Thanks for the list, Wayne. Responses inline. Remember, a Subcommittee has no real power, it’s just a place where members interested in a subject who want to be involved in drafting proposals for the whole SCWG can work together – we have 10+ years of successful experience with this approach, and are just continuing it at the SCWG level.
[Wayne] To respond to Kirk's question about subjects that need to be better defined, here is a start: * Do Subcommittees have Chairs and if so how are they appointed? [KH] Yes, for the same reason we had Chairs for old-style Working Groups of the Forum. There is no change here (BTW, our Bylaws didn’t include rules for old WG Chairs either – somehow it all worked out). Dean has correctly listed what a Chair does. * How are Subcommittees chartered? (are they chartered?) [KH] Same as in the past when we created old-style WGs of the Forum – by ballots, in this case SCWG ballots. No change here. * What are the required contents of a Subcommittee charter? [KH] Same as in the past when we created old-style WGs of the Forum – by ballot language. We never had problems in drafting the ballots that created old WGs of the Forum – see Ballots 109, 128, 138, 143, 165, and 203. No change here. What problem do you see from following our past procedure? * How are Subcommittees operated? [KH] In the same fashion as old WGs of the Forum were operated – teleconferences and informal procedures. No change here. * What information is public/private? Do they have their own mailing lists? [KH] Same as the way information was handled for the old WGs of the Forum – I think old WG information has always been posted to the Public list, so the new Subcommittees will simply post to the SCWG list, which is public. No change here. * How are Subcommittees dissolved? [KH] In the same fashion as old WGs of the Forum were handled. If a Subcommittee has no work to do, it can stop meeting until it has more work, or I suppose we can have a new ballot to dissolve the Subcommittee, if we care. Most Subcommittees will have ongoing work to do (Validation, NetSec), so should be perpetual. We may create other Subcommittees that should have a specific termination date in the ballot that creates the Subcommittee it if we believe that is appropriate, as we did once in the past. No change here. I just can’t see why we are making this so difficult. I really don’t think we should delay Ballot SC10 to establish a Network Security Subcommittee just to think about these issues again or change the Bylaws yet again – we need to resume work on reviewing the NCSSRs and can simply follow our past practices. If the ballot fails, it fails and we can start over again. So I am still looking for endorsers for Ballot SC10 – this draft was based on Dimitris’ draft from last July. Any endorsers so we can start the official discussion period? (We will still consider additional amendments if members want to offer them.) From: Public [mailto:[email protected]] On Behalf Of Wayne Thayer via Public Sent: Thursday, September 13, 2018 5:15 PM To: Ryan Sleevi <[email protected]> Cc: CA/Browser Forum Public Discussion List <[email protected]> Subject: [EXTERNAL]Re: [cabfpub] Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG ________________________________ On Thu, Sep 13, 2018 at 5:05 PM Ryan Sleevi <[email protected]<mailto:[email protected]>> wrote: Why does a subcommittee need this? How can we answer that when we don't know what the heck a Subcommittee is? I would characterize the problem as more than confusion, which implies that there is a correct answer to these Subcommittee questions if only we looked at the right section of the Bylaws or SCWG Charter. To respond to Kirk's question about subjects that need to be better defined, here is a start: * Do Subcommittees have Chairs and if so how are they appointed? * How are Subcommittees chartered? (are they chartered?) * What are the required contents of a Subcommittee charter? * How are Subcommittees operated? * What information is public/private? Do they have their own mailing lists? * How are Subcommittees dissolved? On Thu, Sep 13, 2018 at 8:01 PM Dean Coclin <[email protected]<mailto:[email protected]>> wrote: Perhaps rather than “chairs”, they should be called “leaders”. These are people that lead the discussion, create agendas, minutes, etc. It’s an informal role, serving as a titular head only. From: Public <[email protected]<mailto:[email protected]>> On Behalf Of Ryan Sleevi via Public Sent: Thursday, September 13, 2018 7:56 PM To: Wayne Thayer <[email protected]<mailto:[email protected]>> Cc: CABFPub <[email protected]<mailto:[email protected]>> Subject: Re: [cabfpub] Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG I think that's what the past suggestion was, and I think it's a good suggestion. There's no process defined in the CWG for establishment, and I think there's still some confusion among some members about how the new Bylaws look - because we're not establishing CWGs (which have IP considerations), but Subcommittees. We don't need chairs for Subcommittees, there's not a voting process defined for Subcommittees, and it seems there's confusion on Subcommittees relation to minutes and such. I think we say the option is these LWGs is to terminate (as LWGs), and further discussions continue on within the SCWG to resolve - things like ballots for the SCWG and Subcommittees. There's no urgency to convert to a subcommittee or continue as a CWG. On Thu, Sep 13, 2018 at 7:11 PM Wayne Thayer <[email protected]<mailto:[email protected]>> wrote: Would it be helpful to take a step back and propose an amendment to the Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I would be willing to work on that. Meanwhile, if the Network Security WG left some urgent work unfinished, nothing prevents SCWG members from collaborating outside of the Subcommittee structure. On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <[email protected]<mailto:[email protected]>> wrote: I think that, without incorporating or responding to feedback, we will be opposed to this ballot. I agree that it's unfortunate we have gotten nowhere - but it's equally unfortunate to have spent two months without responding to any of the substance of the issues. It's great to see progress, but making small steps doesn't excuse leaving glaring issues. It's better to let these fall down than to support them with fundamental flaws. Concrete feedback is: Delete: "These renewed NCSSR documents will serve CAs, auditors and browsers in giving a state of the art set of rules for the deployment and operation of CAs computing infrastructures." Rationale: That presumes this output will be valid/valuable. Delete: "The Subcommittee may choose its own initial Chair." Rationale: Subcommittees don't have Chairs and votes. They're just meetings of the CWG with focus. Delete: "The Network Security Subcommittee shall produce one or more documents offering options to the Forum for establishing minimal security standards within the scope defined above, which may be used to modify the existing NCSSRs." Rationale: This is a pretty much a non-scope as worded, but worse, precludes some of the very activities you want to do. For example, reforming existing requirements doesn't establish minimums, so is out of scope. Obviously, that leaves you with nothing left. Hopefully there's something concrete you think should remain, and you can suggest improvements there. On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <[email protected]<mailto:[email protected]>> wrote: On this ballot and Ballot SC10, I’m only going to consider comments and criticisms that propose specific alternate language that you will support. We have spent two months on creation of Subcommittees that simply continue the work we have been doing., and getting nowhere. Time to finish up! Do you have specific alternate ballot language you want the Members to consider? If so, please post. From: Ryan Sleevi [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, September 13, 2018 2:55 PM To: Kirk Hall <[email protected]<mailto:[email protected]>>; CABFPub <[email protected]<mailto:[email protected]>> Subject: [EXTERNAL]Re: [cabfpub] Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <[email protected]<mailto:[email protected]>> wrote: Scope: Revising and improving the Network and Certificate Systems Security Requirements (NCSSRs). Out of Scope: No provision. Deliverables: The Network Security Subcommittee shall produce one or more documents offering options to the Forum for establishing minimal security standards within the scope defined above, which may be used to modify the existing NCSSRs. These renewed NCSSR documents will serve CAs, auditors and browsers in giving a state of the art set of rules for the deployment and operation of CAs computing infrastructures. The Subcommittee may choose its own initial Chair. Is this Deliverable correct? Is that scope correct? The previous WG produced (only after significant prodding) a statement about 'options' - which was to modifying the existing NCSSRs. It seems like we're talking now about concrete recommendations for changes, and it seems more relevant to note what is in scope or out of scope. I disagree that the deliverable affirmatively stating "will serve CA, auditors, and browsers". However, there's other, more fundamental problems. Most notable is that Subcommittees aren't established to have Chairs - the point of the rework of the Bylaws was to make it clearer what activities are done and how they fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The other is that the SCWG does not yet have a defined process for the establishment of subcommittees. _______________________________________________ Public mailing list [email protected]<mailto:[email protected]> https://cabforum.org/mailman/listinfo/public
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
