Mozilla vote "YES" on Ballot FORUM-17. On Thu, Dec 16, 2021 at 11:39 AM Ben Wilson <bwil...@mozilla.com> wrote:
> Ballot FORUM-17, Create Network Security Working Group, is proposed by > Ben Wilson of Mozilla and endorsed by Tim Hollebeek of DigiCert and David > Kluge of Google. > > The Voting Period for Ballot FORUM-17 begins today at 19:00 UTC and ends > on 23-Dec-2021 at 19:00 UTC. > > *Overview* > > In January 2013 the CA/Browser Forum’s “Network and Certificate System > Security Requirements” (NCSSRs) became effective. In June 2017, the Forum > chartered a Network Security Working Group to re-visit the NCSSRs. That > charter expired on June 19, 2018, and in October 2018, the Server > Certificate Working Group (SCWG) established a Network Security > Subcommittee (NetSec Subcommittee) to continue work on the NCSSRs. > > This ballot proposes to charter a new Network Security Working Group > (NetSec WG) to replace the NetSec Subcommittee, to continue work on the > NCSSRs, and to conduct any and all business related to improving the > security of Certification Authorities. > > Following the passage of this ballot: > > 1. A new NetSec WG will be chartered under the CA/B Forum, pursuant to > section 5.3.1 of the Bylaws; > 2. The Charter of the SCWG will be amended to remove the NCSSRs from > within the scope of the SCWG Charter; > 3. The existing mailing list and other materials developed for the NetSec > Subcommittee will be repurposed for use by the NetSec WG; > 4. The NetSec WG will produce and maintain versions of the NCSSRs; and > 5. The NetSec WG will make security-related recommendations to other Forum > WGs for requirements or guidelines that are within their purview, i.e. the > BRs/EVGs of the SCWG, the Baseline Requirements for Code Signing > Certificates of the Code Signing Certificate Working Group (CSCWG) or > guidelines adopted by the S/MIME Certificate Working Group (SMCWG). > > *--- MOTION BEGINS ---* > > > The Charter of the Server Certificate Working Group, currently version > 1.1, is amended by deleting references to the Network and Certificate > System Security Requirements, so that the Scope section of the Charter will > now read as follows: > > * SCOPE:* The authorized scope of the Server Certificate Working Group > shall be as follows: > > 1. To specify Baseline Requirements, Extended Validation Guidelines, and > other acceptable practices for the issuance and management of SSL/TLS > server certificates used for authenticating servers accessible through the > Internet. > > 2. To update such requirements and guidelines from time to time, in order > to address both existing and emerging threats to online security, including > responsibility for the maintenance of and future amendments to the current > CA/Browser Forum Baseline Requirements and Extended Validation Guidelines. > > 3. To perform such other activities that are ancillary to the primary > activities listed above. > > See > https://github.com/cabforum/forum/commit/a55fd7d3939f4f24aa26e88399069afede2a1edf > > The CA/Browser Forum creates the Network Security Working Group and adopts > the following Charter: > > *Network Security Working Group Charter* > > The Network Security Working Group (“NetSec WG”) is hereby created to > perform the activities as specified in this Charter, subject to the terms > and conditions of the CA/Browser Forum Bylaws (https://cabforum.org/bylaws/) > and Intellectual Property Rights (IPR) Policy ( > https://cabforum.org/ipr-policy/), as such documents may change from time > to time. This charter for the NetSec WG has been created according to CAB > Forum Bylaw 5.3.1. In the event of a conflict between this Charter and any > provision in either the Bylaws or the IPR Policy, the provision in the > Bylaws or IPR Policy shall take precedence. The definitions found in the > Forum’s Bylaws shall apply to capitalized terms in this Charter. > > *1. Scope* – The scope of work performed by the NetSec WG includes: > > 1. To modify and maintain the existing Network and Certificate System > Security Requirements or a successor requirements document (NCSSRs); > 2. To make recommendations for improvements to security controls in > the requirements or guidelines adopted by other Forum WGs (e.g. see > sections 5 and 6 of the Baseline Requirements); > 3. To create new requirements, guidelines, or recommended best > practices related to the security of CA operations; > 4. To perform risk analyses, security analyses, and other types of > reviews of threats and vulnerabilities applicable to CA operations involved > in the issuance and maintenance of publicly trusted certificates (e.g. > server certificates, code signing certificates, SMIME certificates, etc.); > and > 5. To perform other activities ancillary to the primary activities > listed above. > > *2. Out of Scope* – The NetSec WG shall not adopt requirements, > Guidelines, or Maintenance Guidelines concerning certificate profiles, > validation processes, certificate issuance, certificate revocation, or > subscriber obligations, which are within the purview of the Server > Certificate Working Group (SCWG), the Code Signing Certificate Working > Group (CSCWG), or the S/MIME Certificate Working Group (SMCWG). > > *3. End Date* – The NetSec WG shall continue until it is dissolved by a > vote of the CA/B Forum. > > *4. Deliverables* – The NetSec WG shall be responsible for delivering and > maintaining the NCSSRs (version 1.7 shall remain valid until it is replaced > by a subsequent version) and any other documents the group may choose to > develop and maintain. > > *5. Courtesy Notice of Proposed Amendments to the NCSSRs* – Discussion > and voting on any ballot to change the NCSSRs shall proceed within the > NetSec WG in accordance with sections 2.3 and 2.4 of the Bylaws. > Additionally, a courtesy notice of the proposed ballot and NetSec WG’s > discussion period shall be given to the SCWG, the CSCWG, and the SMCWG via > their Public Mail Lists. > > * 6. Participation and Membership *– Membership in the NetSec WG shall be > limited to organizations that are Certificate Issuer Members or Certificate > Consumer Members of the SCWG, the CSCWG, or the SMCWG, who may join the > NetSec WG only with such status or class as they hold in such other working > groups. > > In accordance with the IPR Policy, Members that choose to participate in > the NetSec WG must declare their participation, and class of membership > (Certificate Issuer or Certificate Consumer), and shall do so prior to > participating. A Member must declare its participation in the NetSec WG by > requesting to be added to the mailing list. The Chair of the NetSec WG > shall establish a list for declarations of participation and manage it in > accordance with the Bylaws, the IPR Policy, and the IPR Agreement. > > The NetSec WG shall include Interested Parties and Associate Members as > defined in the Bylaws. > > Resignation from the NetSec WG does not prevent a participant from > potentially having continuing obligations under the Forum’s IPR Policy or > any other document. > > *7. Voting Structure* > > The NetSec WG shall consist of two classes of voting members, Certificate > Issuers and Certificate Consumers. In order for a ballot to be adopted by > the NetSec WG, two-thirds or more of the votes cast by the Certificate > Issuers must be in favor of the ballot and more than 50% of the votes cast > by the Certificate Consumers must be in favor of the ballot. At least one > member of each class must vote in favor of a ballot for it to be adopted. > Quorum is the average number of Member organizations (cumulative, > regardless of Class) that have participated in the previous three NetSec WG > Meetings or Teleconferences (not counting subcommittee meetings thereof). > For transition purposes, if three meetings have not yet occurred, then > quorum is ten (10). > > *8. Leadership* > > *Chair *– Clint Wilson shall be the initial Chair of the NetSec WG. > > * Vice-Chair* – David Kluge shall be the initial Vice-Chair of the NetSec > WG. > > *Term.* The Chair and Vice-Chair will serve until October 31, 2022, or > until they are replaced, resign, or are otherwise disqualified. Thereafter, > elections shall be held for chair and vice chair every two years in > coordination with the Forum’s election process and in conjunction with its > election cycle. Voting shall occur in accordance with Bylaw 4.1(c). In the > event of a midterm vacancy, the NetSec WG will hold a special election and > the selected candidate will serve the remainder of the existing term. > > * 9. Communication* – NetSec WG communications and documents, including > minutes of meetings, shall be posted on mailing-lists where the > mail-archives are publicly accessible or on the Forum’s website. > > *10. IPR Policy* – The CA/Browser Forum Intellectual Rights Policy, v. > 1.3 or later, shall apply to all Working Group activity. > > *11. Other Organizational Matters* > > Reserved. > > *Effect of Forum Bylaws Amendment on Working Group* - In the event that > Forum Bylaws are amended to add or modify general rules governing Forum > Working Groups and how they operate, such provisions of the Bylaws take > precedence over this charter. > > See > https://github.com/cabforum/forum/pull/23/files#diff-cf5513a8c4dabce6e3364691537b74a7d2faa1af8dc9e1ee8ce9b2d7759c9406 > > --- MOTION ENDS --- > > > The procedure for approval of this ballot is as follows: > > Discussion (7+ days) > > Start Time: 2021-12-09 18:00:00 UTC > > End Time: 2021-12-16 19:00:00 UTC > > Vote for approval (7 days) > > Start Time: 2021-12-16 19:00 UTC > > End Time: 2021-12-23 19:00:00 UTC > > >
_______________________________________________ Public mailing list Public@cabforum.org https://lists.cabforum.org/mailman/listinfo/public