<div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Mon, Jul 23, 2018 at 12:27 AM Dimitris Zacharopoulos <<a href="mailto:jimmy@it.auth.gr">jimmy@it.auth.gr</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <br>
    This proposed charter is not too different than the validation
    subcommittee charter. </div></blockquote><div><br></div><div>Not exactly a ringing endorsement for either charter :)</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">If I recall correctly, subcommittees were
    intended to be more flexible in order to achieve their chartered
    goal. Initially I thought of including language from the NetSec
    conclusions document about the risk-based approach and so on, but
    then I thought that as we go along the way, that might change (or
    not) if better proposals are introduced in the subcommittee.<br></div></blockquote><div><br></div><div>As much as possible, we should be looking to attach concrete deliverables to help focus work and agree on the things that are important to fix first, so that we can make sure the appropriate level of energy and focus is devoted to tackling those issues. A breadth-first approach simply doesn't scale.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
    <br>
    <br>
    Dimitris.<br>
    <br>
    <div class="m_1193967466177242592moz-cite-prefix">On 23/7/2018 6:22 πμ, Ryan Sleevi
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">This feels like a very weak proposed charter.<br>
        <div><br>
        </div>
        <div>Can you set something more on the concrete deliverables -
          what are the milestones used to measure progress and focus
          efforts, how will they be evaluated, and when will they be
          expected?</div>
        <div><br>
        </div>
        <div>Given the seeming difficulty the previous group had with
          staying on charter and delivering meaningful work product,
          this seems even more essential to identify and discuss. A good
          charter isn't about describing the borders of the kingdom, but
          about where the lines of the roads are, and where the
          destinations are, so that the subcommittee can know and
          describe how to get from Point A to Point B safely and without
          running off cliffs.</div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr">On Sun, Jul 22, 2018 at 5:48 PM Kirk Hall via
          Public <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>> wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
          <div bgcolor="white" link="#0563C1" vlink="#954F72" lang="EN-US">
            <div class="m_1193967466177242592m_-5085197495687693336WordSection1">
              <p class="MsoNormal"><span style="color:#1f497d">That
                  looks much better then what I posted – I agree.</span></p>
              <p class="MsoNormal"><span style="color:#1f497d"> </span></p>
              <div>
                <div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
                  <p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span style="color:windowtext"> Dimitris Zacharopoulos
                      [mailto:<a href="mailto:jimmy@it.auth.gr" target="_blank">jimmy@it.auth.gr</a>]
                      <br>
                      <b>Sent:</b> Sunday, July 22, 2018 10:39 AM<br>
                      <b>To:</b> Kirk Hall <<a href="mailto:Kirk.Hall@entrustdatacard.com" target="_blank">Kirk.Hall@entrustdatacard.com</a>>;
                      CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>><br>
                      <b>Subject:</b> [EXTERNAL]Re: [cabfpub] Draft
                      Ballot to establish new SCWG Network Security
                      Subcommittee</span></p>
                </div>
              </div>
              <p class="MsoNormal"> </p>
              <p class="MsoNormal" style="margin-bottom:12.0pt">Kirk,<br>
                <br>
                About the NetSec Subcommittee, I believe we should take
                into account the conclusion paragraph of the
                <a href="https://cabforum.org/pipermail/public/2018-June/013587.html" target="_blank">deliverable</a>
                published on June 22nd 2018. The conclusion was not to
                "scrap" the NetSec Guidelines. I propose the following:<br>
                <br>
                --- BEGIN ---<br>
                <br>
                The Server Certificate Working Group formally
                establishes the <b>Network Security Subcommittee</b> as
                an official Subcommittee.<br>
                <br>
                <b>Scope: </b>Revising and improving the Network and
                Certificate Systems Security Requirements (NCSSRs).
                <br>
                <br>
                <b>Out of Scope: </b>No provision.<br>
                <br>
                <b>Deliverables: </b>The Network Security Subcommittee
                shall produce one or more documents offering options to
                the Forum for establishing minimal security standards
                within the scope defined above. These renewed NCSSR
                documents will serve CAs, auditors and browsers in
                giving a state of the art set of rules for the
                deployment and operation of CAs computing
                infrastructures.<br>
                <br>
                <b>Within the scope of the SCWG Charter:</b> Yes<br>
                <br>
                <b>End Date: </b>None<br>
                <br>
                --- END---<br>
                <br>
                Best regards,<br>
                Dimitris.<span style="font-size:12.0pt"></span></p>
              <div>
                <p class="MsoNormal">On 22/7/2018 4:47 πμ, Kirk Hall via
                  Public wrote:</p>
              </div>
              <blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
                <p class="MsoNormal">No matter what procedure we choose
                  for establishing new SCWG Subcommittees, we will need
                  a formal scope for each Subcommittee.  This is a first
                  draft of such a scope for the Network Security
                  Subcommittee.</p>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal">The existing Network Security WG
                  was created by Ballot 203.     <a href="https://cabforum.org/2017/06/19/ballot-203-formation-network-security-working-group" target="_blank">https://cabforum.org/2017/06/19/ballot-203-formation-network-security-working-group</a>
                    I have slightly modified the language of that ballot
                  to create a SCWG Subcommittee – this would be the
                  language of a Ballot.  Please offer edits – simpler is
                  better.  We can try to finalize on our SCWG
                  teleconference on July 26.</p>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal">Because the previous Working Group
                  had a sunset date, I added a sunset of Sept. 1, 2020
                  (two years).</p>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal"> </p>
                <p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The
                    Server Certificate Working Group formally
                    establishes the
                    <b><u>Network Security Subcommittee</u></b> as an
                    official Subcommittee of the SCWG.
                  </span></p>
                <p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p>
                <p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;background:white"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Scope</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">:
                    Consider options for revising, replacing or
                    scrapping the Network Security Guidelines. 
                  </span></p>
                <p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p>
                <p class="MsoNormal" style="margin-left:.5in;background:white"><b>Out of
                    Scope: </b>
                  No provision.</p>
                <p class="MsoNormal" style="margin-left:.5in;background:white"><b> </b></p>
                <p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;background:white"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Deliverables</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">:
                    <b>Deliverables</b>: </span></p>
                <p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">1.
                    Reports with one or more proposals for the future of
                    the Network Security Guidelines.</span></p>
                <p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">2.
                    For proposals involving replacement, details of the
                    availability and applicability of the proposed
                    alternative, and what modifications if any would be
                    needed to it in order to make it suitable for use.</span></p>
                <p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">3.
                    For proposals involving revision, details of the
                    revisions that are deemed necessary and how the
                    document will be kept current in the future.</span></p>
                <p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">4.
                    For proposals involving scrapping, an explanation of
                    why this is preferable to either of the other two
                    options.</span></p>
                <p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">5.
                    If there are multiple proposals, optionally a
                    recommendation as to which one to pursue and an
                    associated timeline.</span></p>
                <p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">6. A
                    form of ballot or ballots to implement any
                    recommendations.</span></p>
                <p class="MsoNormal" style="margin-left:.5in;background:white"> </p>
                <p class="MsoNormal" style="margin-left:.5in;background:white"><b>Within
                    the scope of the SCWG Charter</b>: Yes</p>
                <p class="MsoNormal" style="margin-left:.5in;background:white"> </p>
                <p class="MsoNormal" style="margin-left:.5in;background:white"><b>End Date:
                  </b>September 1, 2020</p>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal"><span><br>
                    <br>
                    <br>
                  </span></p>
                <pre>_______________________________________________</pre>
                <pre>Public mailing list</pre>
                <pre><a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a></pre>
                <pre><a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a></pre>
              </blockquote>
              <p class="MsoNormal"><span> </span></p>
            </div>
          </div>
          _______________________________________________<br>
          Public mailing list<br>
          <a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br>
          <a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
        </blockquote>
      </div>
    </blockquote>
    <br>
  </div>

</blockquote></div></div>