In January 2013 the CA/Browser Forum’s “Network and Certificate System Security Requirements” (NCSSRs) became effective. In June 2017, the Forum chartered a Network Security Working Group to re-work the NCSSRs. That charter expired on June 19, 2018, and in October 2018, the Server Certificate Working Group (SCWG) established a Network Security Subcommittee (NetSec Subcommittee) to continue work on the NCSSRs. Since then, the Network Security Working Group (NetSec WG) has replaced the NetSec Subcommittee. The NetSec WG was created in December 2021 by Ballot Forum-17. Existing members of the CA/Browser Forum are eligible to participate in the NetSec WG.
Scope of Work
The NetSec WG was chartered to continue work on the NCSSRs, and to conduct any and all business related to improving the security of Certification Authorities. The NetSec WG makes security-related recommendations to other Forum WGs for requirements or guidelines that are within their purview, i.e. the Baseline Requirements/Extended Validation Guidelines of the Server Certificate WG, the Baseline Requirements for Code Signing Certificates of the Code Signing Certificate Working Group or guidelines adopted by the S/MIME Certificate Working Group.
The primary deliverable of the NetSec WG is the NCSSRs. Other work includes performing risk analyses, security analyses, and other types of reviews of threats and vulnerabilities applicable to CA operations involved in the issuance and maintenance of publicly trusted certificates (e.g. server certificates, code signing certificates, or SMIME certificates).
Charter of the Network Security Working Group
Chair: Clint Wilson (Apple)
Vice Chair: David Kluge (Google Trust Services)
Network Security Working Group Ballots
The CA/Browser Forum welcomes existing members with an interest in system security to join the NetSec WG. There is no cost to join. Existing CABF Members should provide their declaration of intent to participate in the NetSec WG and the following information by email to email@example.com:
- statement of the Voting Class by which they qualify;
- names/email addresses of their designated representatives who will participate; and
- names/email addresses of their designated representatives who will vote.
The NetSec WG provides a public mailing list. See https://lists.cabforum.org/pipermail/netsec/
To subscribe, see: https://cabforum.org/mailman/listinfo/netsec.
Asseco Data Systems SA (Certum)
Opera Software AS
US Federal PKI Management Authority