Guy asked about ECC certificates. Stefan has tried that. Maja to clarify if the MDS+Validator can do this. Rhys questioned by ECC rather than 4k keys? Guy has a scenario with his HSMs that doesn't support >2k RSA keys but does support ECC - smaller new federations might want to use USB based HSMs (Nitrokey, Cryptosick, et al) to gain experience before investing in more costly ones, and many of these still only support 2K keys but do aslo support ECC, so a 3K restriction rules out these HSMs. ECC is a path forward. Rhys said that this should be started and there can be a phased approach to move toward endpoint testing/support for ECC certificates.
- ACTION-20191113-01: Brook Schofield to confirm with Maja Górecka-Wolniewicz on the readiness of the MDS+Validator for ECC support.
Autopopulation of the security contact with contact email address isn't acceptable as the security contact should at least understand TLP for sharing information.
There is no further meetings in 2018.