<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
I filled the attached in the governance WG on Tuesday about the
Server Certificate Working Group Charter, which didn't make it in
the version distributed by Ben.<br>
<br>
These are some comments for definitions of Application Software
Suppliers and Qualified Auditors. I also think we need to update the
audit criteria for CAs so the WebTrust and ETSI are aligned.<br>
<br>
Since we prefer to use the term "Browser Members", it would make
sense to replace "Application Software Suppliers" in this charter
with "Browsers", or replace "Browsers" with "Application Software
Suppliers" (which doesn't sound very well).<br>
<br>
<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 11/1/2018 7:21 πμ, Ben Wilson via
Public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:SN1PR14MB017579E303F64FD0195ED2A1F1160@SN1PR14MB0175.namprd14.prod.outlook.com">
<pre wrap="">As a preface to tomorrow's discussion of the proposed Bylaw revisions, here is a synopsis of some of the proposed changes. (The language in the following synopsis should not be considered a substitute for the actual language being considered, which is in the attached documents.)
1. Bylaws - New governance structure
* Keeps Forum as a general governing structure, but all work done and adopted in new, separate Working Groups (WG) that may have differing membership
* Membership in the Forum will be based on membership in a WG - Forum membership will include all members of all working groups.
* "Issuing CA" and "Root CA" now "Certificate Issuers" and "Browsers" are "Certificate Consumers", defined as "The member organization produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a Working Group."
* WG membership could be CAs and browsers (like for the initial Server Certificate Working Group), but could have different membership categories for different WGs, based on the subject matter
* Voting at the Forum level (administrative issues, bylaws, creating new working groups) will still be two-thirds for Certificate Issuers and >50% for Certificate Consumers
* New WGs formed according to new charters approved by the Forum governing structure. Each WG will have its own membership criteria and voting rules, to be established in the charter passed by the Forum. All will be required to follow the same basic rules the Forum now follows as to public communications, IPR, Minutes, a Chair and Vice-Chair, allowing limited participation by Interested Parties
* WGs will each be bound by a form of IPR Agreement approved by the Forum, but only members of a WG will be bound by the IPR Agreement applicable to that WG- see below
* The WG gets to decide and vote on the content of its output, which does not come back to the Forum for approval.
* WGs can themselves create "subcommittees" of members, similar to what working groups of the Forum do today (Validation, Network Security, Policy Review will now be called "committees" or "sub-committees"). (Section 5.3.4 of the current draft bylaw provides that a legacy Working Group has the option of immediately terminating or continuing in effect without change for 6 months following these amendments to the Bylaws.)
* New governance structure will take effect as soon as governance rules and initial charter for a Server Certificate Working Group are passed by the Forum (there is no IPR Review Period).
* Other: Ballot language will take precedence over Redline versions (but make sure both versions are consistent and based on the most recent version of the guidelines); and another provision proposes that in lieu of the current language in section 5.1.(a) ("after 2 weeks have elapsed since publication of the draft if no Forum Meeting or Forum Teleconference is imminent") instead, after 3 weeks, a member can request that minutes be published.
2. Initial Server Certificate Working Group, chartered under new governance structure
* Very similar to current scope of the Forum, membership and voting rules. Will take over current substantive work of the Forum.
* A proposed term of five (5) years
* Initial officers the same as those currently chairing the Forum (Kirk, Chair, and Ben, Vice-Chair)
* Voting the same as it is today (two-thirds for CAs and >50% for Browsers)
3. IPR Policy and Agreements
* Scope covers commitments Members undertake "as a condition of participation in CAB Forum Working Groups"
* Only the affirmative act of joining a Working Group (or otherwise agreeing to the licensing terms) obligates a Member to Royalty-Free (RF) Licensing obligations
* Chair still publishes Notice of Review Period
* Exclusion of an Essential Claim from RF License requires written notice to the Forum Chair, Working Group Chair, and the Forum public mailing list (<a class="moz-txt-link-freetext" href="mailto:public@cabforum.org">mailto:public@cabforum.org</a>)
* When a Participant joins a Working Group, it has 45 days to review Draft and Final Guidelines of the Working Group for any Essential Claims and to agree in a separate written agreement to the CAB Forum RF licensing requirement
* The Forum RF license survives a Member's termination for Essential Claims adopted by the Working Group in which a Member participated (e.g. for work in progress, for that Member's Contributions, or for which the Review Period has passed).
* "Member" (CAB Forum) and "Participant" (Working Groups) are defined to include Affiliates, but this is not a substantive change-the IPR Policy has always applied to Affiliates
Ben Wilson, JD, CISA, CISSP
DigiCert VP of Compliance
+1 801 701 9678
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>