OISTE votes Yes to Forum-17
> Le 16 déc. 2021 à 19:39, Ben Wilson via Public <[email protected]> a écrit : > > > Ballot FORUM-17, Create Network Security Working Group, is proposed by Ben > Wilson of Mozilla and endorsed by Tim Hollebeek of DigiCert and David Kluge > of Google. > > The Voting Period for Ballot FORUM-17 begins today at 19:00 UTC and ends on > 23-Dec-2021 at 19:00 UTC. > > Overview > > In January 2013 the CA/Browser Forum’s “Network and Certificate System > Security Requirements” (NCSSRs) became effective. In June 2017, the Forum > chartered a Network Security Working Group to re-visit the NCSSRs. That > charter expired on June 19, 2018, and in October 2018, the Server Certificate > Working Group (SCWG) established a Network Security Subcommittee (NetSec > Subcommittee) to continue work on the NCSSRs. > > This ballot proposes to charter a new Network Security Working Group (NetSec > WG) to replace the NetSec Subcommittee, to continue work on the NCSSRs, and > to conduct any and all business related to improving the security of > Certification Authorities. > > Following the passage of this ballot: > > 1. A new NetSec WG will be chartered under the CA/B Forum, pursuant to > section 5.3.1 of the Bylaws; > 2. The Charter of the SCWG will be amended to remove the NCSSRs from within > the scope of the SCWG Charter; > 3. The existing mailing list and other materials developed for the NetSec > Subcommittee will be repurposed for use by the NetSec WG; > 4. The NetSec WG will produce and maintain versions of the NCSSRs; and > 5. The NetSec WG will make security-related recommendations to other Forum > WGs for requirements or guidelines that are within their purview, i.e. the > BRs/EVGs of the SCWG, the Baseline Requirements for Code Signing Certificates > of the Code Signing Certificate Working Group (CSCWG) or guidelines adopted > by the S/MIME Certificate Working Group (SMCWG). > > --- MOTION BEGINS --- > > The Charter of the Server Certificate Working Group, currently version 1.1, > is amended by deleting references to the Network and Certificate System > Security Requirements, so that the Scope section of the Charter will now read > as follows: > > SCOPE: The authorized scope of the Server Certificate Working Group shall be > as follows: > > 1. To specify Baseline Requirements, Extended Validation Guidelines, and > other acceptable practices for the issuance and management of SSL/TLS server > certificates used for authenticating servers accessible through the Internet. > > 2. To update such requirements and guidelines from time to time, in order to > address both existing and emerging threats to online security, including > responsibility for the maintenance of and future amendments to the current > CA/Browser Forum Baseline Requirements and Extended Validation Guidelines. > > 3. To perform such other activities that are ancillary to the primary > activities listed above. > > See > https://github.com/cabforum/forum/commit/a55fd7d3939f4f24aa26e88399069afede2a1edf > > The CA/Browser Forum creates the Network Security Working Group and adopts > the following Charter: > > Network Security Working Group Charter > > The Network Security Working Group (“NetSec WG”) is hereby created to perform > the activities as specified in this Charter, subject to the terms and > conditions of the CA/Browser Forum Bylaws (https://cabforum.org/bylaws/) and > Intellectual Property Rights (IPR) Policy (https://cabforum.org/ipr-policy/), > as such documents may change from time to time. This charter for the NetSec > WG has been created according to CAB Forum Bylaw 5.3.1. In the event of a > conflict between this Charter and any provision in either the Bylaws or the > IPR Policy, the provision in the Bylaws or IPR Policy shall take precedence. > The definitions found in the Forum’s Bylaws shall apply to capitalized terms > in this Charter. > > 1. Scope – The scope of work performed by the NetSec WG includes: > > 1. To modify and maintain the existing Network and Certificate System > Security Requirements or a successor requirements document (NCSSRs); > 2. To make recommendations for improvements to security controls in the > requirements or guidelines adopted by other Forum WGs (e.g. see sections 5 > and 6 of the Baseline Requirements); > 3. To create new requirements, guidelines, or recommended best practices > related to the security of CA operations; > 4. To perform risk analyses, security analyses, and other types of > reviews of threats and vulnerabilities applicable to CA operations involved > in the issuance and maintenance of publicly trusted certificates (e.g. server > certificates, code signing certificates, SMIME certificates, etc.); and > 5. To perform other activities ancillary to the primary activities listed > above. > > 2. Out of Scope – The NetSec WG shall not adopt requirements, Guidelines, or > Maintenance Guidelines concerning certificate profiles, validation processes, > certificate issuance, certificate revocation, or subscriber obligations, > which are within the purview of the Server Certificate Working Group (SCWG), > the Code Signing Certificate Working Group (CSCWG), or the S/MIME Certificate > Working Group (SMCWG). > > 3. End Date – The NetSec WG shall continue until it is dissolved by a vote of > the CA/B Forum. > > 4. Deliverables – The NetSec WG shall be responsible for delivering and > maintaining the NCSSRs (version 1.7 shall remain valid until it is replaced > by a subsequent version) and any other documents the group may choose to > develop and maintain. > > 5. Courtesy Notice of Proposed Amendments to the NCSSRs – Discussion and > voting on any ballot to change the NCSSRs shall proceed within the NetSec WG > in accordance with sections 2.3 and 2.4 of the Bylaws. Additionally, a > courtesy notice of the proposed ballot and NetSec WG’s discussion period > shall be given to the SCWG, the CSCWG, and the SMCWG via their Public Mail > Lists. > > 6. Participation and Membership – Membership in the NetSec WG shall be > limited to organizations that are Certificate Issuer Members or Certificate > Consumer Members of the SCWG, the CSCWG, or the SMCWG, who may join the > NetSec WG only with such status or class as they hold in such other working > groups. > > In accordance with the IPR Policy, Members that choose to participate in the > NetSec WG must declare their participation, and class of membership > (Certificate Issuer or Certificate Consumer), and shall do so prior to > participating. A Member must declare its participation in the NetSec WG by > requesting to be added to the mailing list. The Chair of the NetSec WG shall > establish a list for declarations of participation and manage it in > accordance with the Bylaws, the IPR Policy, and the IPR Agreement. > > The NetSec WG shall include Interested Parties and Associate Members as > defined in the Bylaws. > > Resignation from the NetSec WG does not prevent a participant from > potentially having continuing obligations under the Forum’s IPR Policy or any > other document. > > 7. Voting Structure > > The NetSec WG shall consist of two classes of voting members, Certificate > Issuers and Certificate Consumers. In order for a ballot to be adopted by the > NetSec WG, two-thirds or more of the votes cast by the Certificate Issuers > must be in favor of the ballot and more than 50% of the votes cast by the > Certificate Consumers must be in favor of the ballot. At least one member of > each class must vote in favor of a ballot for it to be adopted. Quorum is the > average number of Member organizations (cumulative, regardless of Class) that > have participated in the previous three NetSec WG Meetings or Teleconferences > (not counting subcommittee meetings thereof). For transition purposes, if > three meetings have not yet occurred, then quorum is ten (10). > > 8. Leadership > > Chair – Clint Wilson shall be the initial Chair of the NetSec WG. > > Vice-Chair – David Kluge shall be the initial Vice-Chair of the NetSec WG. > > Term. The Chair and Vice-Chair will serve until October 31, 2022, or until > they are replaced, resign, or are otherwise disqualified. Thereafter, > elections shall be held for chair and vice chair every two years in > coordination with the Forum’s election process and in conjunction with its > election cycle. Voting shall occur in accordance with Bylaw 4.1(c). In the > event of a midterm vacancy, the NetSec WG will hold a special election and > the selected candidate will serve the remainder of the existing term. > > 9. Communication – NetSec WG communications and documents, including minutes > of meetings, shall be posted on mailing-lists where the mail-archives are > publicly accessible or on the Forum’s website. > > 10. IPR Policy – The CA/Browser Forum Intellectual Rights Policy, v. 1.3 or > later, shall apply to all Working Group activity. > > 11. Other Organizational Matters > > Reserved. > > Effect of Forum Bylaws Amendment on Working Group - In the event that Forum > Bylaws are amended to add or modify general rules governing Forum Working > Groups and how they operate, such provisions of the Bylaws take precedence > over this charter. > > See > https://github.com/cabforum/forum/pull/23/files#diff-cf5513a8c4dabce6e3364691537b74a7d2faa1af8dc9e1ee8ce9b2d7759c9406 > > --- MOTION ENDS --- > > > The procedure for approval of this ballot is as follows: > > Discussion (7+ days) > > Start Time: 2021-12-09 18:00:00 UTC > > End Time: 2021-12-16 19:00:00 UTC > > Vote for approval (7 days) > > Start Time: 2021-12-16 19:00 UTC > > End Time: 2021-12-23 19:00:00 UTC > > > > _______________________________________________ > Public mailing list > [email protected] > https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_public&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=cd1W1sExCzdchMRWnpHfGSyDdxM_7oix_suEBzze9Oo&s=kExKCW9Qk19ocOIL6N9v3Cn93WJWwq4EXmIu_0ZOfwQ&e=
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/public
