<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Trebuchet MS";
panose-1:2 11 6 3 2 2 2 2 2 4;}
@font-face
{font-family:trebuchet;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Trebuchet MS",sans-serif;
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>As we stated on the management call, as long as people don’t get too legalistic about it, we would support all Members publicly stating who their CABF representatives are, not just Associate Members.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>It would also be very useful for the IPR discussions we have recently been having to disclose if any of the representatives are not employees of the Member.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>-Tim<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Public [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Jeff Ward via Public<br><b>Sent:</b> Sunday, June 3, 2018 9:46 PM<br><b>To:</b> Kirk Hall <Kirk.Hall@entrustdatacard.com>; CA/Browser Forum Public Discussion List <public@cabforum.org><br><b>Subject:</b> Re: [cabfpub] Associate Member status and meeting participation by related entities<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'>The official WebTrust representatives include:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'>Jeff Ward, Chair<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'>Don Sheehy, Vice Chair<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'>Jeff and Don are the regular attendees of F2F meetings, as well as the various CABF conference calls. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'>In addition ,from time to time at the F2F meetings, representatives from CPA Canada (the governing body for the WebTrust Task Force) include Janet Treasure, Taryn Abate, and Gord Beal. It would be rare for them to join any of the CABF conference calls.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'>When we notice other auditors attending from firms represented on the task force, we reach out directly with them and remind them they are not representing the WebTrust Task Force and should not be part of those discussions at the meeting.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'>I hope that helps clarify.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:10.0pt;font-family:"Trebuchet MS",sans-serif;color:#404040'>Jeff Ward, CPA, CGMA, CITP, CISA, CISSP, CEH</span></b><span style='font-size:10.0pt;font-family:"Trebuchet MS",sans-serif;color:#404040'><br>Office Managing Partner & National Leader Third Party Attestation (SOC/WebTrust/Cybersecurity)<br>314-889-1220 (Direct) 347-1220 (Internal)<br>314-889-1221 (Fax)</span><br><span style='font-size:10.0pt;font-family:"Trebuchet MS",sans-serif;color:#ED1A3B'><a href="mailto:jward@bdo.com"><span style='color:#ED1A3B'>jward@bdo.com</span></a></span><br><br><b><span style='font-size:10.0pt;font-family:"Trebuchet MS",sans-serif;color:#404040'>BDO</span></b><br><span style='font-size:10.0pt;font-family:"Trebuchet MS",sans-serif;color:#404040'>101 S Hanley Rd, Suite 800<br>St. Louis, MO 63105 <br>UNITED STATES<br>314-889-1100</span><br><u><span style='font-size:10.0pt;font-family:"Trebuchet MS",sans-serif;color:#ED1A3B'><a href="https://www.bdo.com"><span style='color:#ED1A3B'>www.bdo.com</span></a></span></u><br><br><i><span style='font-size:10.0pt;font-family:trebuchet;color:green'>Please consider the environment before printing this e-mail</span></i><span style='font-size:10.5pt;font-family:"Trebuchet MS",sans-serif'><o:p></o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Public [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Kirk Hall via Public<br><b>Sent:</b> Tuesday, May 29, 2018 12:22 PM<br><b>To:</b> CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br><b>Subject:</b> [cabfpub] Associate Member status and meeting participation by related entities<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><em><b><span style='font-size:9.0pt;font-family:"Trebuchet MS",sans-serif;color:mediumslateblue'>Attention: This email was sent from someone outside of BDO USA. Always use caution when opening attachments or clicking links from unknown senders or when receiving unexpected emails.</span></b></em><o:p></o:p></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>Here is a summary. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>Right now, we have six Associate Members: ACAB'c, ETSI, ICANN, Tscheme, US Federal PKI Policy Management Authority, and <span style='border:none windowtext 1.0pt;padding:0in'>WebTrust</span>. However, we don’t have a list of which people/companies are authorized by each of these Associate Members to participate in our meetings and teleconferences as the representative of the Associate Member.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>I’d like to correct that by asking each the six Associate Members to specify which individuals and/or companies are authorized to participate in Forum teleconferences and meetings as a representative of the Associate Member. Anyone who is not on the list would only have the status of an Interested Party, would have to sign the IPR Agreement, and could only be on teleconferences and at meetings upon the invitation of the Chair.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>Also, as a separate matter – today we have people/companies participating in the Forum as representatives of an Associate Member who have not signed our IPR Agreement. Should we require them to sign the IPR Agreement in their own name (or their company’s name) just as we do for Interested Parties?</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Ryan Sleevi [<a href="mailto:sleevi@google.com">mailto:sleevi@google.com</a>] <br><b>Sent:</b> Friday, May 25, 2018 6:26 PM<br><b>To:</b> Kirk Hall <<a href="mailto:Kirk.Hall@entrustdatacard.com">Kirk.Hall@entrustdatacard.com</a>>; CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br><b>Subject:</b> [EXTERNAL]Re: [cabfpub] Associate Member status and meeting participation by related entities<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Hi Kirk,<o:p></o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>I'm not sure what/if/how this solves any challenges we'd discussed. Is the assumption that if such an organization requested of the Chair to be an AM, that the chair would decline, and suggest they could only be an IP?<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>I'm mostly trying to understand the problem, as you see it, that this seeks to solve. I think there was some confusion around that on the call, and I don't quite see that articulated here.<o:p></o:p></span></p></div></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>On Fri, May 25, 2018 at 8:39 PM, Kirk Hall via Public <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>> wrote:<o:p></o:p></span></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>On our May 17 teleconference, we discussed the application of TUV-Austria (an ETSI auditing firm) for Associate Membership in the Forum. There was unanimous agreement that TUV-Austria should participate in some way, but there was not consensus on what formal status the organization should have.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>The Forum’s past practice on admitting individual audit firms as Associate Members in their own name or as representatives of the audit scheme they follow (e.g., ETSI / ACABc) has not been consistent. I’d like to discuss a possible Bylaws change to clarify this on our May 31 teleconference.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>1. Current Bylaw Provisions</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> </span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Here are current Bylaws provisions.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:1.0in;page-break-after:avoid'><b><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>3.1 Associate Members</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.5in;page-break-after:avoid'><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>The Forum may enter into associate member relationships with other organizations when the CA/Browser Forum determines that maintaining such a relationship will be of benefit to the work of the Forum. <u>In the past, entities qualifying as Associate Members have included the AICPA/CICA WebTrust Task Force, the European Telecommunications Standards Institute, Paypal, the Internet Corporation for Assigned Names and Numbers, tScheme, the U.S. Federal PKI</u>, and CAs applying for membership but awaiting full qualification under Section 2.1. Participation as an Associate Member is by invitation only. In order to become an Associate Member, an organization must sign a mutual letter of intent, understanding, or other agreement and the Forum’s IPR Agreement, unless this latter requirement is waived in writing by the Forum based on overriding policies of the Associate Member’s own organization IPR rules. <u>Associate Members may attend face-to-face meetings, communicate with Forum Members on member lists, and access Forum wiki content</u>. Associate Members are not entitled to vote except on special straw polls of the Forum (e.g. when selecting meeting dates, locations, etc.) </span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:1.0in;page-break-after:avoid'><b><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> </span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:1.0in;page-break-after:avoid'><b><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>3.2 Interested Parties</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.5in;page-break-after:avoid'><b><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> </span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.5in'><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>Any person or entity that wishes to participate in the Forum as an Interested Party may do so by providing their name, affiliation (optional), and contact information, and by agreeing to the IPR Agreement attached as Exhibit A (indicating agreement by manual signing or digitally signing the agreement).</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.5in'><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> </span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.5in'><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>Interested Parties may participate in Forum activities in the following ways:</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:1.0in'><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>(a) By becoming involved in Working Groups,</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:1.0in'><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>(b) By posting to the Public Mail List, and</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:1.0in'><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>(c) By participating in those portions of Forum Teleconferences and Forum Meetings to which they are invited by the Forum Chair relating to their areas of special expertise or the subject of their Working Group participation.</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.5in'><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>Interested Parties are required to comply with the provisions of the IPR Agreement and these Bylaws. Interested Parties may lose their status as Interested Parties by vote of the Members, in the Members’ sole discretion.</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.5in'><span lang=EN style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> </span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>The biggest differences between Associate Member (AM) and Interested Party (IP) status are that AMs can participate on all Forum teleconferences, attend all meetings, and receive mailings on the Management@ list (which is generally limited to meeting logistics and review of draft Minutes). The Chair can invite IPs to participate in specific portions of teleconferences and meetings as warranted.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>2. Associate Members and their related entities</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>There are three main Associate Members who often have their own members or related entities participate in teleconferences and meetings, and not always at the specific invitation of the Chair: (1) WebTrust, (2) ETSI/ACABc, and (3) Federal PKI. Some of the related entities of these AMs have been individual audit firms for WebTrust and ETSI/ACABc, and various government agencies and outside contractors for FPKI.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Clearly the actual officers or representatives of an AM (like Jeff Ward and Don Sheehy for WebTrust, and Arno Fiedler and Nick Pope for ETSI) should be allowed to participate for those organizations without invitation by the Chair. The situation has sometimes been less clear for FPKI, as the exact governing structure for that name appears to be a “network” and not an entity: <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.25in;background:white'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>What is the Federal PKI? </span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'><a href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffpki.idmanagement.gov%2F%23what-is-the-federal-pki&data=02%7C01%7Cjward%40bdo.com%7C723aaf09cbe64a21cdbf08d5c588bdc7%7C6e57fc1a413e405091da7d2dc8543e3c%7C0%7C0%7C636632113447036094&sdata=fLg34gR1WIfhQFSrw2wUZ3C%2FGxP2GJ5Q8mO1NEbcHqM%3D&reserved=0" target="_blank">https://fpki.idmanagement.gov/#what-is-the-federal-pki</a> </span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.25in;background:white'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>The Federal PKI is a network of hundreds of certification authorities (CAs) that issue:</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.5in;background:white'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>· PIV credentials and person identity certificates</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.5in;background:white'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>· PIV-Interoperable credentials and person identity certificates</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.5in;background:white'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>· Other person identity certificates</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.5in;background:white'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>· Enterprise device identity certificates</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.25in;background:white'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>The participating Certification Authorities and the Policies, Processes, and Auditing of all the participants is referred to as the Federal Public Key Infrastructure (FPKI).</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-left:.25in;background:white'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>The FPKI includes US federal, State, Local, Tribal, Territorial, international governments, and commercial organizations who work together to provide services for the benefit of the federal government.</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Deborah Gallagher signed our IPR Agreement in 2013 as “Chair, Federal PKI Policy Authority”.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>How should other audit firms like TUV-Austria or WebTrust qualified auditors who want to attend meetings or calls be classified? Clearly they must first sign our current IPR Agreement, but do they attend as “Associate Members” under the status of their supervising organization, or do they attend only as Interested Parties who need the invitation of the Chair each time? And how do we treat the various related entities who work on the FPKI network?<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>3. Suggested Approach</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>The situation has not been abuses in the past, but we should create a clearer set of rules. In my opinion, we should delegate to the existing Associate Members which related entities can participate on a regular basis, without the specific invitation of the Chair in each case.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>I suggest we add a sentence to Bylaw 3.1 – Associate Members that allows Associate Members themselves to designate representatives of related entities to participate in teleconferences and attend meetings under the status of the designating Associate Member (but in their own name, not the name of the Associate Member), and only after signing the current IPR Agreement. This would allow, for example, WebTrust to authorize participation by individual auditors who are not actual WebTrust officers, the same for ETSI/ACABc, and possibly the same for FPKI. We would first have to determine who actually speaks for FPKI as a “network” and would have the authority to designate representatives of related entities who could participate under FPKI’s Associate Member status.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>To do this, we could add the following new paragraph at the end of Bylaw 3.1 – Associate Members:<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-right:.75in;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Associate Members may designate representatives of their related entities (including their members or network members) to participate in Forum teleconferences and meetings on an ongoing or on a limited basis with the same rights as an Associate Member, and may remove such designations at any time. The related entities must sign the Forum’s applicable IPR Agreements and must participate in their own names and not as representatives of the Associate Members who designated them. In the event that too many related entities are designated by an Associate Member in the Chair’s opinion, the Chair may limit the number of related entities that an Associate Member may designate under this provision.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-right:.75in;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-right:.75in'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>We will discuss this on our May 31 teleconference. I welcome other ideas.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><br>_______________________________________________<br>Public mailing list<br><a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br><a href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fpublic&data=02%7C01%7Cjward%40bdo.com%7C723aaf09cbe64a21cdbf08d5c588bdc7%7C6e57fc1a413e405091da7d2dc8543e3c%7C0%7C0%7C636632113447046089&sdata=hYo5SP5T3tLaJOGPcYUh6lgHcImRjaSbc79e5itX2Ds%3D&reserved=0" target="_blank">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></span></p></blockquote></div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><br><br></span><em><b><span style='font-size:10.0pt;font-family:"Calibri",sans-serif;color:black'>BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. </span></b></em><b><i><span style='font-size:10.0pt;font-family:"Calibri",sans-serif;color:black'><br><br><em><span style='font-family:"Calibri",sans-serif'>BDO is the brand name for the BDO network and for each of the BDO Member Firms.</span></em><br><br><em><span style='font-family:"Calibri",sans-serif'>IMPORTANT NOTICES</span></em><br><br><em><span style='font-family:"Calibri",sans-serif'>The contents of this email and any attachments to it may contain privileged and confidential information from BDO USA, LLP. This information is only for the viewing or use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of, or the taking of any action in reliance upon, the information contained in this e-mail, or any of the attachments to this e-mail, is strictly prohibited and that this e-mail and all of the attachments to this e-mail, if any, must be immediately returned to BDO USA, LLP or destroyed and, in either case, this e-mail and all attachments to this e-mail must be immediately deleted from your computer without making any copies hereof. If you have received this e-mail in error, please notify BDO USA, LLP by e-mail immediately.</span></em></span></i></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p></div></div></body></html>