[Servercert-wg] Ballot SC-066: Fall 2023 Clean-up v3

Tobias S. Josefowitz tobij at opera.com
Mon Nov 6 12:05:56 UTC 2023

Hi Inigo,

On Mon, 6 Nov 2023, Inigo Barreira via Servercert-wg wrote:

> - Motion Begins -
> This ballot modifies the "Baseline Requirements for the Issuance and 
> Management of Publicly-Trusted Certificates" ("Baseline Requirements"), 
> based on Version 2.0.1.
> MODIFY the Baseline Requirements as specified in the following Pull Request:
> Comparing 
> 90a98dc7c1131eaab01af411968aa7330d315b9b...d2ad035a4acb3ee78d7f4713afd0479892bda08d 
> · cabforum/servercert 
> (github.com)<https://github.com/cabforum/servercert/compare/90a98dc7c1131eaab01af411968aa7330d315b9b...d2ad035a4acb3ee78d7f4713afd0479892bda08d>

Regarding the change from

   Network and Certificate System Security Requirements, Version 1.7,
   available at


   Network and Certificate System Security Requirements, available at

I wonder, who has authority over 
https://cabforum.org/network-security-requirements/, i.e. the ability to 
publish new versions there? Is it the NetSec WG?

I seem to remember that, when the NetSec WG was formed, there were 
concerns raised related to maintaining the NCSSRs in a WG that not all 
members of all WGs that produce documents referencing the NCSSRs are 
members of. If I remember correctly, this related both to the IPR 
situation as well as the normative content. I seem to remember that the 
concensus at the time was that other WGs would incorporate new versions of 
the NCSSRs by versioned reference, and that that would alleviate most of 
the problems.

Whether I remember this wrong or not, if the effect is that the NetSec WG 
gets to make normative changes to the SCWG BRs by reference as a result of 
this change, then I don't think it is appropriate to do this as part of a 
"Clean-up" Ballot.


More information about the Servercert-wg mailing list