Mozilla votes Yes on ballot SC10. - Wayne
On Thu, Sep 27, 2018 at 5:26 PM Kirk Hall via Public <public@cabforum.org> wrote: > Voting ends on 4 October 2018 at 22:00 UTC. > > > > *From:* Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] *On > Behalf Of *Dimitris Zacharopoulos via Servercert-wg > *Sent:* Thursday, September 20, 2018 9:02 AM > *To:* CA/B Forum Server Certificate WG Public Discussion List < > servercert...@cabforum.org> > *Subject:* [Servercert-wg] Ballot SC10 – Establishing the Network > Security Subcommittee of the SCWG > Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG > Purpose of Ballot > > The Network Security Working Group of the CA/Browser Forum expired on June > 19, 2018 under the terms of Ballot 203 which established the Working Group. > The Server Certificate Working Group wishes to establish a Network Security > Subcommittee pursuant to Bylaws 5.3.1(e). > > The following motion has been proposed by Dimitris Zacharopoulos of HARICA > and endorsed by Tim Hollebeek of DigiCert and Wayne Thayer of Mozilla. > > *--- MOTION BEGINS ---* > > The Server Certificate Working Group hereby establishes the *Network > Security Subcommittee* as an official Subcommittee. > > *1. Mission: *To improve security policies and practices for Certificate > Management Systems encoded in the guidelines maintained by the SCWG. > > > * 2. End Date: *This Subcommittee shall continue until it is dissolved by > a vote of the SCWG > > *3. Deliverables: *The Network Security Subcommittee shall propose > ballots to the SCWG to improve the minimal security standards within the > mission defined above This includes modifying the existing Network and > Certificate System Security Requirements (NCSSR) or to create new > requirements, guidelines, or best practices. Among other activities, the > Network Security Subcommittee shall perform security analysis on typical CA > Management Systems offering options to the Server Certificate Working Group > for establishing minimal security standards. Risk analysis will also be > used to provide a better understanding of threats and vulnerabilities in > Certificate Management Systems. This process can be used to provide better > reasoning and justification of existing or future security guidelines. > > *4. Participation: *Any member of the SCWG is eligible and may declare > their participation in the Network Security Subcommittee by requesting to > be added to the mailing list. > > *5. Chair: *Ben Wilson shall be the initial Chair of the Network Security > Subcommittee. The Subcommittee may change its Chair from time to time by > consensus of the Members participating in the Subcommittee or by voting > method chosen by the Members by consensus. > > *6. Communication: *Subcommittee communications and documents shall be > posted on mailing-lists where the mail-archives are publicly accessible, > and the Subcommittee shall publish minutes of its meetings. > > *7. Effect of SCWG Charter or Forum Bylaws Amendment for Subcommittees: *In > the event the SCWG Charter or the Forum Bylaws is amended to add general > rules governing Chartered Working Group Subcommittees and how they operate > (“General Rules”), the provisions of the General Rules shall take > precedence over this charter. > > *--- MOTION ENDS ---* > > > > The procedure for approval of this ballot is as follows: > > *Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG* > > *Start time (22:00 UTC)* > > *End time (22:00 UTC)* > > Discussion (7 days) > > 20 September 2018 > > 27 September 2018 > > Vote for approval (7 days) > > 27 September 2018 > > 4 October 2018 > > > Additional Information (not part of Ballot) > > *Bylaws v1.9* > 5.3.1 Formation of Chartered Working Groups > > (e) CWGs may establish any number of subcommittees within its own Working > Group to address any of such CWG’s business (each, a “Subcommittee”). A > CWG-created Subcommittee needs to be approved by the CWG itself according > to the approval process set forth in the CWG charter, but approval of the > Forum is not necessary. Subcommittees must exist under an approved CWG. > > > > *Ballot 203: Formation of Network Security Working Group (v2)* > > > > Purpose of Ballot: To form a Network Security Working Group to re-evaluate > the CAB Forum's Network Security Guidelines. > > > > The following motion has been proposed by Gervase Markham of Mozilla and > endorsed by Jeremy Rowley of DigiCert and Moudrick Dadashov of SSC: > > > > -- MOTION BEGINS – > > > > In accordance with Section 5.3 of the CA/B Forum Bylaws, the chartering of > a new Working Group requires a ballot. This ballot charters the Network > Security Working Group. > > > > The CAB Forum's Network Security Guidelines were adopted in August 2012 > but have not been updated since. Significant doubts have been raised as to > their fitness for purpose in 2017. Therefore, the Working Group’s charter > will be as follows: > > > > Scope > > > > 1. Consider options for revising, replacing or scrapping the Network > Security Guidelines. > > > > Deliverables > > 1. A report with one or more proposals for the future of the Network > Security Guidelines. > > 2. For proposals involving replacement, details of the availability and > applicability of the proposed alternative, and what modifications if any > would be needed to it in order to make it suitable for use. > > 3. For proposals involving revision, details of the revisions that are > deemed necessary and how the document will be kept current in the future. > > 4. For proposals involving scrapping, an explanation of why this is > preferable to either of the other two options. > > 5. If there are multiple proposals, optionally a recommendation as to > which one to pursue and an associated timeline. > > 6. A form of ballot or ballots to implement any recommendations. > > > > Expiry > > The Working Group shall expire once the deliverables have been completed, > or on 2018-06-19, whichever happens first. The expiry date given above > shall be automatically postponed by 1 year on 2018-05-19 ("postponement > date") and each anniversary of the postponement date thereafter unless > three or more members separately or jointly request on the Public Mail > List, within one month prior to a particular postponement date, that expiry > of this Working Group not be postponed in that instance. > > > > -- MOTION ENDS -- > > > _______________________________________________ > Public mailing list > Public@cabforum.org > https://cabforum.org/mailman/listinfo/public >
_______________________________________________ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public