<html><head><style>p{margin-top:0px;margin-bottom:0px;}</style></head><body><div style="font-size:14px; font-family:NanumGothic,나눔고딕,sans-serif;"><div>NAVER Cloud votes YES to ballot SC39v3.</div><div></div><div><div style="width: 36px; height: 1px; margin-bottom: 15px; background-color: rgb(160, 160, 160);"></div> <div style="line-height: 16px; font-family: 나눔고딕, NanumGothic, 돋움, dotum, 굴림, Gulim, AppleGothic, sans-serif;"> <strong style="font-size: 13px; color: rgb(54, 54, 54); letter-spacing: -1px;">어수영</strong> <span style="font-size: 11px; color: rgb(54, 54, 54);">Sooyoung Eo</span><br> <span style="font-size: 11px; color: rgb(137, 137, 137);">IT Security</span><br> <br> <span style="margin-right: -3px;"> <a target="_blank" href="https://www.navercloudcorp.com" rel="noreferrer noopener"> <img align="absmiddle" src="https://static.navercorp.com/static/site/connect2/user/connect/signature/logo_naver_cloud.png" border="0"> </a> </span> </div> </div><br><p style="font-size:10pt;font-family:sans-serif;padding:0 0 0 10pt"><span>-----Original Message-----</span><br><b>From:</b> "Neil Dunbar via Servercert-wg"<servercert-wg@cabforum.org> <br><b>To:</b> "CA/B Forum Server Certificate WG Public Discussion List"<servercert-wg@cabforum.org>; <br><b>Cc:</b> <br><b>Sent:</b> 2021. 2. 2. (화) 23:15 (GMT+09:00)<br><b>Subject:</b> [Servercert-wg] VOTING BEGINS: Ballot SC39v3:<br> </p>
<div lang="x-unicode" style="font-family: -moz-fixed; font-size: 14px;">Colleagues,
<br>
<br>
This begins the voting period for ballot SC39v3: Definition of
Critical Vulnerability.<br>
<br>
The following motion has been proposed by Neil Dunbar of TrustCor
and endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).
<br>
<br>
-- MOTION BEGINS --
<br>
<br>
This ballot modifies the “Network and Certificate System Security
Requirements” based on Version 1.5.
<br>
<br>
Under the section “Definitions”:
<br>
<br>
Remove the current definition:
<br>
<br>
Critical Vulnerability: A system vulnerability that has a CVSS
score of 7.0 or higher according to the NVD or an equivalent to
such CVSS rating (see <a class="moz-txt-link-freetext" href="http://nvd.nist.gov/home.cfm" rel="noreferrer noopener" target="_blank">http://nvd.nist.gov/home.cfm</a>),
or as otherwise designated as a Critical Vulnerability by the CA
or the CA/Browser Forum.</div>
<div lang="x-unicode" style="font-family: -moz-fixed; font-size: 14px;">
<br>
Insert a new definition:
<br>
<br>
Critical Vulnerability: A system vulnerability that has a CVSS
v2.0 score of 7.0 or higher according to the NVD or an equivalent
to such CVSS rating (see <a class="moz-txt-link-freetext" href="https://nvd.nist.gov/vuln-metrics/cvss" rel="noreferrer noopener" target="_blank">https://nvd.nist.gov/vuln-metrics/cvss</a>),
or as otherwise designated as a Critical Vulnerability by the CA
or the CA/Browser Forum.
<br>
<br>
-- MOTION ENDS --
<br>
<br>
* WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE
OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
<br>
<br>
A comparison of the changes can be found at:
<br>
<br>
<a class="moz-txt-link-freetext" href="https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split" rel="noreferrer noopener" target="_blank">https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split</a>
<br>
<br>
This ballot proposes one Final Maintenance Guideline.
<br>
<br>
The procedure for approval of this ballot is as follows:
<br>
<br>
Vote for approval (7 days)</div>
<div lang="x-unicode" style="font-family: -moz-fixed; font-size: 14px;">
<br>
Start Time: 2020-02-02 1700 UTC
<br>
End Time: 2020-02-09 1700 UTC<br>
<br>
Regards,
<br>
<br>
Neil
<pre wrap=""></pre>
</div>
</div></body></html><table style='display:none'><tr><td><img src="https://ack.mail.navercorp.com/readReceipt/notify/?img=qfYlKogmKACSpAtYaqvlpo2%2FpA%2BCFo2XK4udM43Cp63SMrurMokSpog%2FpuIo%2BrkSKAu5W49vpSl51zlqDBFdp6d5MreRhoRqpBirpBiopBid7B%2BNtzFCM4pTbNkR74eZpm%3D%3D.gif" border="0"/></td></tr></table>