<div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Mon, Jul 23, 2018 at 12:27 AM Dimitris Zacharopoulos <<a href="mailto:jimmy@it.auth.gr">jimmy@it.auth.gr</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<br>
This proposed charter is not too different than the validation
subcommittee charter. </div></blockquote><div><br></div><div>Not exactly a ringing endorsement for either charter :)</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">If I recall correctly, subcommittees were
intended to be more flexible in order to achieve their chartered
goal. Initially I thought of including language from the NetSec
conclusions document about the risk-based approach and so on, but
then I thought that as we go along the way, that might change (or
not) if better proposals are introduced in the subcommittee.<br></div></blockquote><div><br></div><div>As much as possible, we should be looking to attach concrete deliverables to help focus work and agree on the things that are important to fix first, so that we can make sure the appropriate level of energy and focus is devoted to tackling those issues. A breadth-first approach simply doesn't scale.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<br>
<br>
Dimitris.<br>
<br>
<div class="m_1193967466177242592moz-cite-prefix">On 23/7/2018 6:22 πμ, Ryan Sleevi
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">This feels like a very weak proposed charter.<br>
<div><br>
</div>
<div>Can you set something more on the concrete deliverables -
what are the milestones used to measure progress and focus
efforts, how will they be evaluated, and when will they be
expected?</div>
<div><br>
</div>
<div>Given the seeming difficulty the previous group had with
staying on charter and delivering meaningful work product,
this seems even more essential to identify and discuss. A good
charter isn't about describing the borders of the kingdom, but
about where the lines of the roads are, and where the
destinations are, so that the subcommittee can know and
describe how to get from Point A to Point B safely and without
running off cliffs.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Sun, Jul 22, 2018 at 5:48 PM Kirk Hall via
Public <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" link="#0563C1" vlink="#954F72" lang="EN-US">
<div class="m_1193967466177242592m_-5085197495687693336WordSection1">
<p class="MsoNormal"><span style="color:#1f497d">That
looks much better then what I posted – I agree.</span></p>
<p class="MsoNormal"><span style="color:#1f497d"> </span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span style="color:windowtext"> Dimitris Zacharopoulos
[mailto:<a href="mailto:jimmy@it.auth.gr" target="_blank">jimmy@it.auth.gr</a>]
<br>
<b>Sent:</b> Sunday, July 22, 2018 10:39 AM<br>
<b>To:</b> Kirk Hall <<a href="mailto:Kirk.Hall@entrustdatacard.com" target="_blank">Kirk.Hall@entrustdatacard.com</a>>;
CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>><br>
<b>Subject:</b> [EXTERNAL]Re: [cabfpub] Draft
Ballot to establish new SCWG Network Security
Subcommittee</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Kirk,<br>
<br>
About the NetSec Subcommittee, I believe we should take
into account the conclusion paragraph of the
<a href="https://cabforum.org/pipermail/public/2018-June/013587.html" target="_blank">deliverable</a>
published on June 22nd 2018. The conclusion was not to
"scrap" the NetSec Guidelines. I propose the following:<br>
<br>
--- BEGIN ---<br>
<br>
The Server Certificate Working Group formally
establishes the <b>Network Security Subcommittee</b> as
an official Subcommittee.<br>
<br>
<b>Scope: </b>Revising and improving the Network and
Certificate Systems Security Requirements (NCSSRs).
<br>
<br>
<b>Out of Scope: </b>No provision.<br>
<br>
<b>Deliverables: </b>The Network Security Subcommittee
shall produce one or more documents offering options to
the Forum for establishing minimal security standards
within the scope defined above. These renewed NCSSR
documents will serve CAs, auditors and browsers in
giving a state of the art set of rules for the
deployment and operation of CAs computing
infrastructures.<br>
<br>
<b>Within the scope of the SCWG Charter:</b> Yes<br>
<br>
<b>End Date: </b>None<br>
<br>
--- END---<br>
<br>
Best regards,<br>
Dimitris.<span style="font-size:12.0pt"></span></p>
<div>
<p class="MsoNormal">On 22/7/2018 4:47 πμ, Kirk Hall via
Public wrote:</p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">No matter what procedure we choose
for establishing new SCWG Subcommittees, we will need
a formal scope for each Subcommittee. This is a first
draft of such a scope for the Network Security
Subcommittee.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The existing Network Security WG
was created by Ballot 203. <a href="https://cabforum.org/2017/06/19/ballot-203-formation-network-security-working-group" target="_blank">https://cabforum.org/2017/06/19/ballot-203-formation-network-security-working-group</a>
I have slightly modified the language of that ballot
to create a SCWG Subcommittee – this would be the
language of a Ballot. Please offer edits – simpler is
better. We can try to finalize on our SCWG
teleconference on July 26.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Because the previous Working Group
had a sunset date, I added a sunset of Sept. 1, 2020
(two years).</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The
Server Certificate Working Group formally
establishes the
<b><u>Network Security Subcommittee</u></b> as an
official Subcommittee of the SCWG.
</span></p>
<p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p>
<p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;background:white"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Scope</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">:
Consider options for revising, replacing or
scrapping the Network Security Guidelines.
</span></p>
<p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p>
<p class="MsoNormal" style="margin-left:.5in;background:white"><b>Out of
Scope: </b>
No provision.</p>
<p class="MsoNormal" style="margin-left:.5in;background:white"><b> </b></p>
<p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;background:white"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Deliverables</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">:
<b>Deliverables</b>: </span></p>
<p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">1.
Reports with one or more proposals for the future of
the Network Security Guidelines.</span></p>
<p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">2.
For proposals involving replacement, details of the
availability and applicability of the proposed
alternative, and what modifications if any would be
needed to it in order to make it suitable for use.</span></p>
<p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">3.
For proposals involving revision, details of the
revisions that are deemed necessary and how the
document will be kept current in the future.</span></p>
<p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">4.
For proposals involving scrapping, an explanation of
why this is preferable to either of the other two
options.</span></p>
<p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">5.
If there are multiple proposals, optionally a
recommendation as to which one to pursue and an
associated timeline.</span></p>
<p class="m_1193967466177242592m_-5085197495687693336line874" style="margin-right:0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt;background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">6. A
form of ballot or ballots to implement any
recommendations.</span></p>
<p class="MsoNormal" style="margin-left:.5in;background:white"> </p>
<p class="MsoNormal" style="margin-left:.5in;background:white"><b>Within
the scope of the SCWG Charter</b>: Yes</p>
<p class="MsoNormal" style="margin-left:.5in;background:white"> </p>
<p class="MsoNormal" style="margin-left:.5in;background:white"><b>End Date:
</b>September 1, 2020</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span><br>
<br>
<br>
</span></p>
<pre>_______________________________________________</pre>
<pre>Public mailing list</pre>
<pre><a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a></pre>
<pre><a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a></pre>
</blockquote>
<p class="MsoNormal"><span> </span></p>
</div>
</div>
_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
</blockquote>
</div>
</blockquote>
<br>
</div>
</blockquote></div></div>