Regarding my HSM action. I went through the CCAK and CCSK materials that I have. Also Googled a bit. Other than mentioning HSM, there isn't much there. We should probably discuss the HSM use case during one of our calls. Regulators and industry bodies are pushing HSM. Organizations are saying they are too expensive. The crypto community wants something cost-effective for individuals. Costs will come down over time - they always do. Unless one of the WG members is seeing something different, I suggest we pick a generic use case, possibly two, and just run with it.
Co-Chair Philosophy & Guiding Principles Working Group
Co-Chair Organizational Strategy & Governance Working Group
Sent: Mar 17, 2023 02:10:09 PM
From: Marina Bregkou
Subject: Meeting Minutes 8th March 2023
Here are the minutes from the working group call on the 8th of March.
- The call started with the presentation from the DLT/Blockchain WG leadership, Urmila Nagvekar and Michael Theriault. They presented the Framework for Digital Certification Governance Security Recommendations.
- Group members will provide feedback to what was presented.
- Partha asked for a time window to see how he can provide feedback for the recommendations presented.
- Alex Sharpe also committed to review and give feedback.
- Thoughts about creating a process for other working groups to recognize their possible needs for Key Management. The idea of writing and distributing an executive summary of what our working group will cover and communicate it to other WGs, was also mentioned.
- Started assigning authors to the KM Lifecycle Best Practices Lifecycle document.
- Decided to work progressively: The authors that picked up the starting sections will present their contributions by next call. The sections that have no authors yet, will be assigned on the next call as well.
Previous action items:
- Alex to check CCAK/CCSK and suggest the use case that might support the certifications of valid immutable storage as part of a valid Key Mgmt plan) (for the HSM document). - PENDING
- Assign roles and responsibilities in both documents. - PENDING
- Assign authors to sections in both documents. - PENDING
- Create an initial timeline for the first document draft for both documents. - PENDING
- All to review document 2 (KM Lifecycle) sections and provide feedback please. Santosh and Partha to go through those comments on Tuesday, prior to the WG call. - PENDING
- Iain to repurpose and create the KM lifecycle diagram according to section 2 in the KM document. - PENDING
Next action items:
- Marina to contact other WGs and see if their roadmap includes any Key Mgmt touch-points so that we can embed those needs in our upcoming works.
- Marina to check with the Zero Trust sub-group on IAM on the chance of related topics to our WG that we could incorporate in our 2 new documents.
- Create an initial timeline for the first document draft for both documents.
- Iain ( @Iain Beveridge) to repurpose and create the KM lifecycle diagram according to section 2 in the KM document
- Need to address Akash's question about 'Trusted Computing' and for what reason it wasn't included in the Key Mgmt document.
- For the HSM-as-a-Service Paper, interested authors, please look specifically at the Use Cases section, and "claim" one or more use cases. Simply add a comment next to the use case that you are interested in discussing. Sam ( @Sam Pfanstiel ) might reach out to those who volunteer to discuss further before next call.
- Assigned authors to please start populating their respective sections in the Key Mgmt document:
Next working group call:
Date: Wednesday, 22 March 2023
Time: 08:00 a.m. PST / 11:00 a.m. EST / 15:00 GMT / 17:00 EET (*Attn: These hours for the European continent are valid only for this time, due to the US light-time savings that happens earlier).
URL: https://zoom.us/j/93617880747 (Meeting ID: 936 1788 0747)
Senior Research Analyst,