<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi Kirk,<br>
<br>
I think the proposed model should work quite well the way it did
so far but as (if) the number of members reaches some critical
point the Forum will need some reform again.<br>
<br>
Would it be acceptable for your proposal to include some provision
for the next governance model "update", if, e.g. the Forum
membership gets closer to some critical figure (50, 100 etc..)?<br>
<br>
Thanks,<br>
M.D.<br>
<br>
On 9/18/2012 10:41 PM, <a class="moz-txt-link-abbreviated" href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a> wrote:<br>
</div>
<blockquote
cite="mid:EF70381B2D29784EA4FC66042BE81EAF2D132B@SJDCEXMBX03.us.trendnet.org"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">Dear
Karsten and Iñigo:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">Thanks
for forwarding the excellent comments from Christoph
Schmitz.
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">Here
are Trend Micro’s responses on those comments directed at
the Trend Micro governance proposal (answers inline below):<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><b><span
style="font-family:"Times New
Roman","serif"">COMMENT - Incorporated
entity vs. participation agreement<o:p></o:p></span></b></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><span
style="font-family:"Times New
Roman","serif"">Whereas DigiCert proposes to
found a legal entity (Delaware Law), TrendMicro wants to
work together on a contractual basis
(Participation/Consortia Agreement). From a legal
perspective the foundation of a legal entity is preferable
as a legal entity restricts the personal liability of the
members.<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><span
style="font-family:"Times New
Roman","serif""><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><span
style="font-family:"Times New
Roman","serif"">The bylaws of a legal entity
may be changed by a majority/two third majority at a member
meeting whereas for a change of the participation agreement
all participants have to agree and sign a change
agreement/adoption agreement. If a legal entity is
incorporated as a "non-profit" organisation, the tax status
is clarified.<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-family:"Arial","sans-serif"">[Trend
Micro response]:</span></b><span
style="font-family:"Arial","sans-serif"">
We recognize that creation of a separate CA/Browser Forum
legal entity (e.g., non-profit corporation) could, in
theory, limit the personal liability of Forum members as a
matter of law. However, we believe this potential benefit
is almost non-existent in this case given the very limited
activities the Forum is engaged in – chiefly group telephone
calls and occasional meetings that are actually sponsored by
individual member companies. The Forum has no employees, no
budget, no commercial activities, no tax liabilities, and so
it is hard to see how the Forum itself could face any
classic tort, contract, or tax liability to anyone. For
this reason, we believe a corporate entity would not provide
any particular benefit from these types of liability.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">What
kind of legal liabilities could arise from Forum activities
or membership? The chief potential liability that comes to
mind could be liability for antitrust/unlawful trade
restraints from the Forum standards. However, under the law
Forum members would likely have personal liability anyway
for antitrust/unlawful trade restraints in any mandatory
standards passed by Forum members, and the mere fact of
incorporation of the Forum would not be a shield or offer
any protection to Forum members for such potential liability
(as Forum members would be the “actors” who approved the
unlawful standards or activities).
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">There
is one other point to consider – if the CA/Browser Forum is
incorporated, it would be very easy for a disgruntled person
or entity to sue the “Forum” simply by serving a summons and
complaint on the registered agent for the Forum in whatever
state the Forum is incorporated. At that point, the Forum
would either have to respond in court (file an Answer, incur
court costs and legal charges), or not respond and be
subject to a default judgment. In other words, someone
could force an incorporated Forum to respond to a single
lawsuit against a single defendant (the Forum itself), which
could make the Forum a “target” for potential litigation by
anyone seeking to pull in CAs and browsers to a court
action. The same is true for any government regulatory
actions (US or otherwise) – if the Forum is a legal entity,
a government agency can effectively pull in all members
simply by starting an administrative action against the
Forum itself.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">In
contrast, if the Forum is unincorporated it can’t
effectively be sued as the “Forum” in a lawsuit or be pulled
into a government administrative action. Instead, the legal
plaintiff (or the government agency) would need to sue –
serve legal papers on – all the Forum members individually
in order to obtain jurisdiction. I question whether it
would be possible to gain proper jurisdiction in the United
States over many non-US CAs, which could create some limited
protection against lawsuits and administrative actions in
the US for non-US Forum members. It is our belief that many
potential plaintiffs and government agencies will be
deterred from starting legal action against the “Forum” if
they are required to serve legal papers separately on each
and every Forum member.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">We
have had experience with unincorporated industry groups in
the past, and the lack of incorporation has not been a
problem. Under the balance of the Trend Micro governance
proposal, there is no real need for incorporation because
the Forum will not maintain a bank balance, will not hire
employees, will not enter contracts with third party
vendors, etc.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">Finally
– the bylaws question. The Forum does not presently have a
document called “Bylaws” where all governance rules can be
found, but Trend Micro has proposed that we pull together
all existing and new governance rules into a single set of
“Bylaws” and publish them in a public place. The voting
rules for approving an initial set of Bylaws (as well as for
approval of all future changes to the Bylaws) would be the
same rules as the Forum currently has for approval of all
other matters (new standards, etc.), so there would be no
change there.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><b><span
style="font-family:"Times New
Roman","serif"">COMMENT - Legal Comments to
TrendMicro<o:p></o:p></span></b></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><span
style="font-family:"Times New
Roman","serif"">In general the TrendMicro
proposal is a possible way forward, but the foundation of a
legal entity would be favourable (see above). Currently it
is unclear, how the Forum will be internally organized (eg.
who is taking notes, who is archiving proposals, organising
voting's etc.). According to the TM proposal, only "active
members" are allowed to vote. The term "active member" is
not defined and could therefore lead to a discrimination of
members and lengthy discussion about the validity of a vote.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-family:"Arial","sans-serif"">[Trend
Micro response]:</span></b><span
style="font-family:"Arial","sans-serif"">
Our general comments on the pros and cons of creating the
Forum as a legal entity are covered by the response above.
Trend Micro is not adamantly opposed to creating a legal
entity, we simply think it is not necessary and does not add
value (plus it adds potential detriments). We would also
have to select a jurisdiction of incorporation if we
incorporate, pay filing fees and for a registered agent,
elect corporate officers, etc., which is additional time and
expense. And Forum members would have to consider if they
are legally permitted to be members of a US non-profit
corporation, for example, if the Forum is organized as a US
corporation – would that mean the non-US member is legally
“present” in the US and increase the likelihood that a
plaintiff in a lawsuit could establish legal jurisdiction
over the non-US member because of Forum membership?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">The
term “active member” was defined long ago by Ballot 5
(January 2008), and involves keeping track of the actual
participation of nominal Forum members. Here is how Ballot
5 defines “active members”:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Arial","sans-serif";color:black"
lang="EN">“A ballot result will be considered valid only
when more than half of the number of currently active
members has participated.
<u>The number of currently active members is the average
number of member organizations that have participated in
the previous three meetings (both teleconferences and
face-to-face meetings</u>).”</span><span
style="font-family:"Arial","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">There
is even an online calculator at the Forum wiki to keep track
of which members (and how many) are “active members” at any
given time – see the Attendance and Quorum Calculator.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">If
a Forum member does not participate for three successive
meetings (phone or face to face), it remains a member (and
can vote) but is no longer considered an “active members”
for quorum purposes until it has participated in three
successive meetings. A quorum for voting purposes today
requires only 6 members to vote on a matter (and not all
must agree for the matter to pass – for example, a vote of
4-2 in favor is sufficient to pass a new mandatory standard
today), which Trend Micro thinks is too low and should be
examined.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">The
Trend Micro governance proposal does not change this
existing rule considering who is an “active member” but
simply incorporates it by reference – but we would be
favorable to proposals for change in the future after the
governance structure is decided, as this existing “active
members” rule may be too narrow. All these rules should be
incorporated in a new, single set of public Bylaws that
everyone can find.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">We
would also be favorable to adding provisions to the new
Bylaws defining a process by which meeting notes will be
taken, documents will be archived and made available to
members and the public, etc. <o:p></o:p></span></p>
<p class="MsoPlainText"><o:p> </o:p></p>
</div>
<table>
<tbody>
<tr>
<td bgcolor="#ffffff"><font color="#000000">
<pre>TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.</pre>
</font></td>
</tr>
</tbody>
</table>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>