[cabfpub] Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

Ryan Sleevi sleevi at google.com
Thu Sep 13 14:55:18 MST 2018


On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <public at cabforum.org>
wrote:

> *Scope: *Revising and improving the Network and Certificate Systems
> Security Requirements (NCSSRs).
>
>
> *Out of Scope: *No provision.
>
> *Deliverables: *The Network Security Subcommittee shall produce one or
> more documents offering options to the Forum for establishing minimal
> security standards within the scope defined above, which may be used to
> modify the existing NCSSRs. These renewed NCSSR documents will serve CAs,
> auditors and browsers in giving a state of the art set of rules for the
> deployment and operation of CAs computing infrastructures.  The
> Subcommittee may choose its own initial Chair.
>

Is this Deliverable correct? Is that scope correct? The previous WG
produced (only after significant prodding) a statement about 'options' -
which was to modifying the existing NCSSRs. It seems like we're talking now
about concrete recommendations for changes, and it seems more relevant to
note what is in scope or out of scope.

I disagree that the deliverable affirmatively stating "will serve CA,
auditors, and browsers".

However, there's other, more fundamental problems. Most notable is that
Subcommittees aren't established to have Chairs - the point of the rework
of the Bylaws was to make it clearer what activities are done and how they
fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The
other is that the SCWG does not yet have a defined process for the
establishment of subcommittees.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180913/50dc59f7/attachment-0001.html>


More information about the Public mailing list