HARICA votes "yes" to FORUM-17 ballot.
Dimitris.
On 16/12/2021 8:39 μ.μ., Ben Wilson via Public wrote:
Ballot FORUM-17, Create Network Security Working Group, is proposed by
Ben Wilson of Mozilla and endorsed by Tim Hollebeek of DigiCert and
David Kluge of Google.
The Voting Period for Ballot FORUM-17 begins today at 19:00 UTC and
ends on 23-Dec-2021 at 19:00 UTC.
*Overview*
In January 2013 the CA/Browser Forum’s “Network and Certificate System
Security Requirements” (NCSSRs) became effective. In June 2017, the
Forum chartered a Network Security Working Group to re-visit the
NCSSRs. That charter expired on June 19, 2018, and in October 2018,
the Server Certificate Working Group (SCWG) established a Network
Security Subcommittee (NetSec Subcommittee) to continue work on the
NCSSRs.
This ballot proposes to charter a new Network Security Working Group
(NetSec WG) to replace the NetSec Subcommittee, to continue work on
the NCSSRs, and to conduct any and all business related to improving
the security of Certification Authorities.
Following the passage of this ballot:
1. A new NetSec WG will be chartered under the CA/B Forum, pursuant to
section 5.3.1 of the Bylaws;
2. The Charter of the SCWG will be amended to remove the NCSSRs from
within the scope of the SCWG Charter;
3. The existing mailing list and other materials developed for the
NetSec Subcommittee will be repurposed for use by the NetSec WG;
4. The NetSec WG will produce and maintain versions of the NCSSRs; and
5. The NetSec WG will make security-related recommendations to other
Forum WGs for requirements or guidelines that are within their
purview, i.e. the BRs/EVGs of the SCWG, the Baseline Requirements for
Code Signing Certificates of the Code Signing Certificate Working
Group (CSCWG) or guidelines adopted by the S/MIME Certificate Working
Group (SMCWG).
*--- MOTION BEGINS ---*
The Charter of the Server Certificate Working Group, currently version
1.1, is amended by deleting references to the Network and Certificate
System Security Requirements, so that the Scope section of the Charter
will now read as follows:*
SCOPE:* The authorized scope of the Server Certificate Working Group
shall be as follows:
1. To specify Baseline Requirements, Extended Validation Guidelines,
and other acceptable practices for the issuance and management of
SSL/TLS server certificates used for authenticating servers accessible
through the Internet.
2. To update such requirements and guidelines from time to time, in
order to address both existing and emerging threats to online
security, including responsibility for the maintenance of and future
amendments to the current CA/Browser Forum Baseline Requirements and
Extended Validation Guidelines.
3. To perform such other activities that are ancillary to the primary
activities listed above.
See
https://github.com/cabforum/forum/commit/a55fd7d3939f4f24aa26e88399069afede2a1edf
The CA/Browser Forum creates the Network Security Working Group and
adopts the following Charter:
*Network Security Working Group Charter*
The Network Security Working Group (“NetSec WG”) is hereby created to
perform the activities as specified in this Charter, subject to the
terms and conditions of the CA/Browser Forum Bylaws
(https://cabforum.org/bylaws/) and Intellectual Property Rights (IPR)
Policy (https://cabforum.org/ipr-policy/), as such documents may
change from time to time. This charter for the NetSec WG has been
created according to CAB Forum Bylaw 5.3.1. In the event of a conflict
between this Charter and any provision in either the Bylaws or the IPR
Policy, the provision in the Bylaws or IPR Policy shall take
precedence. The definitions found in the Forum’s Bylaws shall apply to
capitalized terms in this Charter.
*1. Scope* – The scope of work performed by the NetSec WG includes:
1. To modify and maintain the existing Network and Certificate
System Security Requirements or a successor requirements document
(NCSSRs);
2. To make recommendations for improvements to security controls
in the requirements or guidelines adopted by other Forum WGs (e.g. see
sections 5 and 6 of the Baseline Requirements);
3. To create new requirements, guidelines, or recommended best
practices related to the security of CA operations;
4. To perform risk analyses, security analyses, and other types of
reviews of threats and vulnerabilities applicable to CA operations
involved in the issuance and maintenance of publicly trusted
certificates (e.g. server certificates, code signing certificates,
SMIME certificates, etc.); and
5. To perform other activities ancillary to the primary activities
listed above.
*2. Out of Scope* – The NetSec WG shall not adopt requirements,
Guidelines, or Maintenance Guidelines concerning certificate profiles,
validation processes, certificate issuance, certificate revocation, or
subscriber obligations, which are within the purview of the Server
Certificate Working Group (SCWG), the Code Signing Certificate Working
Group (CSCWG), or the S/MIME Certificate Working Group (SMCWG).
*3. End Date* – The NetSec WG shall continue until it is dissolved by
a vote of the CA/B Forum.
*4. Deliverables* – The NetSec WG shall be responsible for delivering
and maintaining the NCSSRs (version 1.7 shall remain valid until it is
replaced by a subsequent version) and any other documents the group
may choose to develop and maintain.
*5. Courtesy Notice of Proposed Amendments to the NCSSRs* – Discussion
and voting on any ballot to change the NCSSRs shall proceed within the
NetSec WG in accordance with sections 2.3 and 2.4 of the Bylaws.
Additionally, a courtesy notice of the proposed ballot and NetSec WG’s
discussion period shall be given to the SCWG, the CSCWG, and the SMCWG
via their Public Mail Lists.
*
6. Participation and Membership *– Membership in the NetSec WG shall
be limited to organizations that are Certificate Issuer Members or
Certificate Consumer Members of the SCWG, the CSCWG, or the SMCWG, who
may join the NetSec WG only with such status or class as they hold in
such other working groups.
In accordance with the IPR Policy, Members that choose to participate
in the NetSec WG must declare their participation, and class of
membership (Certificate Issuer or Certificate Consumer), and shall do
so prior to participating. A Member must declare its participation in
the NetSec WG by requesting to be added to the mailing list. The Chair
of the NetSec WG shall establish a list for declarations of
participation and manage it in accordance with the Bylaws, the IPR
Policy, and the IPR Agreement.
The NetSec WG shall include Interested Parties and Associate Members
as defined in the Bylaws.
Resignation from the NetSec WG does not prevent a participant from
potentially having continuing obligations under the Forum’s IPR Policy
or any other document.
*7. Voting Structure*
The NetSec WG shall consist of two classes of voting members,
Certificate Issuers and Certificate Consumers. In order for a ballot
to be adopted by the NetSec WG, two-thirds or more of the votes cast
by the Certificate Issuers must be in favor of the ballot and more
than 50% of the votes cast by the Certificate Consumers must be in
favor of the ballot. At least one member of each class must vote in
favor of a ballot for it to be adopted. Quorum is the average number
of Member organizations (cumulative, regardless of Class) that have
participated in the previous three NetSec WG Meetings or
Teleconferences (not counting subcommittee meetings thereof). For
transition purposes, if three meetings have not yet occurred, then
quorum is ten (10).
*8. Leadership*
*Chair *– Clint Wilson shall be the initial Chair of the NetSec WG.
*
Vice-Chair* – David Kluge shall be the initial Vice-Chair of the
NetSec WG.
*Term.* The Chair and Vice-Chair will serve until October 31, 2022, or
until they are replaced, resign, or are otherwise disqualified.
Thereafter, elections shall be held for chair and vice chair every two
years in coordination with the Forum’s election process and in
conjunction with its election cycle. Voting shall occur in accordance
with Bylaw 4.1(c). In the event of a midterm vacancy, the NetSec WG
will hold a special election and the selected candidate will serve the
remainder of the existing term.
*
9. Communication* – NetSec WG communications and documents, including
minutes of meetings, shall be posted on mailing-lists where the
mail-archives are publicly accessible or on the Forum’s website.
*10. IPR Policy* – The CA/Browser Forum Intellectual Rights Policy, v.
1.3 or later, shall apply to all Working Group activity.
*11. Other Organizational Matters*
Reserved.
*Effect of Forum Bylaws Amendment on Working Group* - In the event
that Forum Bylaws are amended to add or modify general rules governing
Forum Working Groups and how they operate, such provisions of the
Bylaws take precedence over this charter.
See
https://github.com/cabforum/forum/pull/23/files#diff-cf5513a8c4dabce6e3364691537b74a7d2faa1af8dc9e1ee8ce9b2d7759c9406
--- MOTION ENDS ---
The procedure for approval of this ballot is as follows:
Discussion (7+ days)
Start Time: 2021-12-09 18:00:00 UTC
End Time: 2021-12-16 19:00:00 UTC
Vote for approval (7 days)
Start Time: 2021-12-16 19:00 UTC
End Time: 2021-12-23 19:00:00 UTC
_______________________________________________
Public mailing list
[email protected]
https://lists.cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
[email protected]
https://lists.cabforum.org/mailman/listinfo/public
