<div dir="ltr"><div><font size="2"><span style="font-family:arial,sans-serif">All,</span></font></div><div><font size="2"><span style="font-family:arial,sans-serif"><br></span></font></div><div>
<p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:12pt" id="gmail-docs-internal-guid-04c649a2-7fff-64c7-f381-fd36ae34c53a"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">I would like to request a moratorium on admitting new Certificate Consumer members to the Server Certificate Working Group until we have updated the criteria for membership of Certificate Consumers.</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">The basis for this request is that we are in the process of developing better criteria for membership of Certificate Consumers. As noted during Face-to-Face meeting #58, our current requirement of “produc[ing] a software product intended for use by the general public for browsing the Web securely” lacks sufficient detail. Here are a few things we are considering that should be part of the membership criteria for Certificate Consumers:</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant develops and maintains its own code;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant maintains its own root store;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant provides a browser for both mobile and desktop platforms;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant patches and delivers automatic updates of its browser software and root store;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant has publicly disclosed and documented processes for its users to report problems and to receive updates on the resolution of those problems;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant has an installed user base of at least one tenth of a percent of all browsers in use globally (or some other comparable objective measurement);</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant employs developers and infosec-trained professionals;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant’s representatives regularly, consistently, and actively participate in relevant standards bodies such as the W3C, IETF, WHATWG, and OWASP;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant and its representatives have never been sanctioned for misconduct;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant has a good history of compliance with industry standards, including but not limited to HTML (</span><a href="https://platform.html5.org/" style="text-decoration:none;font-family:arial,sans-serif"><span style="color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">https://platform.html5.org</span></a><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">); CSS (</span><a href="https://www.w3.org/TR/css-2023/" style="text-decoration:none;font-family:arial,sans-serif"><span style="color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">https://www.w3.org/TR/css-2023/</span></a><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">); JavaScript, HTTPS/TLS, and the IETF RFCs, such as RFC 5280;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant’s browser passes at least certain percentages of various test suites (Acid Tests, Test 262 and web-platform-tests);</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant has a published commitment to user security and privacy; and</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That the Applicant has actively participated in the CA/Browser Forum as a non-voting Associate Member for at least one year.</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif"><br></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">Thanks,</span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif"><br></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">Ben</span><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif"><br></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif"><br></span></font></p>
</div></div>