[cabfpub] Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

Ryan Sleevi sleevi at google.com
Fri Sep 14 09:19:24 MST 2018


Subcommittees don't have requirements for minutes or publicly-available
notes.

That's the point. All this thinking about subcommittees working "just like"
LWGs is not the case. All of that was lost from the Bylaws. A subcommittee
can just be two people having a chat, at least as written in the Bylaws
today.

There's nothing stating subcommittees work with their own mailing lists,
for example, in the way our old bylaws did. There's nothing establishing
chairs or charters or deliverables. It's a one-off note.

That's the point.

On Fri, Sep 14, 2018 at 12:13 PM Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:

> Collaborating outside of a subcommittee has a bunch of drawbacks,
> including a complete lack of public transparency and much weaker IPR
> protections.
>
>
>
> In my opinion, there’s already way, way too much going on in private that
> would be better handled in subcommittees where everyone can participate and
> there are publicly available notes.
>
>
>
> -Tim
>
>
>
> *From:* Public <public-bounces at cabforum.org> *On Behalf Of *Wayne Thayer
> via Public
> *Sent:* Thursday, September 13, 2018 7:11 PM
> *To:* Ryan Sleevi <sleevi at google.com>; CA/Browser Forum Public Discussion
> List <public at cabforum.org>
> *Subject:* Re: [cabfpub] Ballot SC10 – Establishing the Network Security
> Subcommittee of the SCWG
>
>
>
> Would it be helpful to take a step back and propose an amendment to the
> Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I
> would be willing to work on that. Meanwhile, if the Network Security WG
> left some urgent work unfinished, nothing prevents SCWG members from
> collaborating outside of the Subcommittee structure.
>
>
>
> On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <
> public at cabforum.org> wrote:
>
> I think that, without incorporating or responding to feedback, we will be
> opposed to this ballot. I agree that it's unfortunate we have gotten
> nowhere - but it's equally unfortunate to have spent two months without
> responding to any of the substance of the issues. It's great to see
> progress, but making small steps doesn't excuse leaving glaring issues.
> It's better to let these fall down than to support them with fundamental
> flaws.
>
>
>
> Concrete feedback is:
>
> Delete: "These renewed NCSSR documents will serve CAs, auditors and
> browsers in giving a state of the art set of rules for the deployment and
> operation of CAs computing infrastructures."
>
> Rationale: That presumes this output will be valid/valuable.
>
>
>
> Delete: "The Subcommittee may choose its own initial Chair."
>
> Rationale: Subcommittees don't have Chairs and votes. They're just
> meetings of the CWG with focus.
>
>
>
> Delete: "The Network Security Subcommittee shall produce one or more
> documents offering options to the Forum for establishing minimal security
> standards within the scope defined above, which may be used to modify the
> existing NCSSRs."
>
> Rationale: This is a pretty much a non-scope as worded, but worse,
> precludes some of the very activities you want to do. For example,
> reforming existing requirements doesn't establish minimums, so is out of
> scope.
>
>
>
> Obviously, that leaves you with nothing left. Hopefully there's something
> concrete you think should remain, and you can suggest improvements there.
>
>
>
>
>
>
>
> On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <Kirk.Hall at entrustdatacard.com>
> wrote:
>
> On this ballot and Ballot SC10, I’m only going to consider comments and
> criticisms that propose specific alternate language that you will support.
> We have spent two months on creation of Subcommittees that simply continue
> the work we have been doing., and getting nowhere.  Time to finish up!
>
>
>
> Do you have specific alternate ballot language you want the Members to
> consider?  If so, please post.
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Thursday, September 13, 2018 2:55 PM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CABFPub <
> public at cabforum.org>
> *Subject:* [EXTERNAL]Re: [cabfpub] Ballot SC10 – Establishing the Network
> Security Subcommittee of the SCWG
>
>
>
> On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <public at cabforum.org>
> wrote:
>
> *Scope: *Revising and improving the Network and Certificate Systems
> Security Requirements (NCSSRs).
>
>
> *Out of Scope: *No provision.
>
> *Deliverables: *The Network Security Subcommittee shall produce one or
> more documents offering options to the Forum for establishing minimal
> security standards within the scope defined above, which may be used to
> modify the existing NCSSRs. These renewed NCSSR documents will serve CAs,
> auditors and browsers in giving a state of the art set of rules for the
> deployment and operation of CAs computing infrastructures.  The
> Subcommittee may choose its own initial Chair.
>
>
>
> Is this Deliverable correct? Is that scope correct? The previous WG
> produced (only after significant prodding) a statement about 'options' -
> which was to modifying the existing NCSSRs. It seems like we're talking now
> about concrete recommendations for changes, and it seems more relevant to
> note what is in scope or out of scope.
>
>
>
> I disagree that the deliverable affirmatively stating "will serve CA,
> auditors, and browsers".
>
>
>
> However, there's other, more fundamental problems. Most notable is that
> Subcommittees aren't established to have Chairs - the point of the rework
> of the Bylaws was to make it clearer what activities are done and how they
> fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The
> other is that the SCWG does not yet have a defined process for the
> establishment of subcommittees.
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180914/7203cd81/attachment.html>


More information about the Public mailing list