<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Unintentional, and thanks for calling it out. I don’t have strong feelings on the issue and agree broader participation is a useful goal, especially before requirements exist. Certificate Consumers can, and I expect will, have their own opinions on what audits are appropriate and necessary once they adopt the requirements. Do you have a proposed fix?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>-Tim<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Ryan Sleevi <sleevi@google.com> <br><b>Sent:</b> Sunday, April 19, 2020 4:41 PM<br><b>To:</b> Tim Hollebeek <tim.hollebeek@digicert.com>; CABforum1 <public@cabforum.org><br><b>Subject:</b> Re: [cabfpub] Update about S/MIME Charter<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>Looking through the resolved and unresolved aspects, the lack of feedback from you meant we still have one unaddressed matter in the draft:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><a href="https://github.com/cabforum/documents/pull/167/files#r392389077">https://github.com/cabforum/documents/pull/167/files#r392389077</a><o:p></o:p></p></div><div><p class=MsoNormal>- The proposed draft charter forbids any CA from participating unless they already have particular audit schemes, despite this document not yet existing nor being incorporated into audit frameworks. This has been repeatedly raised as an issue for the past year, and it would be useful to know whether or not this is intentionally not being addressed. It does seem that there doesn't need to be restrictions on CA membership until such a document is produced (see also <a href="https://cabforum.org/pipermail/public/2020-March/014917.html">https://cabforum.org/pipermail/public/2020-March/014917.html</a> )<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div></div></div></div></body></html>