<div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <<a href="mailto:public@cabforum.org">public@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="m_4129386208465255875WordSection1">
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal"><b>Scope: </b>Revising and improving the Network and Certificate Systems Security Requirements (NCSSRs). <br></p><p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<br>
<b>Out of Scope: </b>No provision.<br>
<br>
<b>Deliverables: </b>The Network Security Subcommittee shall produce one or more documents offering options to the Forum for establishing minimal security standards within the scope defined above, which may be used to modify the existing NCSSRs. These renewed
NCSSR documents will serve CAs, auditors and browsers in giving a state of the art set of rules for the deployment and operation of CAs computing infrastructures. The Subcommittee may choose its own initial Chair.<br></p></div></div></blockquote><div><br></div><div>Is this Deliverable correct? Is that scope correct? The previous WG produced (only after significant prodding) a statement about 'options' - which was to modifying the existing NCSSRs. It seems like we're talking now about concrete recommendations for changes, and it seems more relevant to note what is in scope or out of scope.</div><div><br></div><div>I disagree that the deliverable affirmatively stating "will serve CA, auditors, and browsers".</div><div><br></div><div>However, there's other, more fundamental problems. Most notable is that Subcommittees aren't established to have Chairs - the point of the rework of the Bylaws was to make it clearer what activities are done and how they fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The other is that the SCWG does not yet have a defined process for the establishment of subcommittees.</div></div></div>