<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Certum votes Yes on ballot FORUM-17.</p>
<p><br>
</p>
<div class="moz-cite-prefix">W dniu 16.12.2021 o 19:39, Ben Wilson
via Public pisze:<br>
</div>
<blockquote type="cite"
cite="mid:0100017dc48af73d-e08d55c9-975e-450c-9cfe-2753a4533426-000000@email.amazonses.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<p class="MsoNormal" style="margin:0in 0in
12pt;line-height:normal;font-size:11pt;font-family:"Calibri",sans-serif"><span
style="font-size:12pt;font-family:"Times New
Roman",serif">Ballot FORUM-17, <span
style="font-size:12pt;font-family:"Times New
Roman",serif"><span
style="font-size:12pt;font-family:"Times New
Roman",serif">Create Network Security Working
Group, </span></span> is proposed by Ben Wilson of
Mozilla and
endorsed by Tim Hollebeek of DigiCert and David Kluge of
Google.</span></p>
<p class="MsoNormal" style="margin:0in 0in
12pt;line-height:normal;font-size:11pt;font-family:"Calibri",sans-serif"><span
style="font-size:12pt;font-family:"Times New
Roman",serif">
<span style="font-size:12pt;font-family:"Times New
Roman",serif">The Voting Period for Ballot FORUM-17
begins today at <span
style="font-size:12pt;line-height:107%;font-family:"Times
New Roman",serif">19:00 UTC</span> and ends on
23-Dec-2021 at 19:00 UTC.</span> </span></p>
<p class="MsoNormal" style="margin:0in 0in
12pt;line-height:normal;font-size:11pt;font-family:"Calibri",sans-serif"><span
style="font-size:12pt;font-family:"Times New
Roman",serif">
<b>Overview</b><br>
<br>
In January 2013 the CA/Browser Forum’s “Network and
Certificate System Security
Requirements” (NCSSRs) became effective. In June 2017, the
Forum chartered a
Network Security Working Group to re-visit the NCSSRs. That
charter expired on
June 19, 2018, and in October 2018, the Server Certificate
Working Group (SCWG)
established a Network Security Subcommittee (NetSec
Subcommittee) to continue
work on the NCSSRs.<br>
<br>
This ballot proposes to charter a new Network Security
Working Group (NetSec
WG) to replace the NetSec Subcommittee, to continue work on
the NCSSRs, and to
conduct any and all business related to improving the
security of Certification
Authorities. <br>
<br>
Following the passage of this ballot:<br>
<br>
1. A new NetSec WG will be chartered under the CA/B Forum,
pursuant to section
5.3.1 of the Bylaws;<br>
2. The Charter of the SCWG will be amended to remove the
NCSSRs from within the
scope of the SCWG Charter; <br>
3. The existing mailing list and other materials developed
for the NetSec
Subcommittee will be repurposed for use by the NetSec WG; <br>
4. The NetSec WG will produce and maintain versions of the
NCSSRs; and<br>
5. The NetSec WG will make security-related recommendations
to other Forum WGs
for requirements or guidelines that are within their
purview, i.e. the BRs/EVGs
of the SCWG, the Baseline Requirements for Code Signing
Certificates of the
Code Signing Certificate Working Group (CSCWG) or guidelines
adopted by the S/MIME
Certificate Working Group (SMCWG). <span></span></span></p>
<p class="MsoNormal"
style="margin:0in;line-height:normal;font-size:11pt;font-family:"Calibri",sans-serif"><b><span
style="font-size:12pt;font-family:"Times New
Roman",serif">--- MOTION BEGINS ---</span></b><span
style="font-size:12pt;font-family:"Times New
Roman",serif"><span></span></span></p>
<p class="MsoNormal" style="margin:0in 0in
8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><span
style="font-size:12pt;line-height:107%;font-family:"Times New
Roman",serif"><br>
The Charter of the Server Certificate Working Group,
currently version 1.1, is
amended by deleting references to the Network and
Certificate System Security
Requirements, so that the Scope section of the Charter will
now read as
follows:<b><br>
<br>
SCOPE:</b> The authorized scope of the Server Certificate
Working Group shall
be as follows:<br>
<br>
1. To specify Baseline Requirements, Extended Validation
Guidelines, and other
acceptable practices for the issuance and management of
SSL/TLS server
certificates used for authenticating servers accessible
through the Internet.<br>
<br>
2. To update such requirements and guidelines from time to
time, in order to
address both existing and emerging threats to online
security, including
responsibility for the maintenance of and future amendments
to the current
CA/Browser Forum Baseline Requirements and Extended
Validation Guidelines.<br>
<span> </span><br>
3. To perform such other activities that are ancillary to
the primary
activities listed above.<br>
<br>
See <a
href="https://github.com/cabforum/forum/commit/a55fd7d3939f4f24aa26e88399069afede2a1edf"
style="color:blue;text-decoration:underline"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/forum/commit/a55fd7d3939f4f24aa26e88399069afede2a1edf</a><br>
<br>
The CA/Browser Forum creates the Network Security Working
Group and adopts the
following Charter:<br>
<br>
<b>Network Security Working Group Charter</b><br>
<br>
The Network Security Working Group (“NetSec WG”) is hereby
created to perform
the activities as specified in this Charter, subject to the
terms and
conditions of the CA/Browser Forum Bylaws (<a
href="https://cabforum.org/bylaws"
style="color:blue;text-decoration:underline"
moz-do-not-send="true" class="moz-txt-link-freetext">https://cabforum.org/bylaws</a>/)
and Intellectual Property Rights (IPR) Policy (<a
href="https://cabforum.org/ipr-policy/"
style="color:blue;text-decoration:underline"
moz-do-not-send="true" class="moz-txt-link-freetext">https://cabforum.org/ipr-policy/</a>),
as such documents may change from time to time. This charter
for the NetSec WG
has been created according to CAB Forum Bylaw 5.3.1. In the
event of a conflict
between this Charter and any provision in either the Bylaws
or the IPR Policy,
the provision in the Bylaws or IPR Policy shall take
precedence. The
definitions found in the Forum’s Bylaws shall apply to
capitalized terms in
this Charter.<br>
<br>
<b>1. Scope</b> – The scope of work performed by the NetSec
WG includes:<br>
<br>
1. To modify and maintain the existing Network and
Certificate System Security
Requirements or a successor requirements document (NCSSRs);<br>
2. To make recommendations for improvements to security
controls in the
requirements or guidelines adopted by other Forum WGs (e.g.
see sections 5 and
6 of the Baseline Requirements);<br>
3. To create new requirements, guidelines, or
recommended best practices
related to the security of CA operations;<br>
4. To perform risk analyses, security analyses, and
other types of reviews of
threats and vulnerabilities applicable to CA operations
involved in the
issuance and maintenance of publicly trusted certificates
(e.g. server
certificates, code signing certificates, SMIME certificates,
etc.); and<br>
5. To perform other activities ancillary to the primary
activities listed
above.<br>
<br>
<b>2. Out of Scope</b> – The NetSec WG shall not adopt
requirements,
Guidelines, or Maintenance Guidelines concerning certificate
profiles,
validation processes, certificate issuance, certificate
revocation, or
subscriber obligations, which are within the purview of the
Server Certificate
Working Group (SCWG), the Code Signing Certificate Working
Group (CSCWG), or
the S/MIME Certificate Working Group (SMCWG).<br>
<br>
<b>3. End Date</b> – The NetSec WG shall continue until it
is dissolved by a
vote of the CA/B Forum.<br>
<br>
<b>4. Deliverables</b> – The NetSec WG shall be responsible
for delivering and
maintaining the NCSSRs (version 1.7 shall remain valid until
it is replaced by
a subsequent version) and any other documents the group may
choose to develop
and maintain.<br>
<br>
<b>5. Courtesy Notice of Proposed Amendments to the NCSSRs</b>
– Discussion and
voting on any ballot to change the NCSSRs shall proceed
within the NetSec WG in
accordance with sections 2.3 and 2.4 of the Bylaws.
Additionally, a courtesy
notice of the proposed ballot and NetSec WG’s discussion
period shall be given
to the SCWG, the CSCWG, and the SMCWG via their Public Mail
Lists. <br>
<b><br>
6. Participation and Membership </b>– Membership in the
NetSec WG shall be
limited to organizations that are Certificate Issuer Members
or Certificate
Consumer Members of the SCWG, the CSCWG, or the SMCWG, who
may join the NetSec
WG only with such status or class as they hold in such other
working groups.<br>
<br>
In accordance with the IPR Policy, Members that choose to
participate in the
NetSec WG must declare their participation, and class of
membership
(Certificate Issuer or Certificate Consumer), and shall do
so prior to
participating. A Member must declare its participation in
the NetSec WG by
requesting to be added to the mailing list. The Chair of the
NetSec WG shall
establish a list for declarations of participation and
manage it in accordance
with the Bylaws, the IPR Policy, and the IPR Agreement.<br>
<br>
The NetSec WG shall include Interested Parties and Associate
Members as defined
in the Bylaws.<br>
<br>
Resignation from the NetSec WG does not prevent a
participant from potentially
having continuing obligations under the Forum’s IPR Policy
or any other
document.<br>
<br>
<b>7. Voting Structure</b><br>
<br>
The NetSec WG shall consist of two classes of voting
members, Certificate
Issuers and Certificate Consumers. In order for a ballot to
be adopted by the
NetSec WG, two-thirds or more of the votes cast by the
Certificate Issuers must
be in favor of the ballot and more than 50% of the votes
cast by the
Certificate Consumers must be in favor of the ballot. At
least one member of
each class must vote in favor of a ballot for it to be
adopted. Quorum is the
average number of Member organizations (cumulative,
regardless of Class) that
have participated in the previous three NetSec WG Meetings
or Teleconferences
(not counting subcommittee meetings thereof). For transition
purposes, if three
meetings have not yet occurred, then quorum is ten (10).<br>
<br>
<b>8. Leadership</b><br>
<br>
<b>Chair </b>– Clint Wilson shall be the initial Chair of
the NetSec WG.<br>
<b><br>
Vice-Chair</b> – David Kluge shall be the initial
Vice-Chair of the NetSec WG.<br>
<br>
<b>Term.</b> The Chair and Vice-Chair will serve until
October 31, 2022, or
until they are replaced, resign, or are otherwise
disqualified. Thereafter,
elections shall be held for chair and vice chair every two
years in
coordination with the Forum’s election process and in
conjunction with its
election cycle. Voting shall occur in accordance with Bylaw
4.1(c). In the
event of a midterm vacancy, the NetSec WG will hold a
special election and the
selected candidate will serve the remainder of the existing
term.<br>
<b><br>
9. Communication</b> – NetSec WG communications and
documents, including
minutes of meetings, shall be posted on mailing-lists where
the mail-archives
are publicly accessible or on the Forum’s website.<br>
<br>
<b>10. IPR Policy</b> – The CA/Browser Forum Intellectual
Rights Policy, v. 1.3
or later, shall apply to all Working Group activity.<br>
<br>
<b>11. Other Organizational Matters</b><br>
<br>
Reserved.<br>
<br>
<b>Effect of Forum Bylaws Amendment on Working Group</b> -
In the event that
Forum Bylaws are amended to add or modify general rules
governing Forum Working
Groups and how they operate, such provisions of the Bylaws
take precedence over
this charter.<br>
<br>
See <a
href="https://github.com/cabforum/forum/pull/23/files#diff-cf5513a8c4dabce6e3364691537b74a7d2faa1af8dc9e1ee8ce9b2d7759c9406"
style="color:blue;text-decoration:underline"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/forum/pull/23/files#diff-cf5513a8c4dabce6e3364691537b74a7d2faa1af8dc9e1ee8ce9b2d7759c9406</a><br>
<br>
--- MOTION ENDS ---<br>
<br>
<br>
The procedure for approval of this ballot is as follows:<br>
<br>
Discussion (7+ days)<br>
<br>
Start Time: 2021-12-09 18:00:00 UTC<br>
<br>
End Time: 2021-12-16 19:00:00 UTC<br>
<br>
Vote for approval (7 days)<br>
<br>
Start Time: 2021-12-16 19:00 UTC<br>
<br>
End Time: 2021-12-23 19:00:00 UTC</span><span></span></p>
<br>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/public">https://lists.cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
</body>
</html>