[cabfpub] Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

Ryan Sleevi sleevi at google.com
Fri Sep 14 16:49:36 UTC 2018


Put it differently: Why do we need to establish a Subcommittee? What's the
pressing or urgent need that's trying to be met? Can we resolve that
quickly?

I don't think that language, as a proposal, really resolves the issues. If
the answer is providing more clarity for SCWG's Subcommittees, yes, let's
solve that. That's a real and reasonable problem and doesn't leave us with
some unaddressed gap.

On Fri, Sep 14, 2018 at 12:29 PM Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:

> My ballot that I didn’t get around to writing would have had something
> like:
>
>
>
> “The current Bylaws lack clarity and precision about the functioning of
> subcommittees.  Until such a time as that is corrected, subcommittees
> created from LWGs shall operate in the same manner as pre-governance reform
> working groups.”
>
>
>
> Would that help?
>
>
>
> -Tim
>
>
>
> P.S. I asked the Validation WG chair if the Validation Subcommittee would
> continue using the validation mailing list, and continue to produce agendas
> and minutes, and he said yes.
>
>
>
> *From:* Ryan Sleevi <sleevi at google.com>
> *Sent:* Friday, September 14, 2018 12:19 PM
> *To:* Tim Hollebeek <tim.hollebeek at digicert.com>
> *Cc:* Wayne Thayer <wthayer at mozilla.com>; CABFPub <public at cabforum.org>
> *Subject:* Re: [cabfpub] Ballot SC10 – Establishing the Network Security
> Subcommittee of the SCWG
>
>
>
> Subcommittees don't have requirements for minutes or publicly-available
> notes.
>
>
>
> That's the point. All this thinking about subcommittees working "just
> like" LWGs is not the case. All of that was lost from the Bylaws. A
> subcommittee can just be two people having a chat, at least as written in
> the Bylaws today.
>
>
>
> There's nothing stating subcommittees work with their own mailing lists,
> for example, in the way our old bylaws did. There's nothing establishing
> chairs or charters or deliverables. It's a one-off note.
>
>
>
> That's the point.
>
>
>
> On Fri, Sep 14, 2018 at 12:13 PM Tim Hollebeek <tim.hollebeek at digicert.com>
> wrote:
>
> Collaborating outside of a subcommittee has a bunch of drawbacks,
> including a complete lack of public transparency and much weaker IPR
> protections.
>
>
>
> In my opinion, there’s already way, way too much going on in private that
> would be better handled in subcommittees where everyone can participate and
> there are publicly available notes.
>
>
>
> -Tim
>
>
>
> *From:* Public <public-bounces at cabforum.org> *On Behalf Of *Wayne Thayer
> via Public
> *Sent:* Thursday, September 13, 2018 7:11 PM
> *To:* Ryan Sleevi <sleevi at google.com>; CA/Browser Forum Public Discussion
> List <public at cabforum.org>
> *Subject:* Re: [cabfpub] Ballot SC10 – Establishing the Network Security
> Subcommittee of the SCWG
>
>
>
> Would it be helpful to take a step back and propose an amendment to the
> Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I
> would be willing to work on that. Meanwhile, if the Network Security WG
> left some urgent work unfinished, nothing prevents SCWG members from
> collaborating outside of the Subcommittee structure.
>
>
>
> On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <
> public at cabforum.org> wrote:
>
> I think that, without incorporating or responding to feedback, we will be
> opposed to this ballot. I agree that it's unfortunate we have gotten
> nowhere - but it's equally unfortunate to have spent two months without
> responding to any of the substance of the issues. It's great to see
> progress, but making small steps doesn't excuse leaving glaring issues.
> It's better to let these fall down than to support them with fundamental
> flaws.
>
>
>
> Concrete feedback is:
>
> Delete: "These renewed NCSSR documents will serve CAs, auditors and
> browsers in giving a state of the art set of rules for the deployment and
> operation of CAs computing infrastructures."
>
> Rationale: That presumes this output will be valid/valuable.
>
>
>
> Delete: "The Subcommittee may choose its own initial Chair."
>
> Rationale: Subcommittees don't have Chairs and votes. They're just
> meetings of the CWG with focus.
>
>
>
> Delete: "The Network Security Subcommittee shall produce one or more
> documents offering options to the Forum for establishing minimal security
> standards within the scope defined above, which may be used to modify the
> existing NCSSRs."
>
> Rationale: This is a pretty much a non-scope as worded, but worse,
> precludes some of the very activities you want to do. For example,
> reforming existing requirements doesn't establish minimums, so is out of
> scope.
>
>
>
> Obviously, that leaves you with nothing left. Hopefully there's something
> concrete you think should remain, and you can suggest improvements there.
>
>
>
>
>
>
>
> On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <Kirk.Hall at entrustdatacard.com>
> wrote:
>
> On this ballot and Ballot SC10, I’m only going to consider comments and
> criticisms that propose specific alternate language that you will support.
> We have spent two months on creation of Subcommittees that simply continue
> the work we have been doing., and getting nowhere.  Time to finish up!
>
>
>
> Do you have specific alternate ballot language you want the Members to
> consider?  If so, please post.
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Thursday, September 13, 2018 2:55 PM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CABFPub <
> public at cabforum.org>
> *Subject:* [EXTERNAL]Re: [cabfpub] Ballot SC10 – Establishing the Network
> Security Subcommittee of the SCWG
>
>
>
> On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <public at cabforum.org>
> wrote:
>
> *Scope: *Revising and improving the Network and Certificate Systems
> Security Requirements (NCSSRs).
>
>
> *Out of Scope: *No provision.
>
> *Deliverables: *The Network Security Subcommittee shall produce one or
> more documents offering options to the Forum for establishing minimal
> security standards within the scope defined above, which may be used to
> modify the existing NCSSRs. These renewed NCSSR documents will serve CAs,
> auditors and browsers in giving a state of the art set of rules for the
> deployment and operation of CAs computing infrastructures.  The
> Subcommittee may choose its own initial Chair.
>
>
>
> Is this Deliverable correct? Is that scope correct? The previous WG
> produced (only after significant prodding) a statement about 'options' -
> which was to modifying the existing NCSSRs. It seems like we're talking now
> about concrete recommendations for changes, and it seems more relevant to
> note what is in scope or out of scope.
>
>
>
> I disagree that the deliverable affirmatively stating "will serve CA,
> auditors, and browsers".
>
>
>
> However, there's other, more fundamental problems. Most notable is that
> Subcommittees aren't established to have Chairs - the point of the rework
> of the Bylaws was to make it clearer what activities are done and how they
> fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The
> other is that the SCWG does not yet have a defined process for the
> establishment of subcommittees.
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180914/0ccf31ed/attachment-0003.html>


More information about the Public mailing list