[cabf_netsec] [EXTERNAL] Time to start voting on SC29v3
Bruce.Morton at entrustdatacard.com
Mon Apr 27 13:31:29 MST 2020
The pushback that I am getting is to implement the continuous part. I don't think that this could be done by 1 October 2020 as proposed. This will be due to previously scheduled projects, the effort, and some task delays due to COVID-19. Could the effective date be pushed out some months?
From: Netsec <netsec-bounces at cabforum.org> On Behalf Of Neil Dunbar via Netsec
Sent: Monday, April 27, 2020 1:19 PM
To: CABF Network Security List <netsec at cabforum.org>
Subject: [EXTERNAL][cabf_netsec] Time to start voting on SC29v3
WARNING: This email originated outside of Entrust Datacard.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
I'm thinking that with no apparent resistance to ending the moratorium on ballots, it's probably time to put Ballot SC29v3 up for voting.
I'll do this tomorrow (Tuesday 28th April) if there are no objections from the NetSec team to my doing so. Technically, I put the end of the current discussion period at 30th April to stretch out the time, but I looked at the bylaws and it says that the proposer can curtail the discussion period if no new version of the ballot has been posted in 7 days - which is the case here.
I do appreciate the full and frank exchange of views, but I'm siding with Tobi on this one: if there is indeed a policy benefit to prohibiting automatic updating, I don't think that the current ballot is the place to do it. All we wanted to do was push the community towards continuous monitoring, and accept that as an incremental improvement. I think the current SC29v3 does that. We can address effective chain of custody issues in other ballots to come.
Thoughts, as alway, very welcome.
Netsec mailing list
Netsec at cabforum.org
More information about the Netsec