Final Agenda for F2F#63

50 views
Skip to first unread message

Dimitris Zacharopoulos (HARICA)

unread,
Oct 9, 2024, 2:04:00 PM10/9/24
to Public (CA/B Forum)
Re-sending to the new list.

Dimitris.


-------- Forwarded Message --------
Subject: Final Agenda for F2F#63
Date: Tue, 8 Oct 2024 20:31:14 +0300
From: Dimitris Zacharopoulos (HARICA) <dzac...@harica.gr>
To: CA/B Forum Public Mailing List <pub...@cabforum.org>


All,

Here is the final agenda for F2F#63. I have attached a PDF version for convenience.

Tuesday, 8 October 2024 - Forum level (Day 1)

ALL TIMES LOCAL TO Seattle, WA, USA

Start Description Discussion Leader / Notes
08:30 Check-in, get situated in room and virtual room, test audio/video  
09:00 CA/Browser Forum Meeting Dimitris Zacharopoulos (HARICA)
09:00

Welcome, Preliminary Matters, Meeting Recordings, Photo Policy, Logistics, Antitrust Statement, Code of Conduct

Dimitris Zacharopoulos (HARICA)
09:05 Welcome by host Trevoli Ponds-White (Amazon Trust Services)
09:15

- Take Attendance

- Assign Minute Takers

 Dimitris Zacharopoulos (HARICA)
09:35

- Approval of F2F#63 Agenda

- Approval of CABF Minutes from last teleconference
- Future face to face meeting schedule

- 2024 Election status

 Dimitris Zacharopoulos (HARICA)
09:40

- Introduction of F2F#64 meeting venue

 Tadahiko Ito (SECOM)
09:45

Guest speaker:  Requirement Traceability with RFCs

 Cameron Bytheway (Principal Engineer at AWS)

In this guest presentation, Cameron Bytheway, Principal Engineer on some of AWS’s TLS libraries, will discuss the tools used within AWS to ensure RFC compliance across their code base. His talk will focus on the processes and methodologies employed to measure adherence to technical standards governing secure communication protocols, offering insights into how AWS maintains compliance at scale.
10:15 Break (30 min)
10:45

Guest speaker: Stale TLS Certificates: Investigating Precarious Third-Party Access to Valid TLS Keys

 Zane Ma (Oregon State University)

In this guest presentation, Zane Ma will discuss his peer-reviewed research on how reducing certificate validity helps mitigate third-party access to valid publicly-trusted TLS keys. Certificate authorities issue certificates that authenticate the relationship between a domain name and a cryptographic keypair, currently valid for up to 398 days. However, this static mapping can become outdated as the underlying infrastructure (domains, servers, and keys) changes, leading to security risks. Zane’s research identifies three classes of events where third parties can impersonate domains due to stale certificates. Analyzing over 15,000 affected domains daily, the study finds that reducing certificate lifetimes to 90 days could decrease these vulnerabilities by 75%, offering a more secure alternative to relying solely on current revocation mechanisms.
11:15 Open mic  
11:55 Group photo  
12:00 Lunch (60 min)
13:00 Mozilla Root Program Update Ben Wilson (Mozilla) Minutes: 
13:30 Google Root Program Update Chris Clements and Ryan Dickson (Google) Minutes:
14:00 Apple Root Program Update Clint Wilson (Apple) Minutes: 
14:15 Microsoft Root Program Update Hanna Sokol (Microsoft) Minutes:
14:45 Cisco Root Program Update Eric Hampshire and Chad Dandar (Cisco) Minutes:
15:00 CCADB Update Clint Wilson (Apple) Minutes: 
15:30 Q&A Root program discussions Dimitris Zacharopoulos (HARICA) Minutes: 
15:45 Break (30 min)  
16:15 ETSI Update Arno Fiedler (Vice Chair ETSI ESI) Minutes: 
16:30 ACAB'c Update Clemens Wanko (ACAB'c Chair) Minutes: 
16:45 WebTrust Update Tim Crawford (BDO - WebTrust TF), Lilia Dubko (CPA Canada) Minutes: 
17:15 Q&A Audits and Standards Dimitris Zacharopoulos (HARICA) Minutes: 
17:30 End of day one
18:30
 Social evening event 

Wednesday, 9 October 2024 - Forum level / Working Groups (Day 2)

Start Description Discussion Leader / Notes
08:30 Get situated in Room and virtual room, test audio/video  
09:00

2024 CA/Browser Forum Elections

 Dimitris Zacharopoulos (HARICA)
09:35
 BR of BRs Paul van Brouwershaven (Entrust)
10:00 Infrastructure subcommittee Jos Purvis (Fastly)
10:30 Break (30 min)  
11:00

Definitions and Glossary new Working Group

Tim Hollebeek (DigiCert)
Tim Callan (Sectigo)
11:30

Network Security Working Group

  1. Welcome, attendance, anti-trust statement, minute taker

  2. Brief overview and call for additional topics (5-10 minutes)
  3. NS-004 & NS-005

  4. Systems

    1. Overview of Current Breakdown

    2. Desired Outcomes of Systems within NetSec
      1. Transition from "systems" to "functions"-based requirements?

     

  5. Roadmap and next work items

 Clint Wilson (Apple)
12:30 Lunch (60 min)  
13:30

Continuation of the Network Security Working Group
14:30

Server Certificate Working Group

  1. Take attendance, read anti-trust statement, minute taker

  2. Review Agenda
  3. Minutes and membership
    1. Draft Minutes from Sept 12 distributed on Sept 13
    2. IP application by Akamai on Sept 13th
    3. IP application by Mark Gamache on Sept 27th

  4. Summary (5-10 minutes)

    1. Summary of this quarter
  5. Topics
    1. Verification method (issue #459 started by Clint Wilson) (20 minutes)
    2. Policy OID rules for CA Certificates used by Affiliates and non-Affiliates presented by Dimitris (30 minutes)
    3. Revocation presented by Ben Wilson (30 minutes)
    4. GitHub open issues review (20-25 minutes) starting on #467

  6. Ballots (10-15 minutes)

    1. Ballots status: passed, failed, ...
  7. AOB (5-10 minutes)
 Inigo Barreira (Sectigo)
15:30 Break (30 min)   
16:00

Continuation of the Server Certificate Working Group
17:00 End of day two

Thursday, 10 October 2024 - Working Groups (Day 3)

Start Description Discussion Leader / Notes
08:30 Get situated in Room and virtual room, test audio/video  
09:00

Welcome

 Corey Bonnell (DigiCert)
09:05

Continuation of the Server Certificate Working Group

Validation Subcommittee

  1. Report on progress since F2F #62 (scheduled 5 minutes)

  2. Validation transparency

  3. Concurrent validation of domains with multiple methods
  4. DNSSEC validation when performing domain validation
 Corey Bonnell (DigiCert)
10:30 Break (30 min)  
11:00

Code Signing Working Group

  1. Assign Minute taker (start recording)

  2. Roll call

  3. Antitrust Compliance Statement

  4. Review Agenda

  5. Approval of prior meeting minutes

  6. Vice-chair election
  7. Ballot Status
  8. One Certificate Type
  9. Quantum for Code Signing
  10. Other business

  11. Next meeting

 Bruce Morton (Entrust)
13:00 Lunch (60 min)  
14:00

S/MIME Certificate Working Group Meeting

  1. Roll Call
  2. Antitrust / Compliance Statement
  3. Review Agenda
  4. Approval of past minutes
    • September 25
  5. Discussion as time permits:
    • SMC09
    • Finalization of MPIC ballot (SMC10)
    • Next steps and roadmap planning
  6. Any other business
 Stephen Davidson (DigiCert)
15:00 Break (30 min)  
15:30 Continuation of the S/MIME Certificate Working Group  
17:00

End of day three

Thanks, goodbye and safe travels

 Amazon Trust Services


Best regards,

Dimitris Zacharopoulos
CA/B Forum Chair
meeting-63-seattle-wa-usa.pdf
Reply all
Reply to author
Forward
0 new messages