<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    HARICA votes "yes" to ballot SC39.<br>
    <br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 2/2/2021 4:29 μ.μ., Neil Dunbar via
      Servercert-wg wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:010001776325f094-54f0bb98-c0f6-4761-9933-952deca037f7-000000@email.amazonses.com">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <p>Resend: adding the ballot title to the mail thread.<br>
      </p>
      <div class="moz-cite-prefix">On 02/02/2021 14:15, Neil Dunbar via
        Servercert-wg wrote:<br>
      </div>
      <blockquote type="cite"
cite="mid:0100017763197a97-cc34a745-6b80-469e-9b84-0f190e8dbc6c-000000@email.amazonses.com">
        <meta http-equiv="content-type" content="text/html;
          charset=UTF-8">
        <p> </p>
        <div class="moz-text-flowed" style="font-family: -moz-fixed;
          font-size: 14px;" lang="x-unicode">Colleagues, <br>
          <br>
          This begins the voting period for ballot SC39v3: Definition of
          Critical Vulnerability.<br>
          <br>
          The following motion has been proposed by Neil Dunbar of
          TrustCor and endorsed by Ben Wilson (Mozilla) and Corey
          Bonnell (DigiCert). <br>
          <br>
          -- MOTION BEGINS -- <br>
          <br>
          This ballot modifies the “Network and Certificate System
          Security Requirements” based on Version 1.5. <br>
          <br>
          Under the section “Definitions”: <br>
          <br>
          Remove the current definition: <br>
          <br>
          Critical Vulnerability: A system vulnerability that has a CVSS
          score of 7.0 or higher according to the NVD or an equivalent
          to such CVSS rating (see <a class="moz-txt-link-freetext"
            href="http://nvd.nist.gov/home.cfm" moz-do-not-send="true">http://nvd.nist.gov/home.cfm</a>),
          or as otherwise designated as a Critical Vulnerability by the
          CA or the CA/Browser Forum.</div>
        <div class="moz-text-flowed" style="font-family: -moz-fixed;
          font-size: 14px;" lang="x-unicode"> <br>
          Insert a new definition: <br>
          <br>
          Critical Vulnerability: A system vulnerability that has a CVSS
          v2.0 score of 7.0 or higher according to the NVD or an
          equivalent to such CVSS rating (see <a
            class="moz-txt-link-freetext"
            href="https://nvd.nist.gov/vuln-metrics/cvss"
            moz-do-not-send="true">https://nvd.nist.gov/vuln-metrics/cvss</a>),
          or as otherwise designated as a Critical Vulnerability by the
          CA or the CA/Browser Forum. <br>
          <br>
          -- MOTION ENDS -- <br>
          <br>
          * WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT
          THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section
          2.4(a)): <br>
          <br>
          A comparison of the changes can be found at: <br>
          <br>
          <a class="moz-txt-link-freetext"
href="https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split"
            moz-do-not-send="true">https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split</a>
          <br>
          <br>
          This ballot proposes one Final Maintenance Guideline. <br>
          <br>
          The procedure for approval of this ballot is as follows: <br>
          <br>
          Vote for approval    (7 days)</div>
        <div class="moz-text-flowed" style="font-family: -moz-fixed;
          font-size: 14px;" lang="x-unicode"> <br>
          Start Time: 2020-02-02 1700 UTC <br>
          End Time: 2020-02-09 1700 UTC<br>
          <br>
          Regards, <br>
          <br>
          Neil </div>
      </blockquote>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
Servercert-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>