[Servercert-wg] VOTING BEGINS: Ballot SC39v3:
Michael Guenther
michael.guenther at swisssign.com
Mon Feb 8 08:20:35 UTC 2021
SwissSign votes 'yes' on Ballot SC39v3
Thanks Mike
Von: Servercert-wg <servercert-wg-bounces at cabforum.org> Im Auftrag von Neil Dunbar via Servercert-wg
Gesendet: Dienstag, 2. Februar 2021 15:16
An: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Betreff: [Servercert-wg] VOTING BEGINS: Ballot SC39v3:
Colleagues,
This begins the voting period for ballot SC39v3: Definition of Critical Vulnerability.
The following motion has been proposed by Neil Dunbar of TrustCor and endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).
-- MOTION BEGINS --
This ballot modifies the "Network and Certificate System Security Requirements" based on Version 1.5.
Under the section "Definitions":
Remove the current definition:
Critical Vulnerability: A system vulnerability that has a CVSS score of 7.0 or higher according to the NVD or an equivalent to such CVSS rating (see http://nvd.nist.gov/home.cfm<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fnvd.nist.gov%2Fhome.cfm&data=04%7C01%7Cmichael.guenther%40swisssign.com%7Cd757be6d77bf4661107708d8c7850c45%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C637478721547007190%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SLtExqy6KxRFvZsfKOwMfKxq0AH9GSmB5%2B48vfykFFQ%3D&reserved=0>), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.
Insert a new definition:
Critical Vulnerability: A system vulnerability that has a CVSS v2.0 score of 7.0 or higher according to the NVD or an equivalent to such CVSS rating (see https://nvd.nist.gov/vuln-metrics/cvss<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln-metrics%2Fcvss&data=04%7C01%7Cmichael.guenther%40swisssign.com%7Cd757be6d77bf4661107708d8c7850c45%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C637478721547017148%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GDROQutW1PW92dPFNi4gIhF5CyRPVVBJLZcAt7MU58A%3D&reserved=0>), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.
-- MOTION ENDS --
* WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
A comparison of the changes can be found at:
https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2F2b7720f...neildunbar%3A61fd381%3Fdiff%3Dsplit&data=04%7C01%7Cmichael.guenther%40swisssign.com%7Cd757be6d77bf4661107708d8c7850c45%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C637478721547017148%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=16%2F2uaY45%2F%2BHDXijo2qZwcStJLGeTzeNOiVDMc1jkbw%3D&reserved=0>
This ballot proposes one Final Maintenance Guideline.
The procedure for approval of this ballot is as follows:
Vote for approval (7 days)
Start Time: 2020-02-02 1700 UTC
End Time: 2020-02-09 1700 UTC
Regards,
Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210208/c46a39a1/attachment-0001.html>
More information about the Servercert-wg
mailing list