<div dir="ltr"><div>Thanks Dimitris.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 5, 2020 at 11:09 PM Dimitris Zacharopoulos (HARICA) via Public <<a href="mailto:public@cabforum.org">public@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
Tim, Wayne, Adriano,<br>
<br>
Apple made a contribution and although HARICA disagrees with most of
the recommended changes I believe there should be some discussion
around that. </div></blockquote><div><br></div><div>Agree. It's not in anyone's interests, nor do I believe that the intent was to ignore input unrelated to the identity issue. We should discuss it now to allow members to decide for themselves if the suggestions are important enough to warrant voting against this ballot, or if the ballot is good enough to ratify as-is.<br></div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>Unfortunately, although I had started working on a
response, I didn't have time to complete it on time. I was hoping to
see some comments/responses from the proposer and endorsers before
the voting period began.<br>
<br>
For what it's worth, here is a list of my comments (attached). My
biggest concern is the Certificate Consumer members that qualify
based on "mail transfer agent". I would certainly like some more
information about that before HARICA votes. Other than that, the
charter looks good to me.<br>
<br></div></blockquote><div><br></div><div>The section in question is:</div><div><br></div><div><span style="font-size:10.5pt;font-family:"Quattrocento Sans",sans-serif;color:rgb(36,41,46);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" id="gmail-docs-internal-guid-81c39c28-7fff-6963-3f63-b061fdb7a295">(2) A Certificate Consumer eligible for voting membership in the SMCWG must produce a develop and maintain a mail user agent (web-based or application based), mail transfer agent, or email service provider that processes S/MIME certificates issued by third-party Certificate Issuers who meet criteria set by such Certificate Consumer.</span></div><div><span style="font-size:10.5pt;font-family:"Quattrocento Sans",sans-serif;color:rgb(36,41,46);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" id="gmail-docs-internal-guid-81c39c28-7fff-6963-3f63-b061fdb7a295"><br></span></div><div><span style="font-size:10.5pt;font-family:"Quattrocento Sans",sans-serif;color:rgb(36,41,46);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" id="gmail-docs-internal-guid-81c39c28-7fff-6963-3f63-b061fdb7a295">The inclusion of "mail transfer agents" as eligible participants doesn't appear harmful to me, but I also agree with Clint's comment that "The role of a mail transfer agent in consuming S/MIME certificates is unclear."</span></div><div><span style="font-size:10.5pt;font-family:"Quattrocento Sans",sans-serif;color:rgb(36,41,46);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" id="gmail-docs-internal-guid-81c39c28-7fff-6963-3f63-b061fdb7a295"><br></span></div><div><span style="font-size:10.5pt;font-family:"Quattrocento Sans",sans-serif;color:rgb(36,41,46);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" id="gmail-docs-internal-guid-81c39c28-7fff-6963-3f63-b061fdb7a295">Tim or Ben: this was part of the draft Ben proposed over a year ago. Do you have any information on why this was included?<br></span></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
<br>
Best regards,<br>
Dimitris.<br>
<br>
<br>
<br>
<div>On 2020-02-06 12:45 π.μ., Wayne Thayer
via Public wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Based on my recollection of the Guangzhou discussion, and
supported by the minutes, the "path forward agreed to in
Guangzhou" was that we would take this charter to a ballot
without further attempts to resolve the issue of including
identity in the charter's scope. There does not appear to be a
path to consensus on this issue, despite the considerable
amount of time spent discussing it. I'm unhappy with this
approach, but as one of the endorsers, I don't see an
alternative other than "take it to a vote" that gets this
much-needed WG formed any time soon.</div>
<div><br>
</div>
<div>- Wayne<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Feb 5, 2020 at 3:22 PM
Ryan Sleevi via Public <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>
<div>Hi Tim,<br>
</div>
</div>
<div><br>
</div>
<div>Could you point to where that's reflected in the
minutes? Our understanding here at Google is that Apple's
proposed changes, which we support and would be unable to
participate without incorporating, is that it accurately
and correctly reflects the discussions in London [1],
reiterated in Cupertino [2], and agreed upon in
Thessaloniki [3]. It appears that, following that, the
proposers of that ballot ignored that consensus and
conclusion, and yet the discussion of Guangzhou [4] does
not indicate there was consensus to do so.</div>
<div><br>
</div>
<div>I'm hoping we've just overlooked something in the
minutes, but Apple's proposed changes seem
imminently reasonable, and a worthwhile path to drafting
requirements that consuming software, such as mail clients
(both native and Web), can use and consume as part of
their root programs, as an alternative to their
root-program-specific requirements.</div>
<div><br>
</div>
<div>[1] <a href="https://cabforum.org/2018/06/06/minutes-for-ca-browser-forum-f2f-meeting-44-london-6-7-june-2018/#New-SMIME-Working-Group-Charter" target="_blank">https://cabforum.org/2018/06/06/minutes-for-ca-browser-forum-f2f-meeting-44-london-6-7-june-2018/#New-SMIME-Working-Group-Charter</a></div>
<div>[2] <a href="https://cabforum.org/2019/05/03/minutes-for-ca-browser-forum-f2f-meeting-46-cupertino-12-14-march-2019/#Creation-of-additional-Working-Groups---Secure-Mail" target="_blank">https://cabforum.org/2019/05/03/minutes-for-ca-browser-forum-f2f-meeting-46-cupertino-12-14-march-2019/#Creation-of-additional-Working-Groups---Secure-Mail</a></div>
<div>"<span>Dean
– We have a blank slate here and it seems the reluctance
was to make it a narrow scope and then focus on either
one aspect of SMIME. First task might be how to validate
an email, and then focus on identity validation. Some
comments were to make the chart narrow to focus on one
task while others say to include all proposed tasks to
not have to recharter which has caused issues in the
past."</span></div>
<div>[3] <a href="https://cabforum.org/2019/08/16/minutes-for-ca-browser-forum-f2f-meeting-47-thessaloniki-12-13-june-2019/#Creation-of-Additional-Groups---Secure-Mail" target="_blank">https://cabforum.org/2019/08/16/minutes-for-ca-browser-forum-f2f-meeting-47-thessaloniki-12-13-june-2019/#Creation-of-Additional-Groups---Secure-Mail</a><br>
</div>
<div>"<span>Eventually,
all parties in the conversation came to the conclusion
that it would behoove the Forum to scope the working
group charter to domain validation, first, before adding
other functionality once that portion was locked-down."</span></div>
<div><span>[4] </span><a href="https://cabforum.org/2019/12/12/minutes-for-ca-browser-forum-f2f-meeting-48-guangzhou-5-7-november-2019/#Creation-of-Additional-Groups---Secure-Mail" target="_blank">https://cabforum.org/2019/12/12/minutes-for-ca-browser-forum-f2f-meeting-48-guangzhou-5-7-november-2019/#Creation-of-Additional-Groups---Secure-Mail</a></div>
<div><span><br>
</span></div>
<div><span><br>
</span></div>
</div>
_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Public mailing list
<a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
</blockquote></div></div>