[cabfpub] Draft Charter for Server Certificate Working Group

Ben Wilson ben.wilson at digicert.com
Tue Oct 24 11:06:33 MST 2017


For everyone's review, here is a draft charter from the Governance Reform Committee.  This charter would be attached to Ballot 206 (Amendment to IPR Policy & Bylaws re Working Group Formation) and would create the Server Certificate Working Group under the new structure of the Forum.







Server Certificate Working Group Charter



A Server Certificate Working Group is hereby created to perform the activities as specified in this Charter, subject to the terms and conditions of the CA/Browser Forum Bylaws and applicable Intellectual Property Rights Agreement, as such documents may be changed from time to time.  The Definitions found in the Forum's Bylaws shall apply to defined terms in this Charter.



SCOPE:  The authorized scope of the Server Certificate Working Group shall be as follows:



1.      To specify Baseline Requirements, Extended Validation Guidelines, and other acceptable practices for the issuance and management of SSL/TLS server certificates used for authenticating servers accessible through the Internet.



2.      To update such requirements and guidelines from time to time, in order to address both existing and emerging threats to online security, including responsibility for the maintenance of and future amendments to the current CA/Browser Forum Baseline Requirements, Extended Validation Requirements, and Network and Certificate System Security Requirements.



3.      To perform such other activities that are ancillary to the primary activities listed above.



The Server Certificate Working Group will not address certificates intended to be used solely for code signing, S/MIME, time-stamping, VoIP, IM, or Web services.  The Server Certificate Working Group will not address the issuance, or management of certificates by enterprises that operate their own Public Key Infrastructure for internal purposes only, and for which the Root Certificate is not distributed by any Application Software Supplier.



Anticipated End Date:  Five (5) years from charter approval



Initial chairs and contacts:  Chair, Kirk Hall, kirk.hall at entrustdatacard.com; Vice Chair, Ben Wilson, ben.wilson at digicert.com; terms to run concurrently with their terms as Chair and Vice Chair of the Forum, unless otherwise voted upon by the Working Group



Members eligible to participate:  The Working Group shall consist of two classes of voting members, the CA Class and the Browser Class.  The CA Class shall consist of eligible Issuing CAs and Root CAs meeting the following criteria:



(1)         Issuing CA: The member organization operates a certification authority that has a current and successful WebTrust for CAs audit, or ETSI TS 102042, ETSI 101456, or ETSI EN 319 411-1 audit report prepared by a properly-qualified auditor, and that actively issues certificates to Web servers that are openly accessible from the Internet, such certificates being treated as valid when using a browser created by a Browser member.  Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Sec. 3.1 for a period of time to be designated by the Forum.



(2)          Root CA: The member organization operates a certification authority that has a current and successful WebTrust for CAs, or ETSI TS 102042, ETSI TS 101456, ETSI EN 319 411-1 audit report prepared by a properly-qualified auditor, and that actively issues certificates to subordinate CAs that, in turn, actively issue certificates to Web servers that are openly accessible from the Internet, such certificates being treated as valid when using a browser created by a Browser member.  Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Sec. 3.1 for a period of time to be designated by the Forum.



A Non-CA member eligible to participate in the Browser Class is an organization that produces a software product intended for use by the general public for browsing the Web securely.



The Working Group shall include Interested Parties and Associate Members as defined in the Bylaws.



Voting structure:  In order for a ballot to be adopted by the Working Group, two-thirds or more of the votes cast by members in the CA Class must be in favor of the ballot and more than 50% of the votes cast by members in the Browser Class must be in favor of the ballot.  At least one member of each class must vote in favor of a ballot for it to be adopted.  Quorum is the average number of Member organizations that have participated in the previous three Working Group Meetings or Working Group Teleconferences.



Summary of the work that the WG plans to accomplish:  As specified above.



Summary of major WG deliverables and guidelines:  As specified above.



Primary means of communication: listserv-based email, periodic calls, and face-to-face meetings.



IPR Policy:  The CA/Browser Forum Intellectual Rights Policy, v. 1.3 or later, SHALL apply to all Working Group activity.







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20171024/5479e395/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 42650 bytes
Desc: image001.png
URL: <http://cabforum.org/pipermail/public/attachments/20171024/5479e395/attachment-0001.png>


More information about the Public mailing list