[cabfpub] Ballot[83] - Adopt Network and Certificate System Security Requirements
Janssen, M.A. (Mark) - Logius
mark.janssen at logius.nl
Wed Aug 1 09:10:48 UTC 2012
Hi All,
Logius PKIoverheid votes NO.
Of course Logius PKIoverheid agrees with the spirit of this ballot. Many thanks to all who worked on this! However:
1. Recently some CAs made some additional remarks on the Network and Certificate System Security Requirements. Apparently more work has to be done to satisfy their needs;
2. More important for Logius PKIoverheid is that the Network and Certificate System Security Requirements first should be published as a guidance (recommended) not as a guideline (mandatory). To publish the Requirements as a guidance should be possible on 1 January 2013 (or sooner). The Requirements should become mandatory when they are adopted in WebTrust and ETSI. Because if CAs can't be audited against the Requirements then parties can't rely on it. If it can't be audited, it's more or less a hollow commitment.
P.S. I was under the assumption that the Network and Certificate System Security Requirements also would be published at the mozilla.dev.security.policy group for comments? Apparently I missed something, my bad.
Thanks.
Best Regards,
Mark Janssen
Senior Advisor PKIoverheid
........................................................................
Logius
The ministry of the Interior and Kingdom Relations (BZK)
Wilhelmina van Pruisenweg 52 | 2595 AN | The Hague
P.O. Box 96810 | 2509 JE | The Hague
........................................................................
T +31(0) 70 8887 967
F +31(0) 70 8887 882
mark.janssen at logius.nl<mailto:mark.janssen at logius.nl>
http://www.logius.nl/<https://webmail.ictu.nl/exchweb/bin/redir.asp?URL=http://www.logius.nl/>
........................................................................
Service e-government
........................................................................
Please consider the environment - do you really need to print this mail?
Van: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] Namens Tim Moses
Verzonden: maandag 23 juli 2012 15:23
Aan: CABFPub
Onderwerp: [cabfpub] Ballot[83] - Adopt Network and Certificate System Security Requirements
Ben Wilson made the following motion, and Bill Madell and Rick Andrews endorsed it:
Motion begins
As of 1 January 2013 ("Effective Date"), the CA/Browser Forum adopts the "Network and Certificate System Security Requirements" Ballot Draft 1 (available here: https://www.cabforum.org/wiki/Balloted%20Drafts) as Version 1.0. Upon adoption the Ballot Draft shall be assigned a version number of 1.0 and be posted as a Forum Guideline to the cabforum.org Web site.
The members request that those members who have worked on the Network and Certificate System Security Requirements coordinate with the WebTrust<https://www.cabforum.org/wiki/WebTrust> Task Force and ETSI and work on adaptations of the Network and Certificate System Security Requirements that can be incorporated into the respective WebTrust<https://www.cabforum.org/wiki/WebTrust> and ETSI audit criteria as soon as feasible.
The ballot review period comes into effect at 2100 UTC on 20 July '12 and will close at 2100 UTC on 27 July '12. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2100 UTC on 3 Aug '12. Votes must be cast by posting an on-list reply to this thread.
Motion ends
A vote in favour of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted.
Voting members are listed here:
http://www.cabforum.org/forum.html
with the addition of TrendMicro<https://www.cabforum.org/wiki/TrendMicro>.
In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and one half or more of the votes cast by members in the browser category must be in favour. Also, at least seven members must participate in the ballot, either by voting in favour, voting against or abstaining.
T: +1 613 270 3183
________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120801/bf2c1876/attachment-0003.html>
More information about the Public
mailing list