[cabfpub] Voting has started on Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

Wayne Thayer wthayer at mozilla.com
Fri Sep 28 08:51:22 MST 2018 

Mozilla votes Yes on ballot SC10.

- Wayne

On Thu, Sep 27, 2018 at 5:26 PM Kirk Hall via Public <public at cabforum.org>
wrote:

> Voting ends on 4 October 2018 at 22:00 UTC.
>
>
>
> *From:* Servercert-wg [mailto:servercert-wg-bounces at cabforum.org] *On
> Behalf Of *Dimitris Zacharopoulos via Servercert-wg
> *Sent:* Thursday, September 20, 2018 9:02 AM
> *To:* CA/B Forum Server Certificate WG Public Discussion List <
> servercert-wg at cabforum.org>
> *Subject:* [Servercert-wg] Ballot SC10 – Establishing the Network
> Security Subcommittee of the SCWG
> Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG
> Purpose of Ballot
>
> The Network Security Working Group of the CA/Browser Forum expired on June
> 19, 2018 under the terms of Ballot 203 which established the Working Group.
> The Server Certificate Working Group wishes to establish a Network Security
> Subcommittee pursuant to Bylaws 5.3.1(e).
>
> The following motion has been proposed by Dimitris Zacharopoulos of HARICA
> and endorsed by Tim Hollebeek of DigiCert and Wayne Thayer of Mozilla.
>
> *--- MOTION BEGINS ---*
>
> The Server Certificate Working Group hereby establishes the *Network
> Security Subcommittee* as an official Subcommittee.
>
> *1. Mission: *To improve security policies and practices for Certificate
> Management Systems encoded in the guidelines maintained by the SCWG.
>
>
> * 2. End Date: *This Subcommittee shall continue until it is dissolved by
> a vote of the SCWG
>
> *3. Deliverables: *The Network Security Subcommittee shall propose
> ballots to the SCWG to improve the minimal security standards within the
> mission defined above This includes modifying the existing Network and
> Certificate System Security Requirements (NCSSR) or to create new
> requirements, guidelines, or best practices. Among other activities, the
> Network Security Subcommittee shall perform security analysis on typical CA
> Management Systems offering options to the Server Certificate Working Group
> for establishing minimal security standards. Risk analysis will also be
> used to provide a better understanding of threats and vulnerabilities in
> Certificate Management Systems. This process can be used to provide better
> reasoning and justification of existing or future security guidelines.
>
> *4. Participation: *Any member of the SCWG is eligible and may declare
> their participation in the Network Security Subcommittee by requesting to
> be added to the mailing list.
>
> *5. Chair: *Ben Wilson shall be the initial Chair of the Network Security
> Subcommittee.  The Subcommittee may change its Chair from time to time by
> consensus of the Members participating in the Subcommittee or by voting
> method chosen by the Members by consensus.
>
> *6. Communication: *Subcommittee communications and documents shall be
> posted on mailing-lists where the mail-archives are publicly accessible,
> and the Subcommittee shall publish minutes of its meetings.
>
> *7. Effect of SCWG Charter or Forum Bylaws Amendment for Subcommittees: *In
> the event the SCWG Charter or the Forum Bylaws is amended to add general
> rules governing Chartered Working Group Subcommittees and how they operate
> (“General Rules”), the provisions of the General Rules shall take
> precedence over this charter.
>
> *--- MOTION ENDS ---*
>
>
>
> The procedure for approval of this ballot is as follows:
>
> *Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG*
>
> *Start time (22:00 UTC)*
>
> *End time (22:00 UTC)*
>
> Discussion (7 days)
>
> 20 September 2018
>
> 27 September 2018
>
> Vote for approval (7 days)
>
> 27 September 2018
>
> 4 October 2018
>
>
> Additional Information (not part of Ballot)
>
> *Bylaws v1.9*
> 5.3.1 Formation of Chartered Working Groups
>
> (e) CWGs may establish any number of subcommittees within its own Working
> Group to address any of such CWG’s business (each, a “Subcommittee”). A
> CWG-created Subcommittee needs to be approved by the CWG itself according
> to the approval process set forth in the CWG charter, but approval of the
> Forum is not necessary. Subcommittees must exist under an approved CWG.
>
>
>
> *Ballot 203: Formation of Network Security Working Group (v2)*
>
>
>
> Purpose of Ballot: To form a Network Security Working Group to re-evaluate
> the CAB Forum's Network Security Guidelines.
>
>
>
> The following motion has been proposed by Gervase Markham of Mozilla and
> endorsed by Jeremy Rowley of DigiCert and Moudrick Dadashov of SSC:
>
>
>
> -- MOTION BEGINS –
>
>
>
> In accordance with Section 5.3 of the CA/B Forum Bylaws, the chartering of
> a new Working Group requires a ballot. This ballot charters the Network
> Security Working Group.
>
>
>
> The CAB Forum's Network Security Guidelines were adopted in August 2012
> but have not been updated since. Significant doubts have been raised as to
> their fitness for purpose in 2017. Therefore, the Working Group’s charter
> will be as follows:
>
>
>
> Scope
>
>
>
> 1. Consider options for revising, replacing or scrapping the Network
> Security Guidelines.
>
>
>
> Deliverables
>
> 1. A report with one or more proposals for the future of the Network
> Security Guidelines.
>
> 2. For proposals involving replacement, details of the availability and
> applicability of the proposed alternative, and what modifications if any
> would be needed to it in order to make it suitable for use.
>
> 3. For proposals involving revision, details of the revisions that are
> deemed necessary and how the document will be kept current in the future.
>
> 4. For proposals involving scrapping, an explanation of why this is
> preferable to either of the other two options.
>
> 5. If there are multiple proposals, optionally a recommendation as to
> which one to pursue and an associated timeline.
>
> 6. A form of ballot or ballots to implement any recommendations.
>
>
>
> Expiry
>
> The Working Group shall expire once the deliverables have been completed,
> or on 2018-06-19, whichever happens first. The expiry date given above
> shall be automatically postponed by 1 year on 2018-05-19 ("postponement
> date") and each anniversary of the postponement date thereafter unless
> three or more members separately or jointly request on the Public Mail
> List, within one month prior to a particular postponement date, that expiry
> of this Working Group not be postponed in that instance.
>
>
>
> -- MOTION ENDS --
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180928/c380b021/attachment-0001.html>

More information about the Public mailing list