[Servercert-wg] VOTING BEGINS: Ballot SC39v3: Definition of Critical Vulnerability

Sun Feb 7 16:45:48 UTC 2021

eMudhra votes YES to ballot SC39v3

Regards,
Vijay

From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Neil Dunbar via Servercert-wg
Sent: 02 February 2021 19:59
To: servercert-wg at cabforum.org
Subject: Re: [Servercert-wg] VOTING BEGINS: Ballot SC39v3: Definition of Critical Vulnerability

Resend: adding the ballot title to the mail thread.
On 02/02/2021 14:15, Neil Dunbar via Servercert-wg wrote:
Colleagues,

This begins the voting period for ballot SC39v3: Definition of Critical Vulnerability.

The following motion has been proposed by Neil Dunbar of TrustCor and endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).

-- MOTION BEGINS --

This ballot modifies the "Network and Certificate System Security Requirements" based on Version 1.5.

Under the section "Definitions":

Remove the current definition:

Critical Vulnerability: A system vulnerability that has a CVSS score of 7.0 or higher according to the NVD or an equivalent to such CVSS rating (see http://nvd.nist.gov/home.cfm<https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fnvd.nist.gov%2Fhome.cfm&data=04%7C01%7Cvijay%40emudhra.com%7Cd6d05ddb45204d6b63d408d8c786f324%7C11219a1f9e6240568ee2d013be03405f%7C0%7C0%7C637478729711090376%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=b56gmf3dKSkCSLvJ8sswmCzxaflPxBThd0xz21iJVrg%3D&reserved=0>), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.

Insert a new definition:

Critical Vulnerability: A system vulnerability that has a CVSS v2.0 score of 7.0 or higher according to the NVD or an equivalent to such CVSS rating (see https://nvd.nist.gov/vuln-metrics/cvss<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln-metrics%2Fcvss&data=04%7C01%7Cvijay%40emudhra.com%7Cd6d05ddb45204d6b63d408d8c786f324%7C11219a1f9e6240568ee2d013be03405f%7C0%7C0%7C637478729711090376%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bz9kNzoRN3eT2xV1rnc%2Fn9mXo7grQXy4anG%2FncEgKU4%3D&reserved=0>), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.

-- MOTION ENDS --

* WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):

A comparison of the changes can be found at:

https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2F2b7720f...neildunbar%3A61fd381%3Fdiff%3Dsplit&data=04%7C01%7Cvijay%40emudhra.com%7Cd6d05ddb45204d6b63d408d8c786f324%7C11219a1f9e6240568ee2d013be03405f%7C0%7C0%7C637478729711100368%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9l1ZLaWVPhrh5yQycrevTvTE44yGa3Vdk5TMRy5Eqzc%3D&reserved=0>

This ballot proposes one Final Maintenance Guideline.

The procedure for approval of this ballot is as follows:

Vote for approval    (7 days)

Start Time: 2020-02-02 1700 UTC
End Time: 2020-02-09 1700 UTC

Regards,

Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210207/412f8ea2/attachment.html>