[cabfpub] [EXTERNAL]Re: Draft Ballot to establish new SCWG Network Security Subcommittee
Dimitris Zacharopoulos
jimmy at it.auth.gr
Mon Jul 23 04:26:53 UTC 2018
This proposed charter is not too different than the validation
subcommittee charter. If I recall correctly, subcommittees were intended
to be more flexible in order to achieve their chartered goal. Initially
I thought of including language from the NetSec conclusions document
about the risk-based approach and so on, but then I thought that as we
go along the way, that might change (or not) if better proposals are
introduced in the subcommittee.
Dimitris.
On 23/7/2018 6:22 πμ, Ryan Sleevi wrote:
> This feels like a very weak proposed charter.
>
> Can you set something more on the concrete deliverables - what are the
> milestones used to measure progress and focus efforts, how will they
> be evaluated, and when will they be expected?
>
> Given the seeming difficulty the previous group had with staying on
> charter and delivering meaningful work product, this seems even more
> essential to identify and discuss. A good charter isn't about
> describing the borders of the kingdom, but about where the lines of
> the roads are, and where the destinations are, so that the
> subcommittee can know and describe how to get from Point A to Point B
> safely and without running off cliffs.
>
> On Sun, Jul 22, 2018 at 5:48 PM Kirk Hall via Public
> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>
> That looks much better then what I posted – I agree.
>
>
>
> *From:*Dimitris Zacharopoulos [mailto:jimmy at it.auth.gr
> <mailto:jimmy at it.auth.gr>]
> *Sent:* Sunday, July 22, 2018 10:39 AM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com
> <mailto:Kirk.Hall at entrustdatacard.com>>; CA/Browser Forum Public
> Discussion List <public at cabforum.org <mailto:public at cabforum.org>>
> *Subject:* [EXTERNAL]Re: [cabfpub] Draft Ballot to establish new
> SCWG Network Security Subcommittee
>
>
>
> Kirk,
>
> About the NetSec Subcommittee, I believe we should take into
> account the conclusion paragraph of the deliverable
> <https://cabforum.org/pipermail/public/2018-June/013587.html>
> published on June 22nd 2018. The conclusion was not to "scrap" the
> NetSec Guidelines. I propose the following:
>
> --- BEGIN ---
>
> The Server Certificate Working Group formally establishes the
> *Network Security Subcommittee* as an official Subcommittee.
>
> *Scope: *Revising and improving the Network and Certificate
> Systems Security Requirements (NCSSRs).
>
> *Out of Scope: *No provision.
>
> *Deliverables: *The Network Security Subcommittee shall produce
> one or more documents offering options to the Forum for
> establishing minimal security standards within the scope defined
> above. These renewed NCSSR documents will serve CAs, auditors and
> browsers in giving a state of the art set of rules for the
> deployment and operation of CAs computing infrastructures.
>
> *Within the scope of the SCWG Charter:* Yes
>
> *End Date: *None
>
> --- END---
>
> Best regards,
> Dimitris.
>
> On 22/7/2018 4:47 πμ, Kirk Hall via Public wrote:
>
> No matter what procedure we choose for establishing new SCWG
> Subcommittees, we will need a formal scope for each
> Subcommittee. This is a first draft of such a scope for the
> Network Security Subcommittee.
>
>
>
> The existing Network Security WG was created by Ballot 203.
> https://cabforum.org/2017/06/19/ballot-203-formation-network-security-working-group
> I have slightly modified the language of that ballot to
> create a SCWG Subcommittee – this would be the language of a
> Ballot. Please offer edits – simpler is better. We can try
> to finalize on our SCWG teleconference on July 26.
>
>
>
> Because the previous Working Group had a sunset date, I added
> a sunset of Sept. 1, 2020 (two years).
>
>
>
>
>
> The Server Certificate Working Group formally establishes the
> *_Network Security Subcommittee_* as an official Subcommittee
> of the SCWG.
>
>
>
> *Scope*: Consider options for revising, replacing or scrapping
> the Network Security Guidelines.
>
>
>
> *Out of Scope: * No provision.
>
> * *
>
> *Deliverables*: *Deliverables*:
>
> 1. Reports with one or more proposals for the future of the
> Network Security Guidelines.
>
> 2. For proposals involving replacement, details of the
> availability and applicability of the proposed alternative,
> and what modifications if any would be needed to it in order
> to make it suitable for use.
>
> 3. For proposals involving revision, details of the revisions
> that are deemed necessary and how the document will be kept
> current in the future.
>
> 4. For proposals involving scrapping, an explanation of why
> this is preferable to either of the other two options.
>
> 5. If there are multiple proposals, optionally a
> recommendation as to which one to pursue and an associated
> timeline.
>
> 6. A form of ballot or ballots to implement any recommendations.
>
>
>
> *Within the scope of the SCWG Charter*: Yes
>
>
>
> *End Date: *September 1, 2020
>
>
>
>
>
>
>
>
> _______________________________________________
>
> Public mailing list
>
> Public at cabforum.org <mailto:Public at cabforum.org>
>
> https://cabforum.org/mailman/listinfo/public
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org <mailto:Public at cabforum.org>
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180723/8a80c797/attachment-0003.html>
More information about the Public
mailing list