Home » Network Security Working Group

Network Security Working Group

Background

In January 2013 the CA/Browser Forum’s “Network and Certificate System Security Requirements” (NCSSRs) became effective. In June 2017, the Forum chartered a Network Security Working Group to re-work the NCSSRs. That charter expired on June 19, 2018, and in October 2018, the Server Certificate Working Group (SCWG) established a Network Security Subcommittee (NetSec Subcommittee) to continue work on the NCSSRs. Since then, the Network Security Working Group (NetSec WG) has replaced the NetSec Subcommittee. The NetSec WG was created in December 2021 by Ballot Forum-17. Existing members of the CA/Browser Forum are eligible to participate in the NetSec WG.

Scope of Work

The NetSec WG was chartered to continue work on the NCSSRs, and to conduct any and all business related to improving the security of Certification Authorities. The NetSec WG makes security-related recommendations to other Forum WGs for requirements or guidelines that are within their purview, i.e. the Baseline Requirements/Extended Validation Guidelines of the Server Certificate WG, the Baseline Requirements for Code Signing Certificates of the Code Signing Certificate Working Group or guidelines adopted by the S/MIME Certificate Working Group.

The primary deliverable of the NetSec WG is the NCSSRs. Other work includes performing risk analyses, security analyses, and other types of reviews of threats and vulnerabilities applicable to CA operations involved in the issuance and maintenance of publicly trusted certificates (e.g. server certificates, code signing certificates, or SMIME certificates).

Charter

Charter of the Network Security Working Group

Officers

Chair: Clint Wilson (Apple)

Vice Chair: David Kluge (Google Trust Services)

Ballots

Network Security Working Group Ballots

Participation

The CA/Browser Forum welcomes existing members with an interest in system security to join the NetSec WG. There is no cost to join. Existing CABF Members should provide their declaration of intent to participate in the NetSec WG and the following information by email to questions@cabforum.org:

  • statement of the Voting Class by which they qualify;
  • names/email addresses of their designated representatives who will participate; and
  • names/email addresses of their designated representatives who will vote.

Mailing List

The NetSec WG provides a public mailing list.  See https://lists.cabforum.org/pipermail/netsec/

To subscribe, see: https://cabforum.org/mailman/listinfo/netsec.

Members

Certificate Issuers:
Amazon
Asseco Data Systems SA (Certum)
Buypass AS
Chunghwa Telecom
Comsign
Digicert
Disig
eMudhra
Entrust
GDCA
GlobalSign
GoDaddy
HARICA
Kamu SM
Let’s Encrypt
OATI
OISTE Foundation
Sectigo
SecureTrust
SSL.com
SwissSign
Taiwan CA
Telia Company
TrustCor Systems
Visa

Certificate Consumers:
Apple
Google
Microsoft
Mozilla
Opera Software AS

Interested Parties:
Fastly
PrimeKey

Associate Members:
CPA Canada/WebTrust
US Federal PKI Management Authority