[cabfpub] [EXTERNAL]Re: Draft Ballot to establish new SCWG Network Security Subcommittee

Ryan Sleevi sleevi at google.com
Mon Jul 23 09:31:35 UTC 2018 

On Mon, Jul 23, 2018 at 12:27 AM Dimitris Zacharopoulos <jimmy at it.auth.gr>
wrote:

>
> This proposed charter is not too different than the validation
> subcommittee charter.
>

Not exactly a ringing endorsement for either charter :)


> If I recall correctly, subcommittees were intended to be more flexible in
> order to achieve their chartered goal. Initially I thought of including
> language from the NetSec conclusions document about the risk-based approach
> and so on, but then I thought that as we go along the way, that might
> change (or not) if better proposals are introduced in the subcommittee.
>

As much as possible, we should be looking to attach concrete deliverables
to help focus work and agree on the things that are important to fix first,
so that we can make sure the appropriate level of energy and focus is
devoted to tackling those issues. A breadth-first approach simply doesn't
scale.


>
>
> Dimitris.
>
> On 23/7/2018 6:22 πμ, Ryan Sleevi wrote:
>
> This feels like a very weak proposed charter.
>
> Can you set something more on the concrete deliverables - what are the
> milestones used to measure progress and focus efforts, how will they be
> evaluated, and when will they be expected?
>
> Given the seeming difficulty the previous group had with staying on
> charter and delivering meaningful work product, this seems even more
> essential to identify and discuss. A good charter isn't about describing
> the borders of the kingdom, but about where the lines of the roads are, and
> where the destinations are, so that the subcommittee can know and describe
> how to get from Point A to Point B safely and without running off cliffs.
>
> On Sun, Jul 22, 2018 at 5:48 PM Kirk Hall via Public <public at cabforum.org>
> wrote:
>
>> That looks much better then what I posted – I agree.
>>
>>
>>
>> *From:* Dimitris Zacharopoulos [mailto:jimmy at it.auth.gr]
>> *Sent:* Sunday, July 22, 2018 10:39 AM
>> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CA/Browser Forum Public
>> Discussion List <public at cabforum.org>
>> *Subject:* [EXTERNAL]Re: [cabfpub] Draft Ballot to establish new SCWG
>> Network Security Subcommittee
>>
>>
>>
>> Kirk,
>>
>> About the NetSec Subcommittee, I believe we should take into account the
>> conclusion paragraph of the deliverable
>> <https://cabforum.org/pipermail/public/2018-June/013587.html> published
>> on June 22nd 2018. The conclusion was not to "scrap" the NetSec Guidelines.
>> I propose the following:
>>
>> --- BEGIN ---
>>
>> The Server Certificate Working Group formally establishes the *Network
>> Security Subcommittee* as an official Subcommittee.
>>
>> *Scope: *Revising and improving the Network and Certificate Systems
>> Security Requirements (NCSSRs).
>>
>> *Out of Scope: *No provision.
>>
>> *Deliverables: *The Network Security Subcommittee shall produce one or
>> more documents offering options to the Forum for establishing minimal
>> security standards within the scope defined above. These renewed NCSSR
>> documents will serve CAs, auditors and browsers in giving a state of the
>> art set of rules for the deployment and operation of CAs computing
>> infrastructures.
>>
>> *Within the scope of the SCWG Charter:* Yes
>>
>> *End Date: *None
>>
>> --- END---
>>
>> Best regards,
>> Dimitris.
>>
>> On 22/7/2018 4:47 πμ, Kirk Hall via Public wrote:
>>
>> No matter what procedure we choose for establishing new SCWG
>> Subcommittees, we will need a formal scope for each Subcommittee.  This is
>> a first draft of such a scope for the Network Security Subcommittee.
>>
>>
>>
>> The existing Network Security WG was created by Ballot 203.
>> https://cabforum.org/2017/06/19/ballot-203-formation-network-security-working-group
>>   I have slightly modified the language of that ballot to create a SCWG
>> Subcommittee – this would be the language of a Ballot.  Please offer edits
>> – simpler is better.  We can try to finalize on our SCWG teleconference on
>> July 26.
>>
>>
>>
>> Because the previous Working Group had a sunset date, I added a sunset of
>> Sept. 1, 2020 (two years).
>>
>>
>>
>>
>>
>> The Server Certificate Working Group formally establishes the *Network
>> Security Subcommittee* as an official Subcommittee of the SCWG.
>>
>>
>>
>> *Scope*: Consider options for revising, replacing or scrapping the
>> Network Security Guidelines.
>>
>>
>>
>> *Out of Scope: * No provision.
>>
>>
>>
>> *Deliverables*: *Deliverables*:
>>
>> 1. Reports with one or more proposals for the future of the Network
>> Security Guidelines.
>>
>> 2. For proposals involving replacement, details of the availability and
>> applicability of the proposed alternative, and what modifications if any
>> would be needed to it in order to make it suitable for use.
>>
>> 3. For proposals involving revision, details of the revisions that are
>> deemed necessary and how the document will be kept current in the future.
>>
>> 4. For proposals involving scrapping, an explanation of why this is
>> preferable to either of the other two options.
>>
>> 5. If there are multiple proposals, optionally a recommendation as to
>> which one to pursue and an associated timeline.
>>
>> 6. A form of ballot or ballots to implement any recommendations.
>>
>>
>>
>> *Within the scope of the SCWG Charter*: Yes
>>
>>
>>
>> *End Date: *September 1, 2020
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> Public mailing list
>>
>> Public at cabforum.org
>>
>> https://cabforum.org/mailman/listinfo/public
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180723/e5ad5015/attachment-0003.html>

More information about the Public mailing list