<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 2020-07-02 9:44 μ.μ., Ryan Sleevi
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACvaWvZD7EB1tyncA5GQRuQbki-Ty345ZiQJZL35k=JCYSd-oQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr"><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Jul 2, 2020 at 12:12
AM Dimitris Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr" moz-do-not-send="true">dzacharo@harica.gr</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>Your response to GlobalSign was written very elegantly
but the word "GlobalSign" was used 15 times in your
response to Doug which is indicative of putting a Member
"on the spot". </div>
</blockquote>
<div><br>
</div>
<div>Would it have been better to say "the right honorable
Gentleman"? At some point, we need to discuss views that are
being presented and their merits. Our code of conduct is, in
many ways, designed to discourage attacks against
individuals, the people we deal with on an everyday
basis, not the companies they represent. If our code of
conduct is to be extended to brand protection, which is what
you are suggesting and have suggested in the past, then this
is deeply misunderstanding what a Code of Conduct is for.</div>
<div><br>
</div>
<div>What is the better way to represent an individual's views
and arguments? "You" is almost certainly seen as an attack
on the individual worth, and is problematic. The abstract
idea is one worth engaging in, but there still needs to be a
reference to what the framing of the argument is, and its
surrounding assumptions and logical consequences. Unless and
until we have some better way to express these abstractions,
without the risk of personally impugning the right honorable
reputation of the gentleman from GlobalSign, then to avoid
the personal pronouns is to necessitate the proper nouns.</div>
<div><br>
</div>
</div>
</div>
</blockquote>
<br>
Putting a Member "on the spot" seems to be equally troubling as
putting an individual because an individual IS representing a Member
at that time and will feel offended and intimidated. We have had
great conversations in the past by being a bit more abstract "a CA"
or "CA foo", "CA bar". We've also had several conversations where
examples involving several existing CAs were given (like you did by
calling out several existing CAs at once). People seem to be ok with
that. <br>
<br>
<blockquote type="cite"
cite="mid:CACvaWvZD7EB1tyncA5GQRuQbki-Ty345ZiQJZL35k=JCYSd-oQ@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>Threatening to leave the Forum could be seen by some
Members as another form of intimidation.<br>
</div>
</blockquote>
<div><br>
</div>
<div>I am having trouble squaring this, especially with any
basis with the behaviour and intent of our Code of Conduct.</div>
<div><br>
</div>
</div>
</div>
</blockquote>
<br>
Some Members certainly do not want to see Google or you leaving the
Forum so the risk of leaving may be seen intimidating by these
Members. Perhaps I did not express it accurately so I apologize and
withdraw it.<br>
<br>
<blockquote type="cite"
cite="mid:CACvaWvZD7EB1tyncA5GQRuQbki-Ty345ZiQJZL35k=JCYSd-oQ@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div>Respectfully, this seems like an abuse by the Chair of a
Code of Conduct, especially in the context of a thread which
began by suggesting that Root Programs should do nothing
outside of the Forum, followed by a suggestion that Root
Programs should do all things outside of the Forum. This is
further deeply problematic with your statement below.</div>
</div>
</div>
</blockquote>
<br>
I never said that Root Programs should do nothing outside of the
Forum. I cannot speak for Members who did say that. My preference
would be to try to resolve things in the Forum (this attempt
happened via SC22 but failed), but this is far from saying Root
Programs should not do anything outside the Forum. This is clearly
different.<br>
<br>
<blockquote type="cite"
cite="mid:CACvaWvZD7EB1tyncA5GQRuQbki-Ty345ZiQJZL35k=JCYSd-oQ@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div> The CA/Browser Forum is a voluntary group </div>
</blockquote>
<div><br>
</div>
<div>Yet the very thread begins with a suggestion that it
should be involuntary (for browsers), and your invocation of
the Code of Conduct is to suggest that any rejection of that
would be intimidation. </div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>This is the Forum's added value and how this Forum
works, without preventing any Root Program setting its own
rules and policies independently, outside the Forum. These
are the rules we all accepted.</div>
</blockquote>
<div><br>
</div>
<div>This is, frankly, a deeply troubling statement. I cannot
help but suggest it borderlines dishonest, in that the very
proposal that started this thread, and which was being
discussed, was exactly such a prohibition, as you can
clearly read in <a
href="https://archive.cabforum.org/pipermail/servercert-wg/2020-June/001993.html"
moz-do-not-send="true">https://archive.cabforum.org/pipermail/servercert-wg/2020-June/001993.html</a> </div>
</div>
</div>
</blockquote>
<br>
I can't connect this with the prohibition you claim. Entrust made a
statement about their desire not to see requirements included in
SC31 unless they are agreed in all Browser Root Programs, and then
made a special reference to the 398 days validity period which did
not pass in SC22. They even made a reference to Certificate
Subscribers which was missing from most of these discussions.
Overall, I didn't find a statement that discourages or prevents Root
Programs from setting policy independently of the SCWG.<br>
<br>
It is quite possible I overlooked something, so apologies in
advance. Bottom line is that Browsers remain independent to make
independent policy decisions via their Root Programs, this is
reality and I think everyone excepts that. If these policies need to
go into the BRs or other Guidelines, then they need to get consensus
from both Voting Member categories.<br>
</body>
</html>