[Servercert-wg] Servercert-wg Digest, Vol 32, Issue 1
Peter Miškovič
Peter.Miskovic at disig.sk
Mon Feb 8 17:08:57 UTC 2021
Disig votes "YES" on Ballot SC39v3: Definition of Critical Vulnerability.
Ragards
Peter Miskovic
-----Original Message-----
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of servercert-wg-request at cabforum.org
Sent: Tuesday, February 2, 2021 3:57 PM
To: servercert-wg at cabforum.org
Subject: Servercert-wg Digest, Vol 32, Issue 1
Send Servercert-wg mailing list submissions to
servercert-wg at cabforum.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.cabforum.org/mailman/listinfo/servercert-wg
or, via email, send a message with subject or body 'help' to
servercert-wg-request at cabforum.org
You can reach the person managing the list at
servercert-wg-owner at cabforum.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Servercert-wg digest..."
Today's Topics:
1. VOTING BEGINS: Ballot SC39v3: (Neil Dunbar)
2. Re: VOTING BEGINS: Ballot SC39v3: Definition of Critical
Vulnerability (Neil Dunbar)
3. Agenda for 4 February SCWG Meeting (Jos Purvis (jopurvis))
----------------------------------------------------------------------
Message: 1
Date: Tue, 2 Feb 2021 14:15:44 +0000
From: Neil Dunbar <ndunbar at trustcorsystems.com>
To: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org>
Subject: [Servercert-wg] VOTING BEGINS: Ballot SC39v3:
Message-ID: <5298fb09-5df5-1c61-be68-6b0d5ef51bc6 at trustcorsystems.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Colleagues,
This begins the voting period for ballot SC39v3: Definition of Critical Vulnerability.
The following motion has been proposed by Neil Dunbar of TrustCor and endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).
-- MOTION BEGINS --
This ballot modifies the ?Network and Certificate System Security Requirements? based on Version 1.5.
Under the section ?Definitions?:
Remove the current definition:
Critical Vulnerability: A system vulnerability that has a CVSS score of
7.0 or higher according to the NVD or an equivalent to such CVSS rating (see http://nvd.nist.gov/home.cfm), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.
Insert a new definition:
Critical Vulnerability: A system vulnerability that has a CVSS v2.0 score of 7.0 or higher according to the NVD or an equivalent to such CVSS rating (see https://nvd.nist.gov/vuln-metrics/cvss), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.
-- MOTION ENDS --
* WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
A comparison of the changes can be found at:
https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split
This ballot proposes one Final Maintenance Guideline.
The procedure for approval of this ballot is as follows:
Vote for approval??? (7 days)
Start Time: 2020-02-02 1700 UTC
End Time: 2020-02-09 1700 UTC
Regards,
Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210202/680c6844/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 2 Feb 2021 14:29:22 +0000
From: Neil Dunbar <ndunbar at trustcorsystems.com>
To: servercert-wg at cabforum.org
Subject: Re: [Servercert-wg] VOTING BEGINS: Ballot SC39v3: Definition
of Critical Vulnerability
Message-ID: <522be6f7-e755-1428-657b-1d107962997e at trustcorsystems.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Resend: adding the ballot title to the mail thread.
On 02/02/2021 14:15, Neil Dunbar via Servercert-wg wrote:
>
> Colleagues,
>
> This begins the voting period for ballot SC39v3: Definition of
> Critical Vulnerability.
>
> The following motion has been proposed by Neil Dunbar of TrustCor and
> endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).
>
> -- MOTION BEGINS --
>
> This ballot modifies the ?Network and Certificate System Security
> Requirements? based on Version 1.5.
>
> Under the section ?Definitions?:
>
> Remove the current definition:
>
> Critical Vulnerability: A system vulnerability that has a CVSS score
> of 7.0 or higher according to the NVD or an equivalent to such CVSS
> rating (see http://nvd.nist.gov/home.cfm), or as otherwise designated
> as a Critical Vulnerability by the CA or the CA/Browser Forum.
>
> Insert a new definition:
>
> Critical Vulnerability: A system vulnerability that has a CVSS v2.0
> score of 7.0 or higher according to the NVD or an equivalent to such
> CVSS rating (see https://nvd.nist.gov/vuln-metrics/cvss), or as
> otherwise designated as a Critical Vulnerability by the CA or the
> CA/Browser Forum.
>
> -- MOTION ENDS --
>
> * WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE
> OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
>
> A comparison of the changes can be found at:
>
> https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61
> fd381?diff=split
>
>
> This ballot proposes one Final Maintenance Guideline.
>
> The procedure for approval of this ballot is as follows:
>
> Vote for approval??? (7 days)
>
> Start Time: 2020-02-02 1700 UTC
> End Time: 2020-02-09 1700 UTC
>
> Regards,
>
> Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210202/a32c7390/attachment-0001.html>
------------------------------
Message: 3
Date: Tue, 2 Feb 2021 14:55:34 +0000
From: "Jos Purvis (jopurvis)" <jopurvis at cisco.com>
To: CABF Server Cert WG <servercert-wg at cabforum.org>
Subject: [Servercert-wg] Agenda for 4 February SCWG Meeting
Message-ID: <5B8EA35C-C99F-4A76-97DF-850444B7F644 at cisco.com>
Content-Type: text/plain; charset="utf-8"
Below is the final agenda for Thursday's meeting.
Server Certificate Working Group Agenda ? 4 February 2021
Item
Description
Presenters
1.
Roll Call
Jos
2.
Read Antitrust Statement
3.
Review Agenda, assign minute taker for next call
4.
Approval of minutes from last teleconference Jos 5.
Validation Subcommittee Update
Tim
6.
NetSec Subcommittee Update
Neil
7.
Ballot Status ? see table at end of Agenda All 8.
Any Other Business
All
9.
Next call: 18 February at 11AM Eastern
Adjourn; Immediately convene meeting of CA/B Forum call (same call)
CURRENT STATUS OF BALLOTS
1. Ballots in Discussion Period
o SC38 ? Alignment of Record Archival
o SC41 ? Reformat the BRs, EVGs, and NCSSRs
2. Ballots in Voting Period
o SC39 ? Definition of Critical Vulnerability
3. Ballots in Review Period
None
4. Draft Ballots Under Consideration
? Ballot SCXX: Security Requirements for Air-Gapped CA Systems (Ben)
? Ballot SCXX: Debian Weak Keys (Chris)
? SC34 Account Management (Tobi)
--
Jos Purvis (jopurvis at cisco.com<mailto:jopurvis at cisco.com>)
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | Controls & Trust Verification
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210202/1c3ccb8e/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
Servercert-wg mailing list
Servercert-wg at cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg
------------------------------
End of Servercert-wg Digest, Vol 32, Issue 1
********************************************
More information about the Servercert-wg
mailing list