CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot SC-10: Establishing the Network Security Subcommittee of the SCWG

Ballot SC-10: Establishing the Network Security Subcommittee of the SCWG

The voting period for Ballot SC10 has ended and the ballot has passed. Here are the results.

Voting by CAs – 18 votes total including abstentions 18 Yes votes: Buypass, Camerfirma, CFCA, Chunghwa Telecom, D-TRUST, DigiCert, Disig, Entrust Datacard, Firmaprofesional, GDCA, GlobalSign, HARICA, QuoVadis, SSL.com, TWCA, TrustCor, Trustwave, Visa 0 No votes: 0 Abstain: 100% of voting CAs voted in favor

Voting by browsers – 4 votes total including abstentions 4 Yes votes: Cisco, Microsoft, Mozilla, 360 0 No votes: 0 Abstain: 100% of voting browsers voted in favor

Under Bylaw 2.2(g), a ballot result will be considered valid only when more than half of the number of currently active Members has participated. Votes to abstain are counted in determining a quorum. Half of currently active Members as of the start of voting is 11, so quorum was 12 votes – quorum was met.

Bylaw 2.2(f) requires a yes vote by two-thirds of CA votes and 50%-plus-one browser votes for approval. Votes to abstain are not counted for this purpose. This requirement was met for both CAs and browsers.

At least one CA Member and one browser Member must vote in favor of a ballot for the ballot to be adopted. This requirement was met.

The ballot passes.

Purpose of Ballot

The Network Security Working Group of the CA/Browser Forum expired on June 19, 2018 under the terms of Ballot 203 which established the Working Group. The Server Certificate Working Group wishes to establish a Network Security Subcommittee pursuant to Bylaws 5.3.1(e).

The following motion has been proposed by Dimitris Zacharopoulos of HARICA and endorsed by Tim Hollebeek of DigiCert and Wayne Thayer of Mozilla.

Motion begins

The Server Certificate Working Group hereby establishes the Network Security Subcommittee as an official Subcommittee.

**1. Mission: To improve security policies and practices for Certificate Management Systems encoded in the guidelines maintained by the SCWG. 2. End Date: **This Subcommittee shall continue until it is dissolved by a vote of the SCWG

**3. Deliverables: **The Network Security Subcommittee shall propose ballots to the SCWG to improve the minimal security standards within the mission defined above This includes modifying the existing Network and Certificate System Security Requirements (NCSSR) or to create new requirements, guidelines, or best practices. Among other activities, the Network Security Subcommittee shall perform security analysis on typical CA Management Systems offering options to the Server Certificate Working Group for establishing minimal security standards. Risk analysis will also be used to provide a better understanding of threats and vulnerabilities in Certificate Management Systems. This process can be used to provide better reasoning and justification of existing or future security guidelines.

**4. Participation: **Any member of the SCWG is eligible and may declare their participation in the Network Security Subcommittee by requesting to be added to the mailing list.

**5. Chair: Ben Wilson **shall be the initial Chair of the Network Security Subcommittee. The Subcommittee may change its Chair from time to time by consensus of the Members participating in the Subcommittee or by voting method chosen by the Members by consensus.

**6. Communication: **Subcommittee communications and documents shall be posted on mailing-lists where the mail-archives are publicly accessible, and the Subcommittee shall publish minutes of its meetings.

**7. Effect of SCWG Charter or Forum Bylaws Amendment for Subcommittees: **In the event the SCWG Charter or the Forum Bylaws is amended to add general rules governing Chartered Working Group Subcommittees and how they operate (“General Rules”), the provisions of the General Rules shall take precedence over this charter.

Motion ends

The procedure for approval of this ballot is as follows:

Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

Start time (22:00 UTC)End time (22:00 UTC)
Discussion (7 days)20 September 201827 September 2018
Vote for approval (7 days)27 September 20184 October 2018

Additional Information (not part of Ballot)

Bylaws v1.9

5.3.1 Formation of Chartered Working Groups

(e) CWGs may establish any number of subcommittees within its own Working Group to address any of such CWG’s business (each, a “Subcommittee”). A CWG-created Subcommittee needs to be approved by the CWG itself according to the approval process set forth in the CWG charter, but approval of the Forum is not necessary. Subcommittees must exist under an approved CWG.

Ballot 203: Formation of Network Security Working Group (v2)

Purpose of Ballot: To form a Network Security Working Group to re-evaluate the CAB Forum’s Network Security Guidelines.

The following motion has been proposed by Gervase Markham of Mozilla and endorsed by Jeremy Rowley of DigiCert and Moudrick Dadashov of SSC:

Motion begins

In accordance with Section 5.3 of the CA/B Forum Bylaws, the chartering of a new Working Group requires a ballot. This ballot charters the Network Security Working Group.

The CAB Forum’s Network Security Guidelines were adopted in August 2012 but have not been updated since. Significant doubts have been raised as to their fitness for purpose in 2017. Therefore, the Working Group’s charter will be as follows:

Scope

  1. Consider options for revising, replacing or scrapping the Network Security Guidelines.

Deliverables

  1. A report with one or more proposals for the future of the Network Security Guidelines.

  2. For proposals involving replacement, details of the availability and applicability of the proposed alternative, and what modifications if any would be needed to it in order to make it suitable for use.

  3. For proposals involving revision, details of the revisions that are deemed necessary and how the document will be kept current in the future.

  4. For proposals involving scrapping, an explanation of why this is preferable to either of the other two options.

  5. If there are multiple proposals, optionally a recommendation as to which one to pursue and an associated timeline.

  6. A form of ballot or ballots to implement any recommendations.

Expiry

The Working Group shall expire once the deliverables have been completed, or on 2018-06-19, whichever happens first. The expiry date given above shall be automatically postponed by 1 year on 2018-05-19 (“postponement date”) and each anniversary of the postponement date thereafter unless three or more members separately or jointly request on the Public Mail List, within one month prior to a particular postponement date, that expiry of this Working Group not be postponed in that instance.

Motion ends

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).