[Servercert-wg] VOTING BEGINS: Ballot SC39v3:

Jos Purvis (jopurvis) jopurvis at cisco.com
Thu Feb 11 18:22:06 UTC 2021


Hi Neil,

In getting this set up for IPR review, can you create a pull request against the new SC39 branch?
            https://github.com/cabforum/servercert/compare/SC39...neildunbar:61fd381?diff=split

That should auto-generate the artifacts we need, and I can generate the redlines for comparison from there. Thanks!


--
Jos Purvis (jopurvis at cisco.com<mailto:jopurvis at cisco.com>)
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | Controls and Trust Verification


From: Servercert-wg <servercert-wg-bounces at cabforum.org> on behalf of CABF Server Cert WG <servercert-wg at cabforum.org>
Reply-To: Neil Dunbar <ndunbar at trustcorsystems.com>, CABF Server Cert WG <servercert-wg at cabforum.org>
Date: Tuesday, February 2, 2021 at 9:16 AM
To: CABF Server Cert WG <servercert-wg at cabforum.org>
Subject: [Servercert-wg] VOTING BEGINS: Ballot SC39v3:

Colleagues,

This begins the voting period for ballot SC39v3: Definition of Critical Vulnerability.

The following motion has been proposed by Neil Dunbar of TrustCor and endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).

-- MOTION BEGINS --

This ballot modifies the “Network and Certificate System Security Requirements” based on Version 1.5.

Under the section “Definitions”:

Remove the current definition:

Critical Vulnerability: A system vulnerability that has a CVSS score of 7.0 or higher according to the NVD or an equivalent to such CVSS rating (see http://nvd.nist.gov/home.cfm), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.

Insert a new definition:

Critical Vulnerability: A system vulnerability that has a CVSS v2.0 score of 7.0 or higher according to the NVD or an equivalent to such CVSS rating (see https://nvd.nist.gov/vuln-metrics/cvss), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.

-- MOTION ENDS --

* WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):

A comparison of the changes can be found at:

https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split

This ballot proposes one Final Maintenance Guideline.

The procedure for approval of this ballot is as follows:

Vote for approval    (7 days)

Start Time: 2020-02-02 1700 UTC
End Time: 2020-02-09 1700 UTC

Regards,

Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210211/94a74c70/attachment.html>


More information about the Servercert-wg mailing list