<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI Emoji";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:"Segoe UI Symbol";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:"Zapf Dingbats";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.m1948658733183492715m6856908964478846115apple-converted-space
{mso-style-name:m_1948658733183492715m6856908964478846115apple-converted-space;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>I can confirm that the Validation Working Group actually has a list of participants that have volunteered to take minutes, and we rotate between them. The time and effort of those four participants is greatly appreciated. And that’s not just polite wording. Those four people are awesome, and I sincerely appreciate their assistance.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>If anyone else wants to be added to the list, feel free to let me know.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>-Tim<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> geoffk@apple.com <geoffk@apple.com> <br><b>Sent:</b> Friday, September 14, 2018 6:35 PM<br><b>To:</b> Ryan Sleevi <sleevi@google.com>; CA/Browser Forum Public Discussion List <public@cabforum.org><br><b>Cc:</b> Tim Hollebeek <tim.hollebeek@digicert.com>; Virginia Fournier <vfournier@apple.com><br><b>Subject:</b> Re: [cabfpub] Public Digest, Vol 77, Issue 81<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>I think we’re in agreement as to the effect of not having minutes on the IPR policy.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I don’t believe anyone is proposing a subcommittee charter which *prevents* it from having minutes. So, perhaps if you’re concerned that a subcommittee might not have the standard of minute-taking that you would like, you could offer to take minutes for that subcommittee? My experience is that such an offer is usually received with gratitude!<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>On Sep 14, 2018, at 2:04 PM, Ryan Sleevi via Public <<a href="mailto:public@cabforum.org">public@cabforum.org</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>Please review section 8 of the IPR policy with your legal counsel, Tim, particularly around what constitutes a "Contribution"<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Fri, Sep 14, 2018 at 4:52 PM Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com">tim.hollebeek@digicert.com</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>We have the protections in the IPR policy, because we have the IPR policy. To be clear, the existence or absence of minutes does not in any way affect the IPR policy, and there’s no text in the Bylaws or IPR policy that suggests that it does.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-Tim<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>From:</b> Public <<a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a>> <b>On Behalf Of </b>Ryan Sleevi via Public<br><b>Sent:</b> Friday, September 14, 2018 4:41 PM<br><b>To:</b> Virginia Fournier <<a href="mailto:vfournier@apple.com" target="_blank">vfournier@apple.com</a>>; CABFPub <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>><br><b>Subject:</b> Re: [cabfpub] Public Digest, Vol 77, Issue 81<o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Virginia,<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I do not understand how that position is at all consistent with our bylaws with respect to IP risk. If we have Subcommittees without the requirement to maintain or produce minutes, how could we possibly hope to have the IP protections afforded by our policy?<o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Fri, Sep 14, 2018 at 4:32 PM Virginia Fournier via Public <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>It would be great if the people who continually complain that the Bylaws don’t contain x, or took away y, would actively participate in the process to create new versions of the Bylaws. The version of the Bylaws creating CWGs and their Subcommittees was developed over more than a year, with ample time for review, comment, revision, rinse and repeat.<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>The Bylaws say that "each CWG may establish any number of subcommittees within its own Working Group to address any of such CWG’s business.” However, there's nothing in the Bylaws that prohibits Subcommittees from having their own mailing lists, minutes, chairs, etc. It looks like Subcommittees have the flexibility to determine how to conduct their own business within the CWG. <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>If a CWG wants a Subcommittee to do something specific (like keep minutes), they can specify that in the CWG charter. <o:p></o:p></p><div><div><div><div><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.5pt;font-family:"Helvetica",sans-serif'> </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.5pt;font-family:"Helvetica",sans-serif'>Best regards,</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.5pt;font-family:"Helvetica",sans-serif'> </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.5pt;font-family:"Helvetica",sans-serif'>Virginia Fournier</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.5pt;font-family:"Helvetica",sans-serif'>Senior Standards Counsel</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#717171'></span><span style='font-size:10.5pt;font-family:"Helvetica",sans-serif'> Apple Inc.</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.5pt;font-family:"Segoe UI Symbol",sans-serif'>☏</span><span class=m1948658733183492715m6856908964478846115apple-converted-space><span style='font-size:10.5pt;font-family:"Helvetica",sans-serif'> </span></span><span style='font-size:10.5pt;font-family:"Helvetica",sans-serif'>669-227-9595</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.5pt;font-family:"Segoe UI Emoji",sans-serif'>✉</span><span style='font-size:10.5pt;font-family:"Zapf Dingbats",serif'>︎</span><span style='font-size:10.5pt;font-family:"Helvetica",sans-serif'> <a href="mailto:vmf@apple.com" target="_blank">vmf@apple.com</a></span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#579DFF'> </span><o:p></o:p></p></div></div></div></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Sep 14, 2018, at 9:29 AM, <a href="mailto:public-request@cabforum.org" target="_blank">public-request@cabforum.org</a> wrote:<o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'>Send Public mailing list submissions to<br><a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit<br><a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>or, via email, send a message with subject or body 'help' to<br><a href="mailto:public-request@cabforum.org" target="_blank">public-request@cabforum.org</a><br><br>You can reach the person managing the list at<br><a href="mailto:public-owner@cabforum.org" target="_blank">public-owner@cabforum.org</a><br><br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of Public digest..."<br><br><br>Today's Topics:<br><br> 1. Re: Ballot SC10 ? Establishing the Network Security<br> Subcommittee of the SCWG (Ryan Sleevi)<br> 2. Re: Ballot SC10 ? Establishing the Network Security<br> Subcommittee of the SCWG (Tim Hollebeek)<br><br><br>----------------------------------------------------------------------<br><br>Message: 1<br>Date: Fri, 14 Sep 2018 12:19:24 -0400<br>From: Ryan Sleevi <<a href="mailto:sleevi@google.com" target="_blank">sleevi@google.com</a>><br>To: Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" target="_blank">tim.hollebeek@digicert.com</a>><br>Cc: CABFPub <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>><br>Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security<br>Subcommittee of the SCWG<br>Message-ID:<br><<a href="mailto:CACvaWvboDx1ec0bVXRnx7Eik3tgB8efxeQv06J_qYZKt7Czpzg@mail.gmail.com" target="_blank">CACvaWvboDx1ec0bVXRnx7Eik3tgB8efxeQv06J_qYZKt7Czpzg@mail.gmail.com</a>><br>Content-Type: text/plain; charset="utf-8"<br><br>Subcommittees don't have requirements for minutes or publicly-available<br>notes.<br><br>That's the point. All this thinking about subcommittees working "just like"<br>LWGs is not the case. All of that was lost from the Bylaws. A subcommittee<br>can just be two people having a chat, at least as written in the Bylaws<br>today.<br><br>There's nothing stating subcommittees work with their own mailing lists,<br>for example, in the way our old bylaws did. There's nothing establishing<br>chairs or charters or deliverables. It's a one-off note.<br><br>That's the point.<br><br>On Fri, Sep 14, 2018 at 12:13 PM Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" target="_blank">tim.hollebeek@digicert.com</a>><br>wrote:<br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'>Collaborating outside of a subcommittee has a bunch of drawbacks,<br>including a complete lack of public transparency and much weaker IPR<br>protections.<br><br><br><br>In my opinion, there?s already way, way too much going on in private that<br>would be better handled in subcommittees where everyone can participate and<br>there are publicly available notes.<br><br><br><br>-Tim<br><br><br><br>*From:* Public <<a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a>> *On Behalf Of *Wayne Thayer<br>via Public<br>*Sent:* Thursday, September 13, 2018 7:11 PM<br>*To:* Ryan Sleevi <<a href="mailto:sleevi@google.com" target="_blank">sleevi@google.com</a>>; CA/Browser Forum Public Discussion<br>List <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>><br>*Subject:* Re: [cabfpub] Ballot SC10 ? Establishing the Network Security<br>Subcommittee of the SCWG<br><br><br><br>Would it be helpful to take a step back and propose an amendment to the<br>Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I<br>would be willing to work on that. Meanwhile, if the Network Security WG<br>left some urgent work unfinished, nothing prevents SCWG members from<br>collaborating outside of the Subcommittee structure.<br><br><br><br>On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <<br><a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>> wrote:<br><br>I think that, without incorporating or responding to feedback, we will be<br>opposed to this ballot. I agree that it's unfortunate we have gotten<br>nowhere - but it's equally unfortunate to have spent two months without<br>responding to any of the substance of the issues. It's great to see<br>progress, but making small steps doesn't excuse leaving glaring issues.<br>It's better to let these fall down than to support them with fundamental<br>flaws.<br><br><br><br>Concrete feedback is:<br><br>Delete: "These renewed NCSSR documents will serve CAs, auditors and<br>browsers in giving a state of the art set of rules for the deployment and<br>operation of CAs computing infrastructures."<br><br>Rationale: That presumes this output will be valid/valuable.<br><br><br><br>Delete: "The Subcommittee may choose its own initial Chair."<br><br>Rationale: Subcommittees don't have Chairs and votes. They're just<br>meetings of the CWG with focus.<br><br><br><br>Delete: "The Network Security Subcommittee shall produce one or more<br>documents offering options to the Forum for establishing minimal security<br>standards within the scope defined above, which may be used to modify the<br>existing NCSSRs."<br><br>Rationale: This is a pretty much a non-scope as worded, but worse,<br>precludes some of the very activities you want to do. For example,<br>reforming existing requirements doesn't establish minimums, so is out of<br>scope.<br><br><br><br>Obviously, that leaves you with nothing left. Hopefully there's something<br>concrete you think should remain, and you can suggest improvements there.<br><br><br><br><br><br><br><br>On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <<a href="mailto:Kirk.Hall@entrustdatacard.com" target="_blank">Kirk.Hall@entrustdatacard.com</a>><br>wrote:<br><br>On this ballot and Ballot SC10, I?m only going to consider comments and<br>criticisms that propose specific alternate language that you will support.<br>We have spent two months on creation of Subcommittees that simply continue<br>the work we have been doing., and getting nowhere. Time to finish up!<br><br><br><br>Do you have specific alternate ballot language you want the Members to<br>consider? If so, please post.<br><br><br><br>*From:* Ryan Sleevi [mailto:<a href="mailto:sleevi@google.com" target="_blank">sleevi@google.com</a>]<br>*Sent:* Thursday, September 13, 2018 2:55 PM<br>*To:* Kirk Hall <<a href="mailto:Kirk.Hall@entrustdatacard.com" target="_blank">Kirk.Hall@entrustdatacard.com</a>>; CABFPub <<br><a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>><br>*Subject:* [EXTERNAL]Re: [cabfpub] Ballot SC10 ? Establishing the Network<br>Security Subcommittee of the SCWG<br><br><br><br>On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>><br>wrote:<br><br>*Scope: *Revising and improving the Network and Certificate Systems<br>Security Requirements (NCSSRs).<br><br><br>*Out of Scope: *No provision.<br><br>*Deliverables: *The Network Security Subcommittee shall produce one or<br>more documents offering options to the Forum for establishing minimal<br>security standards within the scope defined above, which may be used to<br>modify the existing NCSSRs. These renewed NCSSR documents will serve CAs,<br>auditors and browsers in giving a state of the art set of rules for the<br>deployment and operation of CAs computing infrastructures. The<br>Subcommittee may choose its own initial Chair.<br><br><br><br>Is this Deliverable correct? Is that scope correct? The previous WG<br>produced (only after significant prodding) a statement about 'options' -<br>which was to modifying the existing NCSSRs. It seems like we're talking now<br>about concrete recommendations for changes, and it seems more relevant to<br>note what is in scope or out of scope.<br><br><br><br>I disagree that the deliverable affirmatively stating "will serve CA,<br>auditors, and browsers".<br><br><br><br>However, there's other, more fundamental problems. Most notable is that<br>Subcommittees aren't established to have Chairs - the point of the rework<br>of the Bylaws was to make it clearer what activities are done and how they<br>fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The<br>other is that the SCWG does not yet have a defined process for the<br>establishment of subcommittees.<br><br>_______________________________________________<br>Public mailing list<br><a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br><a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></p></blockquote><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a href="http://cabforum.org/pipermail/public/attachments/20180914/7203cd81/attachment-0001.html" target="_blank">http://cabforum.org/pipermail/public/attachments/20180914/7203cd81/attachment-0001.html</a>><br><br>------------------------------<br><br>Message: 2<br>Date: Fri, 14 Sep 2018 16:29:38 +0000<br>From: Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" target="_blank">tim.hollebeek@digicert.com</a>><br>To: Ryan Sleevi <<a href="mailto:sleevi@google.com" target="_blank">sleevi@google.com</a>><br>Cc: CABFPub <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>><br>Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security<br>Subcommittee of the SCWG<br>Message-ID:<br><<a href="mailto:BN6PR14MB11066D38B44B3BF97D0857D883190@BN6PR14MB1106.namprd14.prod.outlook.com" target="_blank">BN6PR14MB11066D38B44B3BF97D0857D883190@BN6PR14MB1106.namprd14.prod.outlook.com</a>><br><br>Content-Type: text/plain; charset="utf-8"<br><br>My ballot that I didn?t get around to writing would have had something like:<br><br><br><br>?The current Bylaws lack clarity and precision about the functioning of subcommittees. Until such a time as that is corrected, subcommittees created from LWGs shall operate in the same manner as pre-governance reform working groups.?<br><br><br><br>Would that help?<br><br><br><br>-Tim<br><br><br><br>P.S. I asked the Validation WG chair if the Validation Subcommittee would continue using the validation mailing list, and continue to produce agendas and minutes, and he said yes.<br><br><br><br>From: Ryan Sleevi <<a href="mailto:sleevi@google.com" target="_blank">sleevi@google.com</a>> <br>Sent: Friday, September 14, 2018 12:19 PM<br>To: Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" target="_blank">tim.hollebeek@digicert.com</a>><br>Cc: Wayne Thayer <<a href="mailto:wthayer@mozilla.com" target="_blank">wthayer@mozilla.com</a>>; CABFPub <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>><br>Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security Subcommittee of the SCWG<br><br><br><br>Subcommittees don't have requirements for minutes or publicly-available notes.<br><br><br><br>That's the point. All this thinking about subcommittees working "just like" LWGs is not the case. All of that was lost from the Bylaws. A subcommittee can just be two people having a chat, at least as written in the Bylaws today.<br><br><br><br>There's nothing stating subcommittees work with their own mailing lists, for example, in the way our old bylaws did. There's nothing establishing chairs or charters or deliverables. It's a one-off note.<br><br><br><br>That's the point.<br><br><br><br>On Fri, Sep 14, 2018 at 12:13 PM Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" target="_blank">tim.hollebeek@digicert.com</a> <mailto:<a href="mailto:tim.hollebeek@digicert.com" target="_blank">tim.hollebeek@digicert.com</a>> > wrote:<br><br>Collaborating outside of a subcommittee has a bunch of drawbacks, including a complete lack of public transparency and much weaker IPR protections.<br><br><br><br>In my opinion, there?s already way, way too much going on in private that would be better handled in subcommittees where everyone can participate and there are publicly available notes.<br><br><br><br>-Tim<br><br><br><br>From: Public <<a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a> <mailto:<a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a>> > On Behalf Of Wayne Thayer via Public<br>Sent: Thursday, September 13, 2018 7:11 PM<br>To: Ryan Sleevi <<a href="mailto:sleevi@google.com" target="_blank">sleevi@google.com</a> <mailto:<a href="mailto:sleevi@google.com" target="_blank">sleevi@google.com</a>> >; CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a> <mailto:<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>> ><br>Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security Subcommittee of the SCWG<br><br><br><br>Would it be helpful to take a step back and propose an amendment to the Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I would be willing to work on that. Meanwhile, if the Network Security WG left some urgent work unfinished, nothing prevents SCWG members from collaborating outside of the Subcommittee structure.<br><br><br><br>On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a> <mailto:<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>> > wrote:<br><br>I think that, without incorporating or responding to feedback, we will be opposed to this ballot. I agree that it's unfortunate we have gotten nowhere - but it's equally unfortunate to have spent two months without responding to any of the substance of the issues. It's great to see progress, but making small steps doesn't excuse leaving glaring issues. It's better to let these fall down than to support them with fundamental flaws.<br><br><br><br>Concrete feedback is:<br><br>Delete: "These renewed NCSSR documents will serve CAs, auditors and browsers in giving a state of the art set of rules for the deployment and operation of CAs computing infrastructures."<br><br>Rationale: That presumes this output will be valid/valuable.<br><br><br><br>Delete: "The Subcommittee may choose its own initial Chair."<br><br>Rationale: Subcommittees don't have Chairs and votes. They're just meetings of the CWG with focus.<br><br><br><br>Delete: "The Network Security Subcommittee shall produce one or more documents offering options to the Forum for establishing minimal security standards within the scope defined above, which may be used to modify the existing NCSSRs."<br><br>Rationale: This is a pretty much a non-scope as worded, but worse, precludes some of the very activities you want to do. For example, reforming existing requirements doesn't establish minimums, so is out of scope.<br><br><br><br>Obviously, that leaves you with nothing left. Hopefully there's something concrete you think should remain, and you can suggest improvements there.<br><br><br><br><br><br><br><br>On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <<a href="mailto:Kirk.Hall@entrustdatacard.com" target="_blank">Kirk.Hall@entrustdatacard.com</a> <mailto:<a href="mailto:Kirk.Hall@entrustdatacard.com" target="_blank">Kirk.Hall@entrustdatacard.com</a>> > wrote:<br><br>On this ballot and Ballot SC10, I?m only going to consider comments and criticisms that propose specific alternate language that you will support. We have spent two months on creation of Subcommittees that simply continue the work we have been doing., and getting nowhere. Time to finish up!<br><br><br><br>Do you have specific alternate ballot language you want the Members to consider? If so, please post.<br><br><br><br>From: Ryan Sleevi [mailto:<a href="mailto:sleevi@google.com" target="_blank">sleevi@google.com</a> <mailto:<a href="mailto:sleevi@google.com" target="_blank">sleevi@google.com</a>> ] <br>Sent: Thursday, September 13, 2018 2:55 PM<br>To: Kirk Hall <<a href="mailto:Kirk.Hall@entrustdatacard.com" target="_blank">Kirk.Hall@entrustdatacard.com</a> <mailto:<a href="mailto:Kirk.Hall@entrustdatacard.com" target="_blank">Kirk.Hall@entrustdatacard.com</a>> >; CABFPub <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a> <mailto:<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>> ><br>Subject: [EXTERNAL]Re: [cabfpub] Ballot SC10 ? Establishing the Network Security Subcommittee of the SCWG<br><br><br><br>On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a> <mailto:<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>> > wrote:<br><br>Scope: Revising and improving the Network and Certificate Systems Security Requirements (NCSSRs). <br><br><br>Out of Scope: No provision.<br><br>Deliverables: The Network Security Subcommittee shall produce one or more documents offering options to the Forum for establishing minimal security standards within the scope defined above, which may be used to modify the existing NCSSRs. These renewed NCSSR documents will serve CAs, auditors and browsers in giving a state of the art set of rules for the deployment and operation of CAs computing infrastructures. The Subcommittee may choose its own initial Chair.<br><br><br><br>Is this Deliverable correct? Is that scope correct? The previous WG produced (only after significant prodding) a statement about 'options' - which was to modifying the existing NCSSRs. It seems like we're talking now about concrete recommendations for changes, and it seems more relevant to note what is in scope or out of scope.<br><br><br><br>I disagree that the deliverable affirmatively stating "will serve CA, auditors, and browsers".<br><br><br><br>However, there's other, more fundamental problems. Most notable is that Subcommittees aren't established to have Chairs - the point of the rework of the Bylaws was to make it clearer what activities are done and how they fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The other is that the SCWG does not yet have a defined process for the establishment of subcommittees.<br><br>_______________________________________________<br>Public mailing list<br><a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a> <mailto:<a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a>> <br><a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a href="http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.html" target="_blank">http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.html</a>><br>-------------- next part --------------<br>A non-text attachment was scrubbed...<br>Name: smime.p7s<br>Type: application/pkcs7-signature<br>Size: 4940 bytes<br>Desc: not available<br>URL: <<a href="http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.p7s" target="_blank">http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.p7s</a>><br><br>------------------------------<br><br>Subject: Digest Footer<br><br>_______________________________________________<br>Public mailing list<br><a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br><a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br><br><br>------------------------------<br><br>End of Public Digest, Vol 77, Issue 81<br>**************************************<o:p></o:p></p></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>_______________________________________________<br>Public mailing list<br><a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br><a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></p></blockquote></div></div></div></div></blockquote></div><p class=MsoNormal>_______________________________________________<br>Public mailing list<br><a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br><a href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></p></div></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>