[cabfpub] CAB Forum Chair Candidate Statement

[Ben Wilson via Public]

Hi.

I'm Ben Wilson.

Many of you know me, but for those who may not, I am DigiCert's VP of
Compliance and have worked in PKI for approximately 20 years during which I
have been an active participant in the work of the CA/Browser Forum (CAB
Forum) and have held a variety of CABF leadership positions, including Chair
and Vice Chair, and I'd like for you to consider me for the position of
Chair again. Over the last couple of years, I have helped with the website
and maintenance of the guideline documents.  I've also helped run the Policy
Review, Network Security, and Governance Reform workgroups. I am an attorney
with several other relevant certifications, including MCSE, CISSP, and CISA.

I have a passion for PKI and am committed to staying current in our
ever-changing PKI industry. Because of this, I am deeply committed to seeing
the CAB Forum succeed in a positive, constructive way.  And, as a result of
our bylaw revisions, I would like to see the Forum grow and become more
relevant in the areas of code signing and client certificates. 

As Chair, I would be committed to following established procedures with
fairness.  I prefer that all voices be heard, and all sides considered,
before moving forward with solutions to the challenges that we face.  In
summary, I believe the Forum is a place where people can express their
opinions and seek solutions. 

It has been a great privilege to work with all of you, and I appreciate your
support in my candidacy for Forum Chair.

Sincerely yours,

Ben Wilson



smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

[Ryan Sleevi via Public]

On Fri, Aug 24, 2018 at 1:42 AM Dimitris Zacharopoulos via Servercert-wg <
servercert...@cabforum.org> wrote:

> I'm not sure if this has been discussed before (sorry if I missed did),
> but I would like to bring up the fact that there might be Subscribers
> who suffer a Key Compromise (like the ones distributed with their own
> software or embedded within customer devices), who would be willing to
> leave the compromised Certificate/Key out there until they find a way to
> replace it (that might take more than 24 hours or 5 days). This is a
> case where the Subscriber weighs the impact of Availability in the
> security properties of the offered service more than Confidentiality.
>

I don't agree that the Subscriber's wishes should trump the Relying
Parties. Otherwise, we never would have deprecated SHA-1 or RSA-1024.


>
> If a Subscriber doesn't want their Certificate revoked because that
> might have a significant impact/damage in their service Availability,
> isn't that something the ecosystem should respect and allow? Shouldn't
> this be treated on a case-by-case basis? I would be in favor of entering
> clauses in the BRs to allow more than 5 days before revocation for
> certain such cases, provided that the CA and the affected Subscriber
> would have to disclose the case to the CA/B Forum, as Ryan suggested in
> previous discussions. Just disclosing the fact should be enough. It
> would just be an additional option for the CAs and the Subscribers that
> would improve today's practices. As Jeremy demonstrated, there are
> several real cases today, where CAs try to extend the 24hours revocation
> window in order to balance that Availability risk for the Subscribers
> and -I might add- the Relying Parties that want to have access to the
> Subscriber's services. I believe there are RPs out there that value
> availability more than confidentiality. I'm not one of them, but... :)
>
>
> Thoughts?
> Dimitris.
>
>
> ___
> Servercert-wg mailing list
> servercert...@cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

[cabfpub] 答复: (Final? Update) Ballot FORUM-1: Establish Forum Infrastructure Working Group

[Xiu Lei via Public]

GDCA votes Yes on ballot FORUM-1.

 

Thanks.

  _  

Best regards,

Xiu Lei

Security Policy Committee

Global Digital Cybersecurity Authority CO., LTD. (GDCA) 

  http://www.gdca.com.cn 

 

发件人: public-boun...@cabforum.org [mailto:public-boun...@cabforum.org] 代表 Jos 
Purvis (jopurvis) via Public
发送时间: 2018年8月13日 10:47
收件人: CA/B Forum Public List
主题: [cabfpub] (Final? Update) Ballot FORUM-1: Establish Forum Infrastructure 
Working Group

 

I’ve updated the ballot with some suggestions from the group (thanks to 
Virginia and Kirk!). Since we can still squeak in 7 days’ discussion period 
before the voting period, I’ve not changed the voting start date: 20 August. 
The rationalized version including all the changes is below; a red-line version 
highlighting the changes follows it in case anyone wants to know what changed. 

 

Ballot FORUM-1: Establish Forum Infrastructure Working Group

 

Purpose of Ballot

The CA/Browser Forum has grown considerably over the last few years and is now 
dividing its work into multiple working groups to more carefully address 
specific certificate needs. The responsibilities of managing the various pieces 
components of infrastructure necessary for the Forum to conduct its work, such 
as the wiki and mailing lists, has grown considerably. With immense gratitude 
to each of the Forum members that have helped to provide this infrastructure, 
the work of managing it should no longer be left as a volunteer best-effort 
function of any single Forum member. This ballot would establish a working 
group chartered to help ensure the infrastructure supporting the Forum 
continues to meet its needs. 

 

The following motion has been proposed by Jos Purvis of Cisco and endorsed by 
Tim Hollebeek of Digicert and Wayne Thayer of Mozilla.

 

— MOTION BEGINS —

 

Establish Forum Infrastructure Working Group

 

Upon approval of the CAB Forum by ballot in accordance with section 5.3 of the 
Bylaws, the Forum Infrastructure Working Group (“FIWG”) is created to perform 
the activities as specified in this Charter, subject to the terms and 
conditions of the CA/Browser Forum Bylaws and Intellectual Property Rights 
(IPR) Policy, as such documents may change from time to time. The definitions 
found in the Forum’s Bylaws shall apply to capitalized terms in this Charter.

 

Scope

The authorized scope of the Forum Infrastructure Working Group shall be as 
follows:

1.  To oversee the acquisition, operation, and maintenance of the common 
CA/Browser Forum website and wiki resources;
2.  To coordinate updates to public and Forum-facing web and wiki content 
in support of the Forum Webmaster role established in the Bylaws;
3.  To create and manage the division of access and content spaces required 
to help ensure the separation of the work of various Working Groups and 
accompanying IP commitments, as described in the Forum’s IPR Policy;
4.  To manage the Forum-level email lists and to offer management of 
working-group and subcommittee mailing lists as needed in support of the Forum 
List Manager role established in the Bylaws;
5.  To perform other activities ancillary to the primary activities listed 
above.

 

Out of Scope

The following items are considered out of scope for the Working Group under 
this charter:

*   The FIWG will not address coordination of Forum or Working Group 
face-to-face meetings.
*   The FIWG will not create Final Guidelines or Final Maintenance 
Guidelines as defined in the Bylaws and IPR Policy.
*   The FIWG shall provide recommendations of infrastructure acquisition or 
use to the Forum, but shall not impose requirements upon the rest of the Forum.
*   The FIWG will not address the acquisition or maintenance of software or 
services used for online meetings of the Forum Plenary or Working Groups.

In addition to the above, the work of the FIWG in managing content updates to 
online content shall be offered to Working Groups and Subcommittees, but shall 
not supplant the responsibilities of Forum chairs or members to do so as 
required by the Bylaws.

 

Anticipated End Date

Given that the work of infrastructure support and management is expected to be 
consistent and ongoing, the FIWG is chartered without a specific end date. 
However, the FIWG may be dissolved at any time through a Forum ballot, as 
specified in the Bylaws, section 5.3.2c.

 

Personnel and Participation

Initial Chairs and Contacts

The proposer of the ballot, Jos Purvis, will act as chair of the FIWG until the 
first Working Group Teleconference, at which time the group will select a chair 
and vice-chair either through election or acclamation of those present. The 
chair and vice-chair will serve two-year terms, the first of which will start 
upon their election and run through 31 October 2020.

 

Members Eligible to Participate

The FIWG welcomes the participation of any Member organization of the Forum 
Plenary interested