<div dir="ltr">As expressed previously, I do have concerns about the definition of browser.<div><br></div><div>For example, if I write a popular mobile application for Android and iOS that is downloaded by 10 million users, and which uses SSL/TLS to update an online leaderboard, it would appear that under the current definition of browser, I would qualify (and, presumably, as a voting-eligible member).</div>
<div><br></div><div>I realize that this is, perhaps, a challenging definition. For instance, we have organizations like Opera who have long participated and helped steer towards a more secure Internet, but which are in the process of transitioning away from operating a Root Store directly. Likewise, Google's participation has largely been made up of members from the Google Chrome team, even though the primary Root Programs are through Android and ChromeOS (as noted in the past, Chrome on Windows / Mac / Linux attempts to defer to a notion of a 'system' trust store). And on the other end, we have organizations like Oracle, for which operate a Root Program (for Java), which indirectly may be used towards the construction of either a Web Browser or any other number of applications.</div>
<div><br></div><div>However, I think it's best we balance the desire to be inclusive with the recognition of where the primary strength of this group lies in - the development of baseline policies that can reduce both the complexity of compliance to AND (hopefully) avoid any contradictory guidance between Browser Root Programs.</div>
<div><br></div><div>My fear is that an overly broad definition will destablize some of these efforts, bringing the industry back to a place it was 5 - 10 years ago - where each Root Program has an independent set of guidelines with limited commonality, and even weaker auditing frameworks.</div>
<div><br></div><div>Just food for thought, as I don't yet have particular language to propose to enhance this, but am left with a general unease at the current wording.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Tue, Oct 15, 2013 at 4:23 PM, Ben Wilson <span dir="ltr"><<a href="mailto:ben@digicert.com" target="_blank">ben@digicert.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal">Here is a discussion draft for changes to the bylaws. You’ll notice I haven’t edited any of the provisions related to Interested Parties because there are a few things to iron out there and maybe somebody else has some good suggestions. I’ll post the Word version on the wiki in case anyone needs it.<u></u><u></u></p>
<p class="MsoNormal">Thanks,<u></u><u></u></p><p class="MsoNormal">Ben<u></u><u></u></p></div></div><br>_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
<br></blockquote></div><br></div>