[cabfpub] [EXTERNAL]Re: Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

Ryan Sleevi sleevi at google.com
Thu Sep 13 23:48:55 UTC 2018


I can't read your mind as to what you want - but I can tell you the
problems with what you're presenting and why they're fundamentally
problematic.

We don't need a chair, and I think that unless you're specifically invested
in resolving this, perhaps you shouldn't be proposing a ballot for it. I've
tried to explain why what you're proposing is problematic to the point of
opposing - I'd like to try to find something that's viable to support, but
that requires your own help in finding a solution. It's not at all
productive to suggest you won't take any part of that.

On Thu, Sep 13, 2018 at 7:38 PM Kirk Hall <Kirk.Hall at entrustdatacard.com>
wrote:

> Ryan – that’s not terribly useful if it leaves us with “nothing left”.
>
>
>
> Can you please present a draft ballot to establish a NetSec Subcommittee
> that you think is correct?  That’s really the only thing that will be
> useful.
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Thursday, September 13, 2018 3:48 PM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>
> *Cc:* CABFPub <public at cabforum.org>
> *Subject:* [EXTERNAL]Re: [cabfpub] Ballot SC10 – Establishing the Network
> Security Subcommittee of the SCWG
>
>
>
> I think that, without incorporating or responding to feedback, we will be
> opposed to this ballot. I agree that it's unfortunate we have gotten
> nowhere - but it's equally unfortunate to have spent two months without
> responding to any of the substance of the issues. It's great to see
> progress, but making small steps doesn't excuse leaving glaring issues.
> It's better to let these fall down than to support them with fundamental
> flaws.
>
>
>
> Concrete feedback is:
>
> Delete: "These renewed NCSSR documents will serve CAs, auditors and
> browsers in giving a state of the art set of rules for the deployment and
> operation of CAs computing infrastructures."
>
> Rationale: That presumes this output will be valid/valuable.
>
>
>
> Delete: "The Subcommittee may choose its own initial Chair."
>
> Rationale: Subcommittees don't have Chairs and votes. They're just
> meetings of the CWG with focus.
>
>
>
> Delete: "The Network Security Subcommittee shall produce one or more
> documents offering options to the Forum for establishing minimal security
> standards within the scope defined above, which may be used to modify the
> existing NCSSRs."
>
> Rationale: This is a pretty much a non-scope as worded, but worse,
> precludes some of the very activities you want to do. For example,
> reforming existing requirements doesn't establish minimums, so is out of
> scope.
>
>
>
> Obviously, that leaves you with nothing left. Hopefully there's something
> concrete you think should remain, and you can suggest improvements there.
>
>
>
>
>
>
>
> On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <Kirk.Hall at entrustdatacard.com>
> wrote:
>
> On this ballot and Ballot SC10, I’m only going to consider comments and
> criticisms that propose specific alternate language that you will support.
> We have spent two months on creation of Subcommittees that simply continue
> the work we have been doing., and getting nowhere.  Time to finish up!
>
>
>
> Do you have specific alternate ballot language you want the Members to
> consider?  If so, please post.
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Thursday, September 13, 2018 2:55 PM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CABFPub <
> public at cabforum.org>
> *Subject:* [EXTERNAL]Re: [cabfpub] Ballot SC10 – Establishing the Network
> Security Subcommittee of the SCWG
>
>
>
> On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <public at cabforum.org>
> wrote:
>
> *Scope: *Revising and improving the Network and Certificate Systems
> Security Requirements (NCSSRs).
>
>
> *Out of Scope: *No provision.
>
> *Deliverables: *The Network Security Subcommittee shall produce one or
> more documents offering options to the Forum for establishing minimal
> security standards within the scope defined above, which may be used to
> modify the existing NCSSRs. These renewed NCSSR documents will serve CAs,
> auditors and browsers in giving a state of the art set of rules for the
> deployment and operation of CAs computing infrastructures.  The
> Subcommittee may choose its own initial Chair.
>
>
>
> Is this Deliverable correct? Is that scope correct? The previous WG
> produced (only after significant prodding) a statement about 'options' -
> which was to modifying the existing NCSSRs. It seems like we're talking now
> about concrete recommendations for changes, and it seems more relevant to
> note what is in scope or out of scope.
>
>
>
> I disagree that the deliverable affirmatively stating "will serve CA,
> auditors, and browsers".
>
>
>
> However, there's other, more fundamental problems. Most notable is that
> Subcommittees aren't established to have Chairs - the point of the rework
> of the Bylaws was to make it clearer what activities are done and how they
> fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The
> other is that the SCWG does not yet have a defined process for the
> establishment of subcommittees.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180913/07ab76f4/attachment-0003.html>


More information about the Public mailing list