[cabfpub] Voting Period Begins: Ballot FORUM-17: Create Network Security Working Group

[Ben Wilson]

Mozilla vote "YES" on Ballot FORUM-17.

On Thu, Dec 16, 2021 at 11:39 AM Ben Wilson <bwilson at mozilla.com> wrote:

> Ballot FORUM-17, Create Network Security Working Group, is proposed by
> Ben Wilson of Mozilla and endorsed by Tim Hollebeek of DigiCert and David
> Kluge of Google.
>
> The Voting Period for Ballot FORUM-17 begins today at 19:00 UTC and ends
> on 23-Dec-2021 at 19:00 UTC.
>
> *Overview*
>
> In January 2013 the CA/Browser Forum’s “Network and Certificate System
> Security Requirements” (NCSSRs) became effective. In June 2017, the Forum
> chartered a Network Security Working Group to re-visit the NCSSRs. That
> charter expired on June 19, 2018, and in October 2018, the Server
> Certificate Working Group (SCWG) established a Network Security
> Subcommittee (NetSec Subcommittee) to continue work on the NCSSRs.
>
> This ballot proposes to charter a new Network Security Working Group
> (NetSec WG) to replace the NetSec Subcommittee, to continue work on the
> NCSSRs, and to conduct any and all business related to improving the
> security of Certification Authorities.
>
> Following the passage of this ballot:
>
> 1. A new NetSec WG will be chartered under the CA/B Forum, pursuant to
> section 5.3.1 of the Bylaws;
> 2. The Charter of the SCWG will be amended to remove the NCSSRs from
> within the scope of the SCWG Charter;
> 3. The existing mailing list and other materials developed for the NetSec
> Subcommittee will be repurposed for use by the NetSec WG;
> 4. The NetSec WG will produce and maintain versions of the NCSSRs; and
> 5. The NetSec WG will make security-related recommendations to other Forum
> WGs for requirements or guidelines that are within their purview, i.e. the
> BRs/EVGs of the SCWG, the Baseline Requirements for Code Signing
> Certificates of the Code Signing Certificate Working Group (CSCWG) or
> guidelines adopted by the S/MIME Certificate Working Group (SMCWG).
>
> *--- MOTION BEGINS ---*
>
>
> The Charter of the Server Certificate Working Group, currently version
> 1.1, is amended by deleting references to the Network and Certificate
> System Security Requirements, so that the Scope section of the Charter will
> now read as follows:
>
> * SCOPE:* The authorized scope of the Server Certificate Working Group
> shall be as follows:
>
> 1. To specify Baseline Requirements, Extended Validation Guidelines, and
> other acceptable practices for the issuance and management of SSL/TLS
> server certificates used for authenticating servers accessible through the
> Internet.
>
> 2. To update such requirements and guidelines from time to time, in order
> to address both existing and emerging threats to online security, including
> responsibility for the maintenance of and future amendments to the current
> CA/Browser Forum Baseline Requirements and Extended Validation Guidelines.
>
> 3. To perform such other activities that are ancillary to the primary
> activities listed above.
>
> See
> https://github.com/cabforum/forum/commit/a55fd7d3939f4f24aa26e88399069afede2a1edf
>
> The CA/Browser Forum creates the Network Security Working Group and adopts
> the following Charter:
>
> *Network Security Working Group Charter*
>
> The Network Security Working Group (“NetSec WG”) is hereby created to
> perform the activities as specified in this Charter, subject to the terms
> and conditions of the CA/Browser Forum Bylaws (https://cabforum.org/bylaws/)
> and Intellectual Property Rights (IPR) Policy (
> https://cabforum.org/ipr-policy/), as such documents may change from time
> to time. This charter for the NetSec WG has been created according to CAB
> Forum Bylaw 5.3.1. In the event of a conflict between this Charter and any
> provision in either the Bylaws or the IPR Policy, the provision in the
> Bylaws or IPR Policy shall take precedence. The definitions found in the
> Forum’s Bylaws shall apply to capitalized terms in this Charter.
>
> *1. Scope* – The scope of work performed by the NetSec WG includes:
>
>     1. To modify and maintain the existing Network and Certificate System
> Security Requirements or a successor requirements document (NCSSRs);
>     2. To make recommendations for improvements to security controls in
> the requirements or guidelines adopted by other Forum WGs (e.g. see
> sections 5 and 6 of the Baseline Requirements);
>     3. To create new requirements, guidelines, or recommended best
> practices related to the security of CA operations;
>     4. To perform risk analyses, security analyses, and other types of
> reviews of threats and vulnerabilities applicable to CA operations involved
> in the issuance and maintenance of publicly trusted certificates (e.g.
> server certificates, code signing certificates, SMIME certificates, etc.);
> and
>     5. To perform other activities ancillary to the primary activities
> listed above.
>
> *2. Out of Scope* – The NetSec WG shall not adopt requirements,
> Guidelines, or Maintenance Guidelines concerning certificate profiles,
> validation processes, certificate issuance, certificate revocation, or
> subscriber obligations, which are within the purview of the Server
> Certificate Working Group (SCWG), the Code Signing Certificate Working
> Group (CSCWG), or the S/MIME Certificate Working Group (SMCWG).
>
> *3. End Date* – The NetSec WG shall continue until it is dissolved by a
> vote of the CA/B Forum.
>
> *4. Deliverables* – The NetSec WG shall be responsible for delivering and
> maintaining the NCSSRs (version 1.7 shall remain valid until it is replaced
> by a subsequent version) and any other documents the group may choose to
> develop and maintain.
>
> *5. Courtesy Notice of Proposed Amendments to the NCSSRs* – Discussion
> and voting on any ballot to change the NCSSRs shall proceed within the
> NetSec WG in accordance with sections 2.3 and 2.4 of the Bylaws.
> Additionally, a courtesy notice of the proposed ballot and NetSec WG’s
> discussion period shall be given to the SCWG, the CSCWG, and the SMCWG via
> their Public Mail Lists.
>
> * 6. Participation and Membership *– Membership in the NetSec WG shall be
> limited to organizations that are Certificate Issuer Members or Certificate
> Consumer Members of the SCWG, the CSCWG, or the SMCWG, who may join the
> NetSec WG only with such status or class as they hold in such other working
> groups.
>
> In accordance with the IPR Policy, Members that choose to participate in
> the NetSec WG must declare their participation, and class of membership
> (Certificate Issuer or Certificate Consumer), and shall do so prior to
> participating. A Member must declare its participation in the NetSec WG by
> requesting to be added to the mailing list. The Chair of the NetSec WG
> shall establish a list for declarations of participation and manage it in
> accordance with the Bylaws, the IPR Policy, and the IPR Agreement.
>
> The NetSec WG shall include Interested Parties and Associate Members as
> defined in the Bylaws.
>
> Resignation from the NetSec WG does not prevent a participant from
> potentially having continuing obligations under the Forum’s IPR Policy or
> any other document.
>
> *7. Voting Structure*
>
> The NetSec WG shall consist of two classes of voting members, Certificate
> Issuers and Certificate Consumers. In order for a ballot to be adopted by
> the NetSec WG, two-thirds or more of the votes cast by the Certificate
> Issuers must be in favor of the ballot and more than 50% of the votes cast
> by the Certificate Consumers must be in favor of the ballot. At least one
> member of each class must vote in favor of a ballot for it to be adopted.
> Quorum is the average number of Member organizations (cumulative,
> regardless of Class) that have participated in the previous three NetSec WG
> Meetings or Teleconferences (not counting subcommittee meetings thereof).
> For transition purposes, if three meetings have not yet occurred, then
> quorum is ten (10).
>
> *8. Leadership*
>
> *Chair *– Clint Wilson shall be the initial Chair of the NetSec WG.
>
> * Vice-Chair* – David Kluge shall be the initial Vice-Chair of the NetSec
> WG.
>
> *Term.* The Chair and Vice-Chair will serve until October 31, 2022, or
> until they are replaced, resign, or are otherwise disqualified. Thereafter,
> elections shall be held for chair and vice chair every two years in
> coordination with the Forum’s election process and in conjunction with its
> election cycle. Voting shall occur in accordance with Bylaw 4.1(c). In the
> event of a midterm vacancy, the NetSec WG will hold a special election and
> the selected candidate will serve the remainder of the existing term.
>
> * 9. Communication* – NetSec WG communications and documents, including
> minutes of meetings, shall be posted on mailing-lists where the
> mail-archives are publicly accessible or on the Forum’s website.
>
> *10. IPR Policy* – The CA/Browser Forum Intellectual Rights Policy, v.
> 1.3 or later, shall apply to all Working Group activity.
>
> *11. Other Organizational Matters*
>
> Reserved.
>
> *Effect of Forum Bylaws Amendment on Working Group* - In the event that
> Forum Bylaws are amended to add or modify general rules governing Forum
> Working Groups and how they operate, such provisions of the Bylaws take
> precedence over this charter.
>
>  See
> https://github.com/cabforum/forum/pull/23/files#diff-cf5513a8c4dabce6e3364691537b74a7d2faa1af8dc9e1ee8ce9b2d7759c9406
>
> --- MOTION ENDS ---
>
>
> The procedure for approval of this ballot is as follows:
>
>  Discussion (7+ days)
>
>  Start Time: 2021-12-09 18:00:00 UTC
>
>  End Time: 2021-12-16 19:00:00 UTC
>
> Vote for approval (7 days)
>
> Start Time: 2021-12-16 19:00 UTC
>
> End Time: 2021-12-23 19:00:00 UTC
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20211216/f185d9b9/attachment-0001.html>