<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I would like to clarify this statement: “</span>Several CAs have expressed concerns regarding this (<i>Code Signing</i>) WG…”<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>From my recollection, concern that was expressed in the past by some CAs was regarding “EV Codesigning”, something that the current Code Signing Working Group is expressly NOT addressing. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The CSWG was chartered by the CA/B Forum last year to come up with uniform baseline requirements for regular code signing, not EV. Remarkably, there have never been guidelines for code signing vetting or private key protection. As there have been increased incidences with malware, the CA/B Forum recognized the need to take action and formed this working group.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>…..End of clarification…..Now back to the topic:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal>Why does the Forum need to consider (2) at all? That seems something that can be accomplished without any special action - no need for member committees<span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>This issue came up during a particular discussion (can’t recall the topic) and someone said according to the bylaws, we would need to get approval for a working group when it seemed overkill for something that could be researched by a small team in a short time. Hence Kirk suggested we clarify the bylaws so that is not required. Kirk-do you remember the specific instance we were discussing?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Ryan Sleevi<br><b>Sent:</b> Tuesday, July 01, 2014 2:09 PM<br><b>To:</b> kirk_hall@trendmicro.com<br><b>Cc:</b> CABFPub<br><b>Subject:</b> Re: [cabfpub] Draft Bylaw 5.3 change re creation of Working Groups<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p><br>On Jul 1, 2014 11:02 AM, "<a href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a>" <<a href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a>> wrote:<br>><br>> We had a discussion at our last meeting about the possible need to change Bylaws 5.3 in two ways (1) to eliminate the need for a formal Ballot to create a Working Group that may include Forum Members and other Interested Parties from outside the membership, but to allow formation of Working Groups through a simpler method, and (2) to clarify that temporary Member committees can be appointed by the Chair at any time to complete research, analysis, and drafting of proposals for the membership that don’t rise to the level of a Working Group (and to follow our current practices on such matters). I agreed to present a draft.<br>><o:p></o:p></p><p>Why does the Forum need to consider (2) at all? That seems something that can be accomplished without any special action - no need for member committees.<o:p></o:p></p><p>I am unsure why (1) is needed as well. Can you point to an example where something was blocked or inhibited based on the present practice?<o:p></o:p></p><p>On the other hand, its clear that some members in the WG have interests towards expanding the scope and role of the forum from beyond CAs and Browsers, and that's something we have expresses serious concern regarding in the past.<o:p></o:p></p><p>We have also seen WGs that are effectively the same as existing root program management, such as the Code Signing WG. Several CAs have expressed concerns regarding this WG and its operation, so I think we do have examples of things not working desirably.<o:p></o:p></p><p>For the sake of the public discussion, could you explain a bit more of the motivations for the draft.<o:p></o:p></p><p>> <br>><br>> The attached draft amends Bylaw 5.3 to allow Working Groups to be appointed on concurrence of the Chair and Vice Chair together, but only after consultation on the Public list and discussion at at least one meeting or teleconference of the Members. If there is specific objection by at least five Members, the discussion must continue for at least another 30 days, but at the conclusion the decision of whether or not to create the Working Group is up to the Chair and Vice Chair by joint agreement. The amendments also clarify that informal temporary committees of Members can continue to be created to work on matters being discussed by the Forum that don’t rise to the level of a Working Group (e.g., ideas for consideration, final ballot language, etc.).<br>><br>> <br>><br>> See below and attached.<br>><br>> <br>><br>> I welcome all comments and proposed edits.<br>><br>> <br>><br>> Kirk R. Hall<br>><br>> Operations Director, Trust Services<br>><br>> Trend Micro<br>><br>> +1.503.753.3088<br>><br>> <br>><br>> <br>><br>> Bylaw 5.3 Working Groups<br>><br>> <br>><br>> Members may propose by ballot the appointment of Working Groups open to participation by Members and Interested Parties with details outlining The ballot shall outline the scope of the Working Group’s activities, including deliverables, any limitations, and Working Group expiration date. Upon approval of the Working Group draft proposal by the Chair and Vice Chair, the proposal will be published to the public list for discussion for at least one week, and will be discussed by the Members during at least one teleconference or face to face meeting, or for such longer discussion period as the Chair may determine. If the Chair and Vice Chair believe there is substantial consensus supporting creation of the Working Group, they may announce its creation with such changes to its scope, deliverables, limitations, and expiration date as they may choose based on the prior proposal discussion. If five or more Members specifically object to the formation of the proposed Working Group, discussion on the matter will continue for at least one additional 30 day period, after which time the Chair and Vice Chair may create the proposed Working Group in the manner described in the previous sentence, or may choose not to create the proposed Working Group. If a Working Group is created, the Chair will call for a show of interest in participation by Members, and shall appoint a Working Group Chair from among the interested Members.<br>><br>> <br>><br>> Upon creation of a Working Group, the Forum will post an invitation to all Interested Parties to participate, and will solicit others with expertise and interest in the Working Group subject matter to become Interested Parties and participate in the Working Group. With the approval of the Chair, Working Groups may establish separate list-servs, wikis, and web pages for their communications, but all such separate list-servs must be managed in the same fashion as the Public Mail List. Working Groups may meet by teleconference or face-to-face meetings upon approval by the Chair and the Working Group Chair, but the Forum shall not be responsible for the expenses of any such teleconferences or meetings.<br>><br>> <br>><br>> Working Groups may draft recommendations to be forwarded to the Forum for its consideration, but no recommendations will be considered the product of the Working Group unless approved by two-thirds of all Working Group members who vote on the recommendations. All substantial initial and final drafts of the Working Group product will be posted on the Public Mail List.<br>><br>> <br>><br>> The Forum shall review the final recommendations from a Working Groups and may approve and implement some or all of the recommendations as appropriate in the Forum’s judgment following the Forum’s regular voting rules. The Forum shall retain the right to amend a Working Group recommendation before approval, but in most cases should first return the proposed amended recommendation to the Working Group for its review and response before voting.<br>><br>> <br>><br>> The Forum shall not be required to submit any matter to a Working Group, but may itself draft requirements and guidelines without a Working Group in its discretion.<br>><br>> <br>><br>> This section shall not apply to the creation of informal temporary committees of the Forum Members, which may be appointed by the Chair at any time for purposes of researching, analyzing, and drafting proposals and ballots for presentation to the Forum Members for routine matters which do not rise to the level of a Working Group.<br>><br>> <br>><br>> <br>><br>> TREND MICRO EMAIL NOTICE<br>> The information contained in this email and any attachments is confidential <br>> and may be subject to copyright or other intellectual property protection. <br>> If you are not the intended recipient, you are not authorized to use or <br>> disclose this information, and we request that you notify us by reply mail or<br>> telephone and delete the original message from your mail system.<br>><br>><br>> _______________________________________________<br>> Public mailing list<br>> <a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>> <a href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a><br>><o:p></o:p></p></div></body></html>