![A Look at 30 Key Cyber Crime Statistics [2023 Data Update]](https://www.thesslstore.com/blog/wp-content/uploads/2022/02/cyber-crime-statistics-feature2-75x94.jpg)
(2 votes, average: 5.00 out of 5, rated)
Loading...New Industry Standards Working Group Aims to Define Industry Terms
The CA/B Forum’s newly approved “Definitions and Glossary Chartered Working Group” aims to standardize industry language to create clarity and consensus of terms used in security guidelines
Within the cybersecurity industry, multiple terms can describe something, or a single term can describe several things. This is especially true within public key infrastructure (PKI).
Think of a simple example using terms like “SSL” and “TLS.” Someone could use these terms to refer to the security protocols that layer over HTTP to create the secure HTTPS protocol, or to mean the digital certificates you install on web servers to secure website connections (SSL/TLS certificates or website security certificates). These two terms are often used interchangeably within the industry. While they serve the same function, key technical differences differentiate them.
People using specific terms differently can create confusion and decrease collaborative efficiency. This is why the CA/Browser Forum (CA/B Forum) established the new Definitions and Glossary Chartered Working Group.
But what precisely does this new WG hope to accomplish? And why is this initiative necessary?
Let’s hash it out.
An Overview of the New Definitions and Glossary Working Group
The unanimously approved ballot was proposed by Apple (Clint Wilson, Senior Technical Program Manager – Root Certification Authority Programs) and endorsed by representatives of the certification authorities (CAs) DigiCert (Timothy Hollebeek, Industry Technology Strategist) and Sectigo (Tim Callan, Chief Compliance Officer).
According to the working group’s official charter:
“The mission of the Definitions and Glossary Working Group is [to] establish a glossary document encapsulating a set of definitions for terms used within the CA/Browser Forum and its Guidelines.”
According to Hollebeek, who will serve as the WG’s initial chair, the WG’s scope will span from defining basic words like “Applicant” and “Subscriber” to more technical definitions of terms like “Private Key” and “Public Key.”
The purpose of defining these terms is to nail down the exact details of how they should be used in these documents, as opposed to the similar (but different) definitions that you’ll read elsewhere.
6 Goals of the New Definitions and Glossary Chartered Working Group
Hollebeek reminds us that the Forum’s technical security standards describe the minimum requirements for critical security systems. As such, it’s crucial that everyone is in detailed agreement about exactly what the requirements mean — and the words used to define them.
“This is why security standards have extensive lists of definitions with carefully crafted definitions,” Hollebeek said.
Knowing this, there are several key goals that the new working group aims to achieve:
- Achieve clarity and consistency in industry terms. The primary goal is to standardize the terms used within guidelines and other resources. This is important because it can help reduce confusion and potential misinterpretations.
- Facilitate effective communication with stakeholders. If people speak the same language, it makes it a lot easier to communicate effectively. This is true in the context of the CA/B Forum as well. Ideally, this would make communications with internal and external industry partners and other stakeholders more effective.
- Improve the quality of the language published in Forum guidelines. By establishing accurate, high-quality terminology, the WG aims to improve stakeholder understanding and reduce misunderstandings that could impede or delay work within the CA/B Forum. Again, if they can get everyone to speak the same language, it can improve the efficiency of the other working groups.
- Make industry terms more accessible. Having a centralized glossary can be particularly useful when you’re new to the Forum (or the industry as a whole). You have a resource that can help you reduce the learning curve when implementing and maintaining compliance with baseline security requirements.
- Improve internal and external interoperability. An informative and useful glossary is a great resource for cross-referencing guidelines and other resources.
- Increase iterative feedback and collaboration capabilities. Establishing a well-defined and current glossary will provide a framework for gathering feedback and making improvements to these definitions over time.
What’s the Next Course of Action?
Okay, all of that sounds pretty straightforward. But how do they plan to achieve these things? As specified in the FORUM-021 Ballot:
- Establish new communication channels to facilitate the work. This includes possibly creating new email list(s), Wiki resource(s), and GitHub repositor(ies).
- Create an official, documented glossary of industry terms and definitions. This involves identifying defined and undefined terms in existing documents and consolidating synonymous terms (where applicable).
- Collaborate with other CA/B Forum Chartered Working Groups. Examples of some of the other CWGs that they may run ideas past and coordinate with include:
- Code Signing Working Group — This group established and manages the CA/B Forum’s Baseline Requirements for Code Signing Certificates.
- Network Security Working Group — This body oversees and manages the Forum’s Network and Certificate System Security Requirements.
- Server Certificate Working Group — This WG oversees and manages the Baseline Requirements for TLS Server Certificates.
- S/MIME Certificate Working Group — This group oversees the CA/B Forum’s Baseline Requirements for the Issuance and Management of Publicly Trusted S/MIME (email security) certificates.
Let’s Wrap This Up With One Final Thought: Is This Really Necessary?
In one word: yes. For those of you who think the new Definitions and Glossary Working Group and its mission are unnecessary or as “exciting” as watching paint dry, well, you’re not wrong. Defining terms isn’t typically an exciting activity for most people (unless you work at Merriam-Webster).
However, this WG serves a necessary function within the CA/B Forum. Diverging definitions lead to debates that can reduce efficiency and slow progress. This helps to mitigate those issues.
Furthermore, according to Hollebeek, it’s about getting things more organized:
“Over time, the definitions used in documents by the CA/Browser Forum have diverged, with important terms being spread across various documents, to the point where the documents even have circular references as they try to point to each other’s definitions. The Definitions WG will create a uniform list of definitions of crucial PKI terms that can be used for all the CA/Browser Forum’s documents. In addition, this may be an initial step towards harmonizing the other sections of CA/Browser Forum documents that may have diverged.”
While documenting definitions of specific terms isn’t a particularly exciting or glamorous task, it serves an important function within the Forum and for individuals learning about its guidelines. Creating a standardized, documented glossary that consolidates these terms can help Forum Members — and those who are trying to implement these requirements within their businesses — “connect the dots” more easily.
Be the first to comment