Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Guy asked about ECC certificates. Stefan has tried that. Maja to clarify if the MDS+Validator can do this. Rhys questioned by ECC rather than 4k keys? Guy has a scenario with his HSMs that doesn't support >2k RSA keys but does support ECC - smaller new federations might want to use USB based HSMs (Nitrokey, Cryptosick, et al) to gain experience before investing in more costly ones, and many of these still only support 2K keys but do aslo support ECC, so a 3K restriction rules out these HSMs. ECC is a path forward. Rhys said that this should be started and there can be a phased approach to move toward endpoint testing/support for ECC certificates.


Autopopulation of the security contact with contact email address isn't acceptable as the security contact should at least understand TLP for sharing information.

Future meetings

There is no further meetings in 2018.