<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">FWIW, I think we need to be careful about discussing IPR policy implications without references to the relevant part of the IPR policy, which governs here. The policy, as I understand it, only obligates WG participants to IPR obligations. The implications of various approaches vary widely (and as both Tim and Dimitris have pointed out, in problematic directions in some cases). Perhaps taking a step back and outlining the goals of the re-charter more explicitly will help us better map potential engagement models and identify issues that need to be resolved as well.</span><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Nov 11, 2021, at 8:30 AM, Dimitris Zacharopoulos (HARICA) via Public <<a href="mailto:public@cabforum.org" class="">public@cabforum.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><div class="moz-cite-prefix" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">On 11/11/2021 5:56 μ.μ., Tim Hollebeek wrote:<br class=""></div><blockquote type="cite" cite="mid:DM8PR14MB5237511D481E0C6A279B5F5C83949@DM8PR14MB5237.namprd14.prod.outlook.com" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><div class="WordSection1" style="page: WordSection1;"><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">I don’t think it can be done. Remember, the entire point of various people not being in various working groups is because they don’t want to review, disclose, or grant licenses based on updates to the documents in that working group.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">While it would be nice if everyone joined the NetSec working group, so that we’re sure that the NCSSRs are free from IPR encumbrances, I don’t think we can force everyone to do so. Which is essentially what you’d be doing by expanding IPR review to all the CWGs.</div></div></blockquote><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">If the IP review notice was sent out to all working groups, Members of all WGs would need to review and send any notices to the Chair that started the Review period, according to the Bylaws in section 2.4-6.</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Wouldn't this process work? This process is still not enforcing all Working Groups to adopt the updated Guideline, it just completes the IP Review phase in the NetSec WG in a more effective/efficient way.</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Dimitris.</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><blockquote type="cite" cite="mid:DM8PR14MB5237511D481E0C6A279B5F5C83949@DM8PR14MB5237.namprd14.prod.outlook.com" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><div class="WordSection1" style="page: WordSection1;"><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">-Tim<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="border-style: none none none solid; border-left-width: 1.5pt; border-left-color: blue; padding: 0in 0in 0in 4pt;" class=""><div class=""><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0in 0in;" class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">From:</b><span class="Apple-converted-space"> </span>Ben Wilson<span class="Apple-converted-space"> </span><a class="moz-txt-link-rfc2396E" href="mailto:bwilson@mozilla.com" style="color: blue; text-decoration: underline;"><bwilson@mozilla.com></a><span class="Apple-converted-space"> </span><br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Wednesday, November 10, 2021 10:31 AM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>Dimitris Zacharopoulos<span class="Apple-converted-space"> </span><a class="moz-txt-link-rfc2396E" href="mailto:dzacharo@harica.gr" style="color: blue; text-decoration: underline;"><dzacharo@harica.gr></a><br class=""><b class="">Cc:</b><span class="Apple-converted-space"> </span>CABforum1<span class="Apple-converted-space"> </span><a class="moz-txt-link-rfc2396E" href="mailto:public@cabforum.org" style="color: blue; text-decoration: underline;"><public@cabforum.org></a>; Tim Hollebeek<span class="Apple-converted-space"> </span><a class="moz-txt-link-rfc2396E" href="mailto:tim.hollebeek@digicert.com" style="color: blue; text-decoration: underline;"><tim.hollebeek@digicert.com></a><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [cabfpub] Draft Working Group Charter for Network Security WG<o:p class=""></o:p></div></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">I can add your first point into the ballot.<o:p class=""></o:p></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Does anyone have any language that would address Dimitris' second point, about enforcement across the board for the entire CAB Forum? We don't want to have to track different versions among Working Groups.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Thanks,<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Ben<o:p class=""></o:p></div></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">On Tue, Nov 9, 2021, 11:36 PM Dimitris Zacharopoulos <<a href="mailto:dzacharo@harica.gr" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: blue; text-decoration: underline;">dzacharo@harica.gr</a>> wrote:<o:p class=""></o:p></div></div><blockquote style="border-style: none none none solid; border-left-width: 1pt; border-left-color: rgb(204, 204, 204); padding: 0in 0in 0in 6pt; margin-left: 4.8pt; margin-right: 0in;" class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-family: Arial, sans-serif;" class="">Ben,</span><span class="Apple-converted-space"> </span><br class=""><br class=""><span style="font-family: Arial, sans-serif;" class="">To minimize the risk of including IP protected material in the NetSec Guidelines, I propose that the IPR review process includes all Chartered Working Groups. Exclusion notices might arrive by any Member of any CWG.</span><span class="Apple-converted-space"> </span><br class=""><br class=""><span style="font-family: Arial, sans-serif;" class="">At the same time, all CWG members will be aware of changes in the NetSec WG Guidelines because they would need to check for IPR issues.</span><span class="Apple-converted-space"> </span><br class=""><br class=""><span style="font-family: Arial, sans-serif;" class="">Thoughts about that?</span><span class="Apple-converted-space"> </span><br class=""><br class=""><span style="font-family: Arial, sans-serif;" class="">On the updated language and "enforcement" of updated NetSec Guidelines to other Working Groups, I'm afraid it is not allowed. Chartered Working Groups have the necessary isolation from the Bylaws so that one CWG doesn't affect the work of another CWG, so I'm afraid this language is inconsistent with the current Bylaws.</span><span class="Apple-converted-space"> </span><br class=""><br class=""><br class=""><span style="font-family: Arial, sans-serif;" class="">Dimitris.</span><o:p class=""></o:p></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div class=""><p class="">Nov 10, 2021 05:20:40 Ben Wilson via Public <<a href="mailto:public@cabforum.org" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: blue; text-decoration: underline;">public@cabforum.org</a>>:<o:p class=""></o:p></p></div><blockquote style="border-style: none none none solid; border-left-width: 2.25pt; border-left-color: rgb(204, 204, 204); padding: 0in 0in 0in 2pt; margin-top: 5pt; margin-bottom: 5pt;" class=""><div class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Here is another iteration of the charter proposal, based on today's teleconference of the NetSec subcommittee:<span class="Apple-converted-space"> </span><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><a href="https://docs.google.com/document/d/1nrUFymusJV7YrvQBQ-2v6XbJgLGXOIieQMHu6AlaEPc" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: blue; text-decoration: underline;">https://docs.google.com/document/d/1nrUFymusJV7YrvQBQ-2v6XbJgLGXOIieQMHu6AlaEPc</a><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Of note, I replaced the previously proposed section 5 with:<span class="Apple-converted-space"> </span><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">"<span class="Apple-converted-space"> </span><b class=""><span style="font-size: 12pt;" class="">5. Applicability of new NCSSR versions<span class="Apple-converted-space"> </span></span></b><span style="font-size: 12pt;" class="">– Discussion and voting on any ballot to change the NCSSRs shall proceed within the NetSec WG in accordance with sections 2.3 and 2.4 of the Bylaws. Additionally, notice of the proposed ballot and discussion period shall be given to the SCWG, the CSCWG, and the SMCWG via their Public Mail Lists. If the ballot to change the NCSSRs passes the Initial Vote, then the new version of the NCSSRs shall be considered binding and effective on any working group that does not pass a ballot rejecting the new version before the close of the IPR Review Period."<span class="Apple-converted-space"> </span></span><o:p class=""></o:p></div></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">On Fri, Nov 5, 2021 at 10:09 AM Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: blue; text-decoration: underline;">tim.hollebeek@digicert.com</a>> wrote:<span class="Apple-converted-space"> </span><o:p class=""></o:p></div></div><blockquote style="border-style: none none none solid; border-left-width: 1pt; border-left-color: rgb(204, 204, 204); padding: 0in 0in 0in 6pt; margin-left: 4.8pt; margin-right: 0in;" class=""><div class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">So, the approach I’ve been advocating so far in various WGs is the following:<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><ol type="1" start="1" style="margin-bottom: 0in;" class=""><li class="MsoNormal" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">NetSec WG produces and maintains versions of the NCSSRs<o:p class=""></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Individual WGs point to a specific version of the NCSSRs<o:p class=""></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Individual WGs from time to time, evaluate and consume new versions, and update the version of the NCSSRs they reference<o:p class=""></o:p></li></ol><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">With some iterative feedback and collaboration. This is the standard way of handling standards dependencies, and is very much in line with how software dependencies are handled. It’s also how, for example, the Code Signing WG manages it’s dependency on the TLS BRs.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">However, that model might not be desirable in this case, as issuing systems for CAs are almost certainly shared across the use cases, and divergences among the WGs as to which version of the NCSSRs they reference would put certificate issuers in a bit of a pickle. The WebTrust audit framework also might need to change, as it typically bundles the NCSSRs into other audits and can’t easily deal with multiple relevant versions of the NCSSRs.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">I wanted to bring this issue up so we can discuss potential solutions, which might include potential modifications to this charter. For example, we may want to modify the voting structure and/or procedures to make sure modifications to the NCSSRs have the support of all the downstream consumers before the changes are approved, instead of having to deal with that as a second step. This would also avoid the other problem that the NetSec working group has had, which is where changes are debated and approved by NetSec, but then have to be relitigated at the Server Cert level, often with a lot of wasted effort. I hope that certain recent changes mean that that problem has now been overtaken by events, but it does seem like it would be more productive if everyone agreed across all working groups on NCCSR updates before they’re approved, so that they can be adopted in a uniform way.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Any other thoughts or feedback? I would love to hear other approaches that might work, I just want to avoid having to deal with version skew problems with the NCSSRs.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">It’s possible that longer term, the NetSec working group should grow up to be the “Baseline Baseline” working group that was discussed during governance reform, that is tasked with handling all of the cross-cutting concerns that are best handled in a coordinated manner across all of the working groups. While each working group does have its own unique needs and needs to have the ability to maintain their own requirements, there are lots of other cases beyond the NCSSRs where uniformity is more important, and now that we’re close to having all the policies in 3647 format, it’s relatively straightforward to maintain them in this way.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">-Tim<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="border-style: none none none solid; border-left-width: 1.5pt; padding: 0in 0in 0in 4pt; border-color: currentcolor currentcolor currentcolor blue;" class=""><div class=""><div style="border-style: solid none none; border-top-width: 1pt; padding: 3pt 0in 0in; border-color: currentcolor;" class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">From:</b><span class="Apple-converted-space"> </span>Public <<a href="mailto:public-bounces@cabforum.org" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: blue; text-decoration: underline;">public-bounces@cabforum.org</a>><span class="Apple-converted-space"> </span><b class="">On Behalf Of<span class="Apple-converted-space"> </span></b>Ben Wilson via Public<br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Thursday, October 28, 2021 12:35 PM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>CABforum1 <<a href="mailto:public@cabforum.org" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: blue; text-decoration: underline;">public@cabforum.org</a>><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>[cabfpub] Draft Working Group Charter for Network Security WG<o:p class=""></o:p></div></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">All,<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Here is a draft charter for a Network Security Working Group. Please provide your comments, and then we will finalize this work in the form of a Forum Ballot and Server Certificate WG Ballot.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Thanks,<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Ben<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><p id="m_423170240647867173gmail-m_-9042216088485262229gmail-docs-internal-guid-8dd19628-7fff-46c9-4209-a1a5e4e3a650" style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 18pt;" class="">Overview</span></b><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">In January 2013 the CA/Browser Forum’s “Network and Certificate System Security Requirements” (NCSSRs) became effective. In June 2017, the Forum chartered a Network Security Working Group to re-visit the NCSSRs. That charter expired on June 19, 2018, and in October 2018, the Server Certificate Working Group (SCWG) established a Network Security Subcommittee (NetSec Subcommittee) to continue work on the NCSSRs.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">This ballot proposes to charter a new Network Security Working Group (NetSec WG) to replace the NetSec Subcommittee, to continue work on the NCSSRs, and to conduct any and all business related to improving the security of Certification Authorities. </span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">Following the passage of this/these ballot(s):</span><o:p class=""></o:p></p><ol type="1" start="1" style="margin-bottom: 0in; margin-top: 0in;" class=""><li class="MsoNormal" style="margin: 12pt 0in 0in; font-size: 11pt; font-family: Calibri, sans-serif; vertical-align: baseline;"><span style="font-size: 12pt; font-family: "Times New Roman", serif;" class="">A new NetSec WG will be chartered under the CA/B Forum, pursuant to section 5.3.1 of the Bylaws;</span><o:p class=""></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; vertical-align: baseline;"><span style="font-size: 12pt; font-family: "Times New Roman", serif;" class="">The SCWG’s existing NetSec Subcommittee will be dissolved by the SCWG and the Charter of the SCWG will be amended to note that work on the NCSSRs are within the authorized scope of the NetSec WG; </span><o:p class=""></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; vertical-align: baseline;"><span style="font-size: 12pt; font-family: "Times New Roman", serif;" class="">The existing mailing list and other materials developed for the NetSec Subcommittee will be repurposed for use by the NetSec WG; and</span><o:p class=""></o:p></li><li class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif; vertical-align: baseline;"><span style="font-size: 12pt; font-family: "Times New Roman", serif;" class="">The Forum will develop a procedure to coordinate the NetSec WG’s adoption of security-related recommendations for requirements or guidelines that are within the purview of the other Forum WGs (the BRs/EVGs by the SCWG, Baseline Requirements for Code Signing Certificates of the CSCWG, etc.). </span><o:p class=""></o:p></li></ol><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 18pt;" class="">NetSec WG Charter</span></b><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">A chartered Working Group (“NetSec WG”) is created to perform the activities as specified in this Charter, subject to the terms and conditions of the CA/Browser Forum Bylaws (<a href="https://cabforum.org/bylaws/" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: blue; text-decoration: underline;">https://cabforum.org/bylaws/</a>) and Intellectual Property Rights (IPR) Policy (<a href="https://cabforum.org/ipr-policy/" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: blue; text-decoration: underline;">https://cabforum.org/ipr-policy/</a>), as such documents may change from time to time. This charter for the NetSec WG has been created according to CAB Forum Bylaw 5.3.1. In the event of a conflict between this Charter and any provision in either the Bylaws or the IPR Policy, the provision in the Bylaws or IPR Policy shall take precedence. The definitions found in the Forum’s Bylaws shall apply to capitalized terms in this Charter.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">1. Scope</span></b><span style="font-size: 12pt;" class=""><span class="Apple-converted-space"> </span>- The scope of work performed by the NetSec WG includes:</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">1. To modify and maintain the existing Network and Certificate System Security Requirements (NCSSRs), or a successor requirements document;</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">2. To make recommendations for improvements to security controls in the requirements or guidelines adopted by other Forum WGs (e.g. see sections 5 and 6 of the Baseline Requirements);</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">3. To create new requirements, guidelines, and best practices related to the security of CA operations;</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">4. To perform risk analyses, security analyses, and other types of reviews of threats and vulnerabilities applicable to CA operations involved in the issuance and maintenance of publicly trusted certificates (e.g. server certificates, code signing certificates, SMIME certificates, etc.); and</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">5. To perform other activities ancillary to the primary activities listed above.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">2. Out of Scope</span></b><span style="font-size: 12pt;" class=""><span class="Apple-converted-space"> </span>– The NetSec WG shall not adopt requirements, Guidelines, or Maintenance Guidelines concerning certificate profiles, validation processes, certificate issuance, certificate revocation, or subscriber obligations.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">3. End Date</span></b><span style="font-size: 12pt;" class=""><span class="Apple-converted-space"> </span>– The NetSec WG shall continue until it is dissolved by a vote of the CA/B Forum.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">4. Deliverables</span></b><span style="font-size: 12pt;" class=""><span class="Apple-converted-space"> </span>- The NetSec WG shall be responsible for delivering and maintaining the NCSSRs and any other documents the group may choose to develop and maintain.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">5. Participation and Membership</span></b><span style="font-size: 12pt;" class=""><span class="Apple-converted-space"> </span>– Membership in the NetSec WG shall be limited to Certificate Issuer Members and Certificate Consumer Members of the Server Certificate Working Group, the Code Signing Certificate Working Group, or the SMIME Certificate Working Group.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">In accordance with the IPR Policy, Members that choose to participate in the NetSec WG MUST declare their participation and shall do so prior to participating. A Member must declare its participation in the NetSec WG by requesting to be added to the mailing list. The Chair of the NetSec WG shall establish a list for declarations of participation and manage it in accordance with the Bylaws, the IPR Policy, and the IPR Agreement.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">The NetSec WG shall include Interested Parties and Associate Members as defined in the Bylaws.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">Resignation from the NetSec WG does not prevent a participant from potentially having continuing obligations under the Forum’s IPR Policy or any other document.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">6. Voting Structure</span></b><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">The NetSec WG shall consist of two classes of voting members, Certificate Issuers and Certificate Consumers. In order for a ballot to be adopted by the NetSec WG, two-thirds or more of the votes cast by the Certificate Issuers must be in favor of the ballot and more than 50% of the votes cast by the Certificate Consumers must be in favor of the ballot. At least one member of each class must vote in favor of a ballot for it to be adopted. Quorum is the average number of Member organizations (cumulative, regardless of Class) that have participated in the previous three NetSec WG Meetings or Teleconferences (not counting subcommittee meetings thereof). For transition purposes, if three meetings have not yet occurred, then quorum is ten (10).</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">7. Leadership</span></b><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">Chair</span></b><span style="font-size: 12pt;" class=""><span class="Apple-converted-space"> </span>– Clint Wilson shall be the initial Chair of the NetSec WG.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">Vice-Chair</span></b><span style="font-size: 12pt;" class=""><span class="Apple-converted-space"> </span>- David Kluge shall be the initial Vice-Chair of the NetSec WG.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">Term.</span></b><span style="font-size: 12pt;" class=""> The Chair and Vice-Chair will serve until October 31, 2022, or until they are replaced, resign, or are otherwise disqualified. Thereafter, elections shall be held for chair and vice chair every two years in coordination with the Forum’s election process and in conjunction with its election cycle. Voting shall occur in accordance with Bylaw 4.1(c). In the event of a midterm vacancy, the NetSec WG will hold a special election and the selected candidate will serve the remainder of the existing term.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">8. Communication</span></b><span style="font-size: 12pt;" class=""><span class="Apple-converted-space"> </span>- NetSec WG communications and documents shall be posted on mailing-lists where the mail-archives are publicly accessible, and the NetSec WG shall publish minutes of its meetings to the Forum’s website.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">9. IPR Policy</span></b><span style="font-size: 12pt;" class=""><span class="Apple-converted-space"> </span>- The CA/Browser Forum Intellectual Rights Policy, v. 1.3 or later, shall apply to all Working Group activity.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">10.</span></b><span style="font-size: 12pt;" class=""><span class="Apple-converted-space"> </span><b class="">Other Organizational Matters</b></span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-size: 12pt;" class="">Reserved.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><b class=""><span style="font-size: 12pt;" class="">Effect of Forum Bylaws Amendment on Working Group</span></b><span style="font-size: 12pt;" class=""><span class="Apple-converted-space"> </span>- In the event that Forum Bylaws are amended to add or modify general rules governing Forum Working Groups and how they operate, such provisions of the Bylaws take precedence over this charter.</span><o:p class=""></o:p></p><p style="margin-bottom: 12pt;" class=""><span style="font-family: Arial, sans-serif;" class=""> </span><o:p class=""></o:p></p></div></div></div></div></div></blockquote></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">_______________________________________________<span class="Apple-converted-space"> </span><br class="">Public mailing list<span class="Apple-converted-space"> </span><br class=""><a href="mailto:Public@cabforum.org" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: blue; text-decoration: underline;">Public@cabforum.org</a><span class="Apple-converted-space"> </span><br class=""><a href="https://lists.cabforum.org/mailman/listinfo/public" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: blue; text-decoration: underline;">https://lists.cabforum.org/mailman/listinfo/public</a><o:p class=""></o:p></div></div></blockquote></div></div></blockquote></div></div></div></blockquote><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">_______________________________________________</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Public mailing list</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a href="mailto:Public@cabforum.org" style="color: blue; text-decoration: underline; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">Public@cabforum.org</a><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a href="https://lists.cabforum.org/mailman/listinfo/public" style="color: blue; text-decoration: underline; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">https://lists.cabforum.org/mailman/listinfo/public</a></div></blockquote></div><br class=""></body></html>