<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 11/11/2021 5:56 μ.μ., Tim Hollebeek
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DM8PR14MB5237511D481E0C6A279B5F5C83949@DM8PR14MB5237.namprd14.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">I don’t think it can be done. Remember,
the entire point of various people not being in various
working groups is because they don’t want to review, disclose,
or grant licenses based on updates to the documents in that
working group.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">While it would be nice if everyone joined
the NetSec working group, so that we’re sure that the NCSSRs
are free from IPR encumbrances, I don’t think we can force
everyone to do so. Which is essentially what you’d be doing
by expanding IPR review to all the CWGs.</p>
</div>
</blockquote>
<br>
If the IP review notice was sent out to all working groups, Members
of all WGs would need to review and send any notices to the Chair
that started the Review period, according to the Bylaws in section
2.4-6.<br>
<br>
Wouldn't this process work? This process is still not enforcing all
Working Groups to adopt the updated Guideline, it just completes the
IP Review phase in the NetSec WG in a more effective/efficient way.<br>
<br>
<br>
Dimitris.<br>
<br>
<blockquote type="cite"
cite="mid:DM8PR14MB5237511D481E0C6A279B5F5C83949@DM8PR14MB5237.namprd14.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">-Tim<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in
0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Ben Wilson
<a class="moz-txt-link-rfc2396E" href="mailto:bwilson@mozilla.com"><bwilson@mozilla.com></a> <br>
<b>Sent:</b> Wednesday, November 10, 2021 10:31 AM<br>
<b>To:</b> Dimitris Zacharopoulos
<a class="moz-txt-link-rfc2396E" href="mailto:dzacharo@harica.gr"><dzacharo@harica.gr></a><br>
<b>Cc:</b> CABforum1 <a class="moz-txt-link-rfc2396E" href="mailto:public@cabforum.org"><public@cabforum.org></a>; Tim
Hollebeek <a class="moz-txt-link-rfc2396E" href="mailto:tim.hollebeek@digicert.com"><tim.hollebeek@digicert.com></a><br>
<b>Subject:</b> Re: [cabfpub] Draft Working Group
Charter for Network Security WG<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">I can add your first point into the
ballot.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Does anyone have any language that
would address Dimitris' second point, about enforcement
across the board for the entire CAB Forum? We don't want
to have to track different versions among Working
Groups.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Ben<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Tue, Nov 9, 2021, 11:36 PM
Dimitris Zacharopoulos <<a
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true" class="moz-txt-link-freetext">dzacharo@harica.gr</a>>
wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal"><span
style="font-family:"Arial",sans-serif">Ben,</span>
<br>
<br>
<span style="font-family:"Arial",sans-serif">To
minimize the risk of including IP protected material
in the NetSec Guidelines, I propose that the IPR
review process includes all Chartered Working
Groups. Exclusion notices might arrive by any Member
of any CWG.</span> <br>
<br>
<span style="font-family:"Arial",sans-serif">At
the same time, all CWG members will be aware of
changes in the NetSec WG Guidelines because they
would need to check for IPR issues.</span> <br>
<br>
<span style="font-family:"Arial",sans-serif">Thoughts
about that?</span> <br>
<br>
<span style="font-family:"Arial",sans-serif">On
the updated language and "enforcement" of updated
NetSec Guidelines to other Working Groups, I'm
afraid it is not allowed. Chartered Working Groups
have the necessary isolation from the Bylaws so that
one CWG doesn't affect the work of another CWG, so
I'm afraid this language is inconsistent with the
current Bylaws.</span> <br>
<br>
<br>
<span style="font-family:"Arial",sans-serif">Dimitris.</span>
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p>Nov 10, 2021 05:20:40 Ben Wilson via Public <<a
href="mailto:public@cabforum.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">public@cabforum.org</a>>:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid
#CCCCCC 2.25pt;padding:0in 0in 0in
2.0pt;margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">Here is another iteration
of the charter proposal, based on today's
teleconference of the NetSec subcommittee: <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a
href="https://docs.google.com/document/d/1nrUFymusJV7YrvQBQ-2v6XbJgLGXOIieQMHu6AlaEPc"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://docs.google.com/document/d/1nrUFymusJV7YrvQBQ-2v6XbJgLGXOIieQMHu6AlaEPc</a>
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Of note, I replaced the
previously proposed section 5 with: <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">" <b><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif;color:black">5.
Applicability of new NCSSR versions </span></b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">– Discussion
and voting on any ballot to change the
NCSSRs shall proceed within the NetSec WG in
accordance with sections 2.3 and 2.4 of the
Bylaws. Additionally, notice of the proposed
ballot and discussion period shall be given
to the SCWG, the CSCWG, and the SMCWG via
their Public Mail Lists. If the ballot to
change the NCSSRs passes the Initial Vote,
then the new version of the NCSSRs shall be
considered binding and effective on any
working group that does not pass a ballot
rejecting the new version before the close
of the IPR Review Period." </span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Fri, Nov 5, 2021 at
10:09 AM Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>>
wrote: <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">So,
the approach I’ve been advocating so far
in various WGs is the following:<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<ol type="1" start="1">
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1
level1 lfo1">NetSec WG produces and
maintains versions of the NCSSRs<o:p></o:p></li>
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1
level1 lfo1">Individual WGs point to a
specific version of the NCSSRs<o:p></o:p></li>
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1
level1 lfo1">Individual WGs from time to
time, evaluate and consume new versions,
and update the version of the NCSSRs
they reference<o:p></o:p></li>
</ol>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">With
some iterative feedback and
collaboration. This is the standard way
of handling standards dependencies, and is
very much in line with how software
dependencies are handled. It’s also how,
for example, the Code Signing WG manages
it’s dependency on the TLS BRs.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">However,
that model might not be desirable in this
case, as issuing systems for CAs are
almost certainly shared across the use
cases, and divergences among the WGs as to
which version of the NCSSRs they reference
would put certificate issuers in a bit of
a pickle. The WebTrust audit framework
also might need to change, as it typically
bundles the NCSSRs into other audits and
can’t easily deal with multiple relevant
versions of the NCSSRs.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I
wanted to bring this issue up so we can
discuss potential solutions, which might
include potential modifications to this
charter. For example, we may want to
modify the voting structure and/or
procedures to make sure modifications to
the NCSSRs have the support of all the
downstream consumers before the changes
are approved, instead of having to deal
with that as a second step. This would
also avoid the other problem that the
NetSec working group has had, which is
where changes are debated and approved by
NetSec, but then have to be relitigated at
the Server Cert level, often with a lot of
wasted effort. I hope that certain recent
changes mean that that problem has now
been overtaken by events, but it does seem
like it would be more productive if
everyone agreed across all working groups
on NCCSR updates before they’re approved,
so that they can be adopted in a uniform
way.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Any
other thoughts or feedback? I would love
to hear other approaches that might work,
I just want to avoid having to deal with
version skew problems with the NCSSRs.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">It’s
possible that longer term, the NetSec
working group should grow up to be the
“Baseline Baseline” working group that was
discussed during governance reform, that
is tasked with handling all of the
cross-cutting concerns that are best
handled in a coordinated manner across all
of the working groups. While each working
group does have its own unique needs and
needs to have the ability to maintain
their own requirements, there are lots of
other cases beyond the NCSSRs where
uniformity is more important, and now that
we’re close to having all the policies in
3647 format, it’s relatively
straightforward to maintain them in this
way.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">-Tim<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div style="border:none;border-left:solid
windowtext 1.5pt;padding:0in 0in 0in
4.0pt;border-color:currentcolor
currentcolor currentcolor blue">
<div>
<div style="border:none;border-top:solid
windowtext 1.0pt;padding:3.0pt 0in 0in
0in;border-color:currentcolor
currentcolor">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b>From:</b>
Public <<a
href="mailto:public-bounces@cabforum.org"
target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">public-bounces@cabforum.org</a>>
<b>On Behalf Of </b>Ben Wilson via
Public<br>
<b>Sent:</b> Thursday, October 28,
2021 12:35 PM<br>
<b>To:</b> CABforum1 <<a
href="mailto:public@cabforum.org"
target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">public@cabforum.org</a>><br>
<b>Subject:</b> [cabfpub] Draft
Working Group Charter for Network
Security WG<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">All,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Here
is a draft charter for a Network
Security Working Group. Please
provide your comments, and then we
will finalize this work in the form
of a Forum Ballot and Server
Certificate WG Ballot.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Thanks,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Ben<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p style="margin-bottom:12.0pt"
id="m_423170240647867173gmail-m_-9042216088485262229gmail-docs-internal-guid-8dd19628-7fff-46c9-4209-a1a5e4e3a650"><b><span
style="font-size:18.0pt;font-family:"Times New
Roman",serif;color:black">Overview</span></b><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">In
January 2013 the CA/Browser
Forum’s “Network and Certificate
System Security Requirements”
(NCSSRs) became effective. In June
2017, the Forum chartered a
Network Security Working Group to
re-visit the NCSSRs. That charter
expired on June 19, 2018, and in
October 2018, the Server
Certificate Working Group (SCWG)
established a Network Security
Subcommittee (NetSec Subcommittee)
to continue work on the NCSSRs.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">This
ballot proposes to charter a new
Network Security Working Group
(NetSec WG) to replace the NetSec
Subcommittee, to continue work on
the NCSSRs, and to conduct any and
all business related to improving
the security of Certification
Authorities. </span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">Following
the passage of this/these
ballot(s):</span><o:p></o:p></p>
<ol style="margin-top:0in" type="1"
start="1">
<li class="MsoNormal"
style="color:black;margin-top:12.0pt;mso-list:l0
level1
lfo2;vertical-align:baseline"><span
style="font-size:12.0pt;font-family:"Times New Roman",serif">A
new NetSec WG will be chartered
under the CA/B Forum, pursuant
to section 5.3.1 of the Bylaws;</span><o:p></o:p></li>
<li class="MsoNormal"
style="color:black;mso-list:l0
level1
lfo2;vertical-align:baseline"><span
style="font-size:12.0pt;font-family:"Times New Roman",serif">The
SCWG’s existing NetSec
Subcommittee will be dissolved
by the SCWG and the Charter of
the SCWG will be amended to note
that work on the NCSSRs are
within the authorized scope of
the NetSec WG; </span><o:p></o:p></li>
<li class="MsoNormal"
style="color:black;mso-list:l0
level1
lfo2;vertical-align:baseline"><span
style="font-size:12.0pt;font-family:"Times New Roman",serif">The
existing mailing list and other
materials developed for the
NetSec Subcommittee will be
repurposed for use by the NetSec
WG; and</span><o:p></o:p></li>
<li class="MsoNormal"
style="color:black;margin-bottom:12.0pt;mso-list:l0
level1
lfo2;vertical-align:baseline"><span
style="font-size:12.0pt;font-family:"Times New Roman",serif">The
Forum will develop a procedure
to coordinate the NetSec WG’s
adoption of security-related
recommendations for requirements
or guidelines that are within
the purview of the other Forum
WGs (the BRs/EVGs by the SCWG,
Baseline Requirements for Code
Signing Certificates of the
CSCWG, etc.). </span><o:p></o:p></li>
</ol>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:18.0pt;font-family:"Times New
Roman",serif;color:black">NetSec
WG Charter</span></b><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">A
chartered Working Group (“NetSec
WG”) is created to perform the
activities as specified in this
Charter, subject to the terms and
conditions of the CA/Browser Forum
Bylaws (<a
href="https://cabforum.org/bylaws/"
target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://cabforum.org/bylaws/</a>)
and Intellectual Property Rights
(IPR) Policy (<a
href="https://cabforum.org/ipr-policy/"
target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://cabforum.org/ipr-policy/</a>),
as such documents may change from
time to time. This charter for the
NetSec WG has been created
according to CAB Forum Bylaw
5.3.1. In the event of a conflict
between this Charter and any
provision in either the Bylaws or
the IPR Policy, the provision in
the Bylaws or IPR Policy shall
take precedence. The definitions
found in the Forum’s Bylaws shall
apply to capitalized terms in this
Charter.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">1.
Scope</span></b><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif;color:black">
- The scope of work performed by
the NetSec WG includes:</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">1.
To modify and maintain the
existing Network and Certificate
System Security Requirements
(NCSSRs), or a successor
requirements document;</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">2.
To make recommendations for
improvements to security controls
in the requirements or guidelines
adopted by other Forum WGs (e.g.
see sections 5 and 6 of the
Baseline Requirements);</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">3.
To create new requirements,
guidelines, and best practices
related to the security of CA
operations;</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">4.
To perform risk analyses,
security analyses, and other types
of reviews of threats and
vulnerabilities applicable to CA
operations involved in the
issuance and maintenance of
publicly trusted certificates
(e.g. server certificates, code
signing certificates, SMIME
certificates, etc.); and</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">5.
To perform other activities
ancillary to the primary
activities listed above.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">2.
Out of Scope</span></b><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif;color:black">
– The NetSec WG shall not adopt
requirements, Guidelines, or
Maintenance Guidelines concerning
certificate profiles, validation
processes, certificate issuance,
certificate revocation, or
subscriber obligations.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">3.
End Date</span></b><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif;color:black">
– The NetSec WG shall continue
until it is dissolved by a vote of
the CA/B Forum.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">4.
Deliverables</span></b><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif;color:black">
- The NetSec WG shall be
responsible for delivering and
maintaining the NCSSRs and any
other documents the group may
choose to develop and maintain.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">5.
Participation and Membership</span></b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black"> –
Membership in the NetSec WG shall
be limited to Certificate Issuer
Members and Certificate Consumer
Members of the Server Certificate
Working Group, the Code Signing
Certificate Working Group, or the
SMIME Certificate Working Group.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">In
accordance with the IPR Policy,
Members that choose to participate
in the NetSec WG MUST declare
their participation and shall do
so prior to participating. A
Member must declare its
participation in the NetSec WG by
requesting to be added to the
mailing list. The Chair of the
NetSec WG shall establish a list
for declarations of participation
and manage it in accordance with
the Bylaws, the IPR Policy, and
the IPR Agreement.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">The
NetSec WG shall include
Interested Parties and Associate
Members as defined in the Bylaws.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">Resignation
from the NetSec WG does not
prevent a participant from
potentially having continuing
obligations under the Forum’s IPR
Policy or any other document.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">6.
Voting Structure</span></b><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">The
NetSec WG shall consist of two
classes of voting members,
Certificate Issuers and
Certificate Consumers. In order
for a ballot to be adopted by the
NetSec WG, two-thirds or more of
the votes cast by the Certificate
Issuers must be in favor of the
ballot and more than 50% of the
votes cast by the Certificate
Consumers must be in favor of the
ballot. At least one member of
each class must vote in favor of a
ballot for it to be adopted.
Quorum is the average number of
Member organizations (cumulative,
regardless of Class) that have
participated in the previous three
NetSec WG Meetings or
Teleconferences (not counting
subcommittee meetings thereof).
For transition purposes, if three
meetings have not yet occurred,
then quorum is ten (10).</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">7.
Leadership</span></b><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">Chair</span></b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black"> –
Clint Wilson shall be the initial
Chair of the NetSec WG.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">Vice-Chair</span></b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black"> -
David Kluge shall be the initial
Vice-Chair of the NetSec WG.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">Term.</span></b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">
The Chair and Vice-Chair will
serve until October 31, 2022, or
until they are replaced, resign,
or are otherwise disqualified.
Thereafter, elections shall be
held for chair and vice chair
every two years in coordination
with the Forum’s election process
and in conjunction with its
election cycle. Voting shall occur
in accordance with Bylaw 4.1(c).
In the event of a midterm vacancy,
the NetSec WG will hold a special
election and the selected
candidate will serve the remainder
of the existing term.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">8.
Communication</span></b><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif;color:black">
- NetSec WG communications and
documents shall be posted on
mailing-lists where the
mail-archives are publicly
accessible, and the NetSec WG
shall publish minutes of its
meetings to the Forum’s website.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">9.
IPR Policy</span></b><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif;color:black">
- The CA/Browser Forum
Intellectual Rights Policy, v. 1.3
or later, shall apply to all
Working Group activity.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">10.</span></b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black"> <b>Other
Organizational Matters</b></span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">Reserved.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:black">Effect
of Forum Bylaws Amendment on
Working Group</span></b><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif;color:black">
- In the event that Forum Bylaws
are amended to add or modify
general rules governing Forum
Working Groups and how they
operate, such provisions of the
Bylaws take precedence over this
charter.</span><o:p></o:p></p>
<p style="margin-bottom:12.0pt"><span
style="font-family:"Arial",sans-serif;color:black"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<div>
<p class="MsoNormal">_______________________________________________
<br>
Public mailing list <br>
<a href="mailto:Public@cabforum.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Public@cabforum.org</a>
<br>
<a
href="https://lists.cabforum.org/mailman/listinfo/public"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.cabforum.org/mailman/listinfo/public</a>
<o:p></o:p></p>
</div>
</blockquote>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>