[cabfpub] Voting Period Begins: Ballot FORUM-17: Create Network Security Working Group

Yoshiro YONEYA yoshiro.yoneya at jprs.co.jp
Thu Dec 23 07:42:43 UTC 2021

JPRS votes YES to Ballot FORUM-17.

Yoshiro YONEYA <yoshiro.yoneya at jprs.co.jp>

On Thu, 16 Dec 2021 18:39:41 +0000 Ben Wilson via Public <public at cabforum.org> wrote:

> Ballot FORUM-17, Create Network Security Working Group, is proposed by Ben
> Wilson of Mozilla and endorsed by Tim Hollebeek of DigiCert and David Kluge
> of Google.
> The Voting Period for Ballot FORUM-17 begins today at 19:00 UTC and ends on
> 23-Dec-2021 at 19:00 UTC.
> *Overview*
> In January 2013 the CA/Browser Forum’s “Network and Certificate System
> Security Requirements” (NCSSRs) became effective. In June 2017, the Forum
> chartered a Network Security Working Group to re-visit the NCSSRs. That
> charter expired on June 19, 2018, and in October 2018, the Server
> Certificate Working Group (SCWG) established a Network Security
> Subcommittee (NetSec Subcommittee) to continue work on the NCSSRs.
> This ballot proposes to charter a new Network Security Working Group
> (NetSec WG) to replace the NetSec Subcommittee, to continue work on the
> NCSSRs, and to conduct any and all business related to improving the
> security of Certification Authorities.
> Following the passage of this ballot:
> 1. A new NetSec WG will be chartered under the CA/B Forum, pursuant to
> section 5.3.1 of the Bylaws;
> 2. The Charter of the SCWG will be amended to remove the NCSSRs from within
> the scope of the SCWG Charter;
> 3. The existing mailing list and other materials developed for the NetSec
> Subcommittee will be repurposed for use by the NetSec WG;
> 4. The NetSec WG will produce and maintain versions of the NCSSRs; and
> 5. The NetSec WG will make security-related recommendations to other Forum
> WGs for requirements or guidelines that are within their purview, i.e. the
> BRs/EVGs of the SCWG, the Baseline Requirements for Code Signing
> Certificates of the Code Signing Certificate Working Group (CSCWG) or
> guidelines adopted by the S/MIME Certificate Working Group (SMCWG).
> *--- MOTION BEGINS ---*
> The Charter of the Server Certificate Working Group, currently version 1.1,
> is amended by deleting references to the Network and Certificate System
> Security Requirements, so that the Scope section of the Charter will now
> read as follows:
> * SCOPE:* The authorized scope of the Server Certificate Working Group
> shall be as follows:
> 1. To specify Baseline Requirements, Extended Validation Guidelines, and
> other acceptable practices for the issuance and management of SSL/TLS
> server certificates used for authenticating servers accessible through the
> Internet.
> 2. To update such requirements and guidelines from time to time, in order
> to address both existing and emerging threats to online security, including
> responsibility for the maintenance of and future amendments to the current
> CA/Browser Forum Baseline Requirements and Extended Validation Guidelines.
> 3. To perform such other activities that are ancillary to the primary
> activities listed above.
> See
> https://github.com/cabforum/forum/commit/a55fd7d3939f4f24aa26e88399069afede2a1edf
> The CA/Browser Forum creates the Network Security Working Group and adopts
> the following Charter:
> *Network Security Working Group Charter*
> The Network Security Working Group (“NetSec WG”) is hereby created to
> perform the activities as specified in this Charter, subject to the terms
> and conditions of the CA/Browser Forum Bylaws (https://cabforum.org/bylaws/)
> and Intellectual Property Rights (IPR) Policy (
> https://cabforum.org/ipr-policy/), as such documents may change from time
> to time. This charter for the NetSec WG has been created according to CAB
> Forum Bylaw 5.3.1. In the event of a conflict between this Charter and any
> provision in either the Bylaws or the IPR Policy, the provision in the
> Bylaws or IPR Policy shall take precedence. The definitions found in the
> Forum’s Bylaws shall apply to capitalized terms in this Charter.
> *1. Scope* – The scope of work performed by the NetSec WG includes:
>     1. To modify and maintain the existing Network and Certificate System
> Security Requirements or a successor requirements document (NCSSRs);
>     2. To make recommendations for improvements to security controls in the
> requirements or guidelines adopted by other Forum WGs (e.g. see sections 5
> and 6 of the Baseline Requirements);
>     3. To create new requirements, guidelines, or recommended best
> practices related to the security of CA operations;
>     4. To perform risk analyses, security analyses, and other types of
> reviews of threats and vulnerabilities applicable to CA operations involved
> in the issuance and maintenance of publicly trusted certificates (e.g.
> server certificates, code signing certificates, SMIME certificates, etc.);
> and
>     5. To perform other activities ancillary to the primary activities
> listed above.
> *2. Out of Scope* – The NetSec WG shall not adopt requirements, Guidelines,
> or Maintenance Guidelines concerning certificate profiles, validation
> processes, certificate issuance, certificate revocation, or subscriber
> obligations, which are within the purview of the Server Certificate Working
> Group (SCWG), the Code Signing Certificate Working Group (CSCWG), or the
> S/MIME Certificate Working Group (SMCWG).
> *3. End Date* – The NetSec WG shall continue until it is dissolved by a
> vote of the CA/B Forum.
> *4. Deliverables* – The NetSec WG shall be responsible for delivering and
> maintaining the NCSSRs (version 1.7 shall remain valid until it is replaced
> by a subsequent version) and any other documents the group may choose to
> develop and maintain.
> *5. Courtesy Notice of Proposed Amendments to the NCSSRs* – Discussion and
> voting on any ballot to change the NCSSRs shall proceed within the NetSec
> WG in accordance with sections 2.3 and 2.4 of the Bylaws. Additionally, a
> courtesy notice of the proposed ballot and NetSec WG’s discussion period
> shall be given to the SCWG, the CSCWG, and the SMCWG via their Public Mail
> Lists.
> * 6. Participation and Membership *– Membership in the NetSec WG shall be
> limited to organizations that are Certificate Issuer Members or Certificate
> Consumer Members of the SCWG, the CSCWG, or the SMCWG, who may join the
> NetSec WG only with such status or class as they hold in such other working
> groups.
> In accordance with the IPR Policy, Members that choose to participate in
> the NetSec WG must declare their participation, and class of membership
> (Certificate Issuer or Certificate Consumer), and shall do so prior to
> participating. A Member must declare its participation in the NetSec WG by
> requesting to be added to the mailing list. The Chair of the NetSec WG
> shall establish a list for declarations of participation and manage it in
> accordance with the Bylaws, the IPR Policy, and the IPR Agreement.
> The NetSec WG shall include Interested Parties and Associate Members as
> defined in the Bylaws.
> Resignation from the NetSec WG does not prevent a participant from
> potentially having continuing obligations under the Forum’s IPR Policy or
> any other document.
> *7. Voting Structure*
> The NetSec WG shall consist of two classes of voting members, Certificate
> Issuers and Certificate Consumers. In order for a ballot to be adopted by
> the NetSec WG, two-thirds or more of the votes cast by the Certificate
> Issuers must be in favor of the ballot and more than 50% of the votes cast
> by the Certificate Consumers must be in favor of the ballot. At least one
> member of each class must vote in favor of a ballot for it to be adopted.
> Quorum is the average number of Member organizations (cumulative,
> regardless of Class) that have participated in the previous three NetSec WG
> Meetings or Teleconferences (not counting subcommittee meetings thereof).
> For transition purposes, if three meetings have not yet occurred, then
> quorum is ten (10).
> *8. Leadership*
> *Chair *– Clint Wilson shall be the initial Chair of the NetSec WG.
> * Vice-Chair* – David Kluge shall be the initial Vice-Chair of the NetSec
> WG.
> *Term.* The Chair and Vice-Chair will serve until October 31, 2022, or
> until they are replaced, resign, or are otherwise disqualified. Thereafter,
> elections shall be held for chair and vice chair every two years in
> coordination with the Forum’s election process and in conjunction with its
> election cycle. Voting shall occur in accordance with Bylaw 4.1(c). In the
> event of a midterm vacancy, the NetSec WG will hold a special election and
> the selected candidate will serve the remainder of the existing term.
> * 9. Communication* – NetSec WG communications and documents, including
> minutes of meetings, shall be posted on mailing-lists where the
> mail-archives are publicly accessible or on the Forum’s website.
> *10. IPR Policy* – The CA/Browser Forum Intellectual Rights Policy, v. 1.3
> or later, shall apply to all Working Group activity.
> *11. Other Organizational Matters*
> Reserved.
> *Effect of Forum Bylaws Amendment on Working Group* - In the event that
> Forum Bylaws are amended to add or modify general rules governing Forum
> Working Groups and how they operate, such provisions of the Bylaws take
> precedence over this charter.
>  See
> https://github.com/cabforum/forum/pull/23/files#diff-cf5513a8c4dabce6e3364691537b74a7d2faa1af8dc9e1ee8ce9b2d7759c9406
> --- MOTION ENDS ---
> The procedure for approval of this ballot is as follows:
>  Discussion (7+ days)
>  Start Time: 2021-12-09 18:00:00 UTC
>  End Time: 2021-12-16 19:00:00 UTC
> Vote for approval (7 days)
> Start Time: 2021-12-16 19:00 UTC
> End Time: 2021-12-23 19:00:00 UTC

More information about the Public mailing list