[cabfpub] Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

Ryan Sleevi sleevi at google.com
Thu Sep 13 23:56:22 UTC 2018 

I think that's what the past suggestion was, and I think it's a good
suggestion.

There's no process defined in the CWG for establishment, and I think
there's still some confusion among some members about how the new Bylaws
look - because we're not establishing CWGs (which have IP considerations),
but Subcommittees. We don't need chairs for Subcommittees, there's not a
voting process defined for Subcommittees, and it seems there's confusion on
Subcommittees relation to minutes and such.

I think we say the option is these LWGs is to terminate (as LWGs), and
further discussions continue on within the SCWG to resolve - things like
ballots for the SCWG and Subcommittees.

There's no urgency to convert to a subcommittee or continue as a CWG.

On Thu, Sep 13, 2018 at 7:11 PM Wayne Thayer <wthayer at mozilla.com> wrote:

> Would it be helpful to take a step back and propose an amendment to the
> Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I
> would be willing to work on that. Meanwhile, if the Network Security WG
> left some urgent work unfinished, nothing prevents SCWG members from
> collaborating outside of the Subcommittee structure.
>
> On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <
> public at cabforum.org> wrote:
>
>> I think that, without incorporating or responding to feedback, we will be
>> opposed to this ballot. I agree that it's unfortunate we have gotten
>> nowhere - but it's equally unfortunate to have spent two months without
>> responding to any of the substance of the issues. It's great to see
>> progress, but making small steps doesn't excuse leaving glaring issues.
>> It's better to let these fall down than to support them with fundamental
>> flaws.
>>
>> Concrete feedback is:
>> Delete: "These renewed NCSSR documents will serve CAs, auditors and
>> browsers in giving a state of the art set of rules for the deployment and
>> operation of CAs computing infrastructures."
>> Rationale: That presumes this output will be valid/valuable.
>>
>> Delete: "The Subcommittee may choose its own initial Chair."
>> Rationale: Subcommittees don't have Chairs and votes. They're just
>> meetings of the CWG with focus.
>>
>> Delete: "The Network Security Subcommittee shall produce one or more
>> documents offering options to the Forum for establishing minimal security
>> standards within the scope defined above, which may be used to modify the
>> existing NCSSRs."
>> Rationale: This is a pretty much a non-scope as worded, but worse,
>> precludes some of the very activities you want to do. For example,
>> reforming existing requirements doesn't establish minimums, so is out of
>> scope.
>>
>> Obviously, that leaves you with nothing left. Hopefully there's something
>> concrete you think should remain, and you can suggest improvements there.
>>
>>
>>
>> On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <Kirk.Hall at entrustdatacard.com>
>> wrote:
>>
>>> On this ballot and Ballot SC10, I’m only going to consider comments and
>>> criticisms that propose specific alternate language that you will support.
>>> We have spent two months on creation of Subcommittees that simply continue
>>> the work we have been doing., and getting nowhere.  Time to finish up!
>>>
>>>
>>>
>>> Do you have specific alternate ballot language you want the Members to
>>> consider?  If so, please post.
>>>
>>>
>>>
>>> *From:* Ryan Sleevi [mailto:sleevi at google.com]
>>> *Sent:* Thursday, September 13, 2018 2:55 PM
>>> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CABFPub <
>>> public at cabforum.org>
>>> *Subject:* [EXTERNAL]Re: [cabfpub] Ballot SC10 – Establishing the
>>> Network Security Subcommittee of the SCWG
>>>
>>>
>>>
>>> On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <
>>> public at cabforum.org> wrote:
>>>
>>> *Scope: *Revising and improving the Network and Certificate Systems
>>> Security Requirements (NCSSRs).
>>>
>>>
>>> *Out of Scope: *No provision.
>>>
>>> *Deliverables: *The Network Security Subcommittee shall produce one or
>>> more documents offering options to the Forum for establishing minimal
>>> security standards within the scope defined above, which may be used to
>>> modify the existing NCSSRs. These renewed NCSSR documents will serve CAs,
>>> auditors and browsers in giving a state of the art set of rules for the
>>> deployment and operation of CAs computing infrastructures.  The
>>> Subcommittee may choose its own initial Chair.
>>>
>>>
>>>
>>> Is this Deliverable correct? Is that scope correct? The previous WG
>>> produced (only after significant prodding) a statement about 'options' -
>>> which was to modifying the existing NCSSRs. It seems like we're talking now
>>> about concrete recommendations for changes, and it seems more relevant to
>>> note what is in scope or out of scope.
>>>
>>>
>>>
>>> I disagree that the deliverable affirmatively stating "will serve CA,
>>> auditors, and browsers".
>>>
>>>
>>>
>>> However, there's other, more fundamental problems. Most notable is that
>>> Subcommittees aren't established to have Chairs - the point of the rework
>>> of the Bylaws was to make it clearer what activities are done and how they
>>> fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The
>>> other is that the SCWG does not yet have a defined process for the
>>> establishment of subcommittees.
>>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180913/b3614072/attachment-0003.html>

More information about the Public mailing list