibition to May 31, 2020 – Jason Cooper will action drafting a ballot.<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level2 lfo3'>Combine EV CS and BR CS into one document<o:p></o:p></li></ol></ol><p class=MsoListParagraph style='margin-left:1.5in;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo3'><![if !supportLists]><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'> </span>i.<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>Bruce Morton and Jason Cooper reviewed the BR and EV Code Signing documents and have created a table indicating what can be merged and where some differences are. Bruce and Jason consider the documents can be merged.<o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.5in;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo3'><![if !supportLists]><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'> </span>ii.<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>Some differences are that one document discusses Signing Service and the other discusses Signing Authority. The Signing Authority may have a certificate for as long as 135 months. No CA on the call stated that they are a Signing Authority.<o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.5in;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo3'><![if !supportLists]><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'> </span>iii.<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>Jason suggested that we could do a survey with the CAs to try to establish the current status. This may be important, for instance, if no CA is a Signing Authority, then perhaps this role can be removed. If no CA has a CPS to RFC 2527, then this requirement can be removed.<o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.5in;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo3'><![if !supportLists]><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'> </span>iv.<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>Two methods to merge were discussed: <o:p></o:p></p><p class=MsoNormal style='margin-left:1.5in'>1) Migrate BR and EV together and create a new document in the current format, then migrate to RFC 3647 format as a second project; or <o:p></o:p></p><p class=MsoNormal style='margin-left:1.5in'>2) Start with the SSL BRs which is already in RFC3647 format and change to incorporate the BR and EV Code Signing requirements. This proposal would take advantage of all the changes which have been done to the SSL BRs; it would also change the format.<o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.5in;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo3'><![if !supportLists]><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'> </span>v.<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>It was discussed whether the new document should be stand alone and not have the references to the SSL BRs and the SSL EV Guidelines. The advantage is that code signing would not have the risk of changes from the SCWG. The disadvantage is that the CSWG would have to maintain all of these clauses, which might be an issue for a working group with a low number of members. After further discussion, it was suggested that we keep the references to the SSL BR/EV documents, changes to those documents would be accepted by default. The CSWG would monitor those changes by tracking closed SCWG ballots through a standard agenda item for the bi-weekly meetings. If the ballot was acceptable, then no impact, but if the ballot was unacceptable, then a change would be required to the CSWG document. <o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.5in;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo3'><![if !supportLists]><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'> </span>vi.<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>It was discussed that this would be a long project which would not address code signing security issues. It was suggested that security issues would have to eb addressed in parallel and also that the merging of the document may indicate security items which need to be addressed.<o:p></o:p></p><ol style='margin-top:0in' start=7 type=1><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Any other business – no other business was discussed<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l1 level1 lfo3'>Adjourned.<o:p></o:p></li></ol><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Bruce<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>