[cabfpub] Ballot 138 - Security Information Sharing Working Group

Ben Wilson ben.wilson at digicert.com
Thu Oct 2 23:03:39 UTC 2014

I would assume so – yes.  The issues themselves are not sensitive – they are more legal, pragmatic, etc., on how this can be done without getting into trouble.  I suppose that any discussions of a more sensitive nature would have to take place outside the course and scope of the discussions of this working group.

From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Thursday, October 2, 2014 5:00 PM
To: Ben Wilson
Subject: Re: [cabfpub] Ballot 138 - Security Information Sharing Working Group

To confirm: The discussions and minutes of this WG will be public, correct?
On Oct 2, 2014 3:46 PM, "Ben Wilson" <ben.wilson at digicert.com<mailto:ben.wilson at digicert.com>> wrote:

Ballot 138 - Security Information Sharing Working Group

Kirk Hall of Trend Micro made the following motion and Ben Wilson of Digicert and Dean Coclin of Symantec have endorsed it:


During face-to-face Meeting 33, and on previous occasions, there were discussions about how members of the Forum might be able to share security-related information. One of the conclusions of these discussions is that the issue needs further study. Additional details are found in the scope statement in Ballot 138, which proposes the chartering a Security Information Sharing Group.

— Motion begins —

The CA-Browser Forum shall create a Working Group, to be known as the Security Information Sharing Working Group.

Scope: the Working Group shall consider all matters relating to voluntary information sharing among Forum Members relating to possible enhanced risk from identified individuals, entities, identities, locations, domains, IP addresses, and other data to be determined in order to allow Members to determine, in their own judgment, whether to undertake additional authentication or other steps before providing products or services to customers. The Working Group will consider such issues as legal limitations, privacy concerns, methods for updating or correcting information, and other factors that may arise from such information sharing.

Deliverables: The Working Group shall produce one or more documents offering options to the Forum for voluntary information sharing within the scope defined above.

Expiration Date: The Working Group’s mandate shall expire twenty-four months from the date this resolution passes, unless extended by a further ballot of the Members, such a ballot to specify the extension period and any necessarily modifications of the scope and deliverables.

-- Motion Ends --

The review period for this ballot shall commence at 2200 UTC on Thursday, 2 October 2014, and will close at 2200 UTC on Thursday, 9 October 2014. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on Thursday, 16 October 2014. Votes must be cast by posting an on-list reply to this thread.

A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: https://cabforum.org/members/

In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is currently nine (9) members– at least nine members must participate in the ballot, either by voting in favor, voting against, or abstaining.

Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141002/2ba60ea9/attachment-0003.html>

More information about the Public mailing list