Draft Minutes for 16 June NetSec Meeting
Scott Rea
Minutes for NetSecWG Call 16 Jun 2026
Attendees:
Adam Fiock (SSL.com), Andrea Holland (IdenTrust), Arman Asemani (Apple), Ben Wilson (Mozilla), Clint Wilson (Apple), Daryn Wright (Apple), David Kluge (Google), Dustin Hollenback (Apple), Eric Kramer (Sectigo), Hans Metsoja (Opera), Janet Hines (SSL.com), Jozef Nigut (Disig), Kiran Tummala (Apple), Luis Osses (Amazon Trust Services), Matthew McPherrin (ISRG), Miguel Sanchez (Google Trust Services), Mohamed El-Sharkawi (Microsoft), Nate Smith (GoDaddy), Qais Al Hajri (Microsoft), Rebecca Kelley (SSL.com), Rob White (GoDaddy), Rollin Yu (TrustAsia), Scott Rea (eMudhra), Tathan Thacker (IdenTrust), Tim Crawford (BDO), Tim Hollebeek (DigiCert), Tobias Josefowitz (Opera), Trevoli Ponds-White (Amazon Trust Services), Wendy Brown (FPKIMA)
Minutes:
Clint is sick, so after starting the meeting, Trevoli agreed to run the meeting. Trev did note well reminding folks of bylaws, antitrust policy, IPR, and code of conduct.
Scott volunteered to take minutes.
No Meeting minutes reviewed.
No IPR reviews currently, No Ballots currently.
Trev reviewed agenda for today’s call: Microsoft on cleanup ballot, DigiCert on the log storage ballot, plus any other business.
Qais Al Hajri discussed clean up ballot progress - sent link: https://github.com/cabforum/netsec/pull/61 Andrea Holland questions the reason for changing NIST requirements from Appendix A to Section 3.1. Qais agreed to change that back because Appendix A is what is desired. Andrea said IdenTrust is happy to be 2nd endorser upon that basis.
Tim Hollebeek taking over ballot shepherding from Corey Bonnell for Log Storage Systems in 3rd Party Controlled Environments (Trev sent link: https://github.com/cabforum/netsec/pull/59/changes ) Discussion about breaking this ballot into two: a) CA scope – do this first; b) log storage. David Kluge raised concern about definitions of 3 different environments: CA controlling, 3rd party controlling, CA co-located. Trev to clarify.
Miguel invited to report on the modernization effort discussions, but he declined with a preference to focus on the current ballots under discussion first.
In Other Business, Adam Fiok raised the topic of a revised NSR to include definition of Registration Authority system and an update of terms (sent link: https://github.com/cabforum/netsec/pull/63/changes ) The main idea being to scope what an RA system is and how it would operate in the cloud. Dustin and Tim not in favour of expanding the scope at this time – but agree it’s a good conversation to have at the right time. Calling out various things like SSO as a function rather than part of a system could be beneficial. Adam to propose a new version based on the linked draft.
Meeting adjourned. Next Call: In two weeks.