<div dir="ltr"><div>See response below.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, May 10, 2023 at 9:29 PM Curt Spann <<a href="mailto:cspann@apple.com" target="_blank">cspann@apple.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>Hello Ben,<div><br></div><div>Could you help me understand what is the initiator for this moratorium? What risk are we currently facing that will be mitigated by these detailed Certificate Consumers membership requirements?</div><div><br></div><div>Regards,</div><div>Curt<br><div><br></div></div></div></blockquote><div><br></div><div>
<p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" id="m_-3924029693014939978gmail-docs-internal-guid-01085674-7fff-9a63-eb6c-d9655a3506a6">Hi Curt,<br></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt">Currently, <a href="https://www.quora.com/How-would-I-create-a-Chromium-based-browser-similar-to-Opera" style="text-decoration:none" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">anyone can create a Chromium-based</span></a><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> or </span><a href="https://alternativeto.net/category/browsers/firefox-based/" style="text-decoration:none" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Firefox-based</span></a><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> browser, and that might imply that they can become a full voting member of the SCWG according to the current SCWG Charter: “A Certificate Consumer can participate in this Working Group if it produces a software product intended for use by the general public for browsing the Web securely.” This, of course, is subject to the current voting framework allowed in the charter.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">There are currently 11 </span><a href="https://cabforum.org/members/" style="text-decoration:none" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Certificate Consumer Members of the CABF</span></a><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">, and less than half of them regularly participate in discussions and vote in the SCWG. Therefore, it would be within reasonable means for a motivated group or global region to create a small number of browsers, have each of those browsers become a full voting member of the SCWG, and gain controlling voting power in the SCWG. This could result in forcing or advancing a political or other agenda. It would lower the standards rather than raising them in order to keep up with the rapidly changing threat landscape. Additionally, diluting the Certificate Consumer full voting Membership of the SCWG with several not-well-supported browsers who do not curate their own root store and do not enforce the Baseline Requirements (BRs) will demotivate the currently actively participating Certificate Consumer Members (who do curate their own root stores and enforce the BRs) and discourage them from remaining active in the CABF.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Requiring a new Certificate Consumer to actively participate in the SCWG for at least six months before becoming a full voting member will enable the new Certificate Consumer to demonstrate their commitment to improving security on the web and learn how to be a constructive member of the SCWG before obtaining full voting membership. Enabling a new Certificate Consumer to be a non-voting member of the SCWG would allow them to claim CABF membership if they are simply trying to meet marketing goals, and hopefully will help the Certificate Consumer learn more about web security, the BRs, and how to enforce them.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">There are risks in continuing to allow applications for full voting membership as Certificate Consumers in the SCWG before the membership requirements are updated. Foremost, the membership criteria will likely change during the ballot process. Meanwhile, there may be a string of membership requests that are denied under the current framework. They will not get their opportunity to meet the proposed criteria or prove their ability to contribute to the improvement and enforcement of the BRs. The result may be a denial of membership to new Certificate Consumers that could potentially have turned out to be valued contributors to the CABF if given a chance to learn and prove themselves first, and it will also create negative optics for the CABF. </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Thanks,</span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Ben</span></p> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div><div><blockquote type="cite"><div>On May 9, 2023, at 11:20 PM, Ben Wilson via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>> wrote:</div><br><div><div dir="ltr"><div>Here is a redlined version of the SCWG Charter with proposed new membership requirements for your review:</div><div><a><br></a></div><div><a href="https://github.com/cabforum/forum/compare/d908a475e59e64fd9224e878864386ebc0b68808..cee99ea840388ad600ef38f4950beff7313defba" target="_blank">https://github.com/cabforum/forum/compare/d908a475e59e64fd9224e878864386ebc0b68808..cee99ea840388ad600ef38f4950beff7313defba</a></div><div><br></div><div>Ben<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, May 10, 2023 at 7:45 AM Ben Wilson via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Here is a draft ballot. I'm looking for one more endorser, preferably from a Certificate Issuer member.</div><div><br></div><div><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><b>Ballot SC-0XX:<span>
</span>Establish a Temporary Moratorium on New Certificate Consumer Memberships<span></span></b></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><b>Purpose of the Ballot<span></span></b></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif">During discussions at Face-to-Face Meeting 58, it was noted
that the membership criteria for Certificate Consumers in the Charter for the
Server Certificate Working Group (SCWG) lacked sufficient detail. Since then, several
members of the CA/Browser Forum have worked to develop better criteria for
membership of Certificate Consumers in the SCWG. A moratorium is necessary to
preserve the status quo and ensure impartiality while we re-evaluate and revise
our membership criteria so that they are more clear, fair, and aligned with the
goals of the Forum.<span></span></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif">The following motion has been proposed by Ben Wilson of Mozilla
and endorsed by Tobias Josefowitz of Opera and _____ of _____.<span></span></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><b>Motion Begins<span></span></b></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif">Effective immediately, there is a temporary moratorium established
on the acceptance of applications for membership as Certificate Consumer
members in the Server Certificate Working Group. This moratorium will expire on XX, 2023, or prior to such date, upon publication of the Forum’s vote on
a revised Charter for the Server Certificate Working Group.<span></span></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif">During the moratorium, the Server Certificate Working Group
will not accept or consider applications for membership as Certificate
Consumers. Applications for other types of membership may be accepted and
considered. <span></span></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><b>Motion Ends<span></span></b></p><div style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><span> </span><br></div><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif">This ballot does not propose a Final Guideline or Final
Maintenance Guideline.<span> </span>The procedure for
approval of this ballot is as follows:<span></span></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif">Discussion (7 days)<span></span></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><span> </span>Start Time:
2023-05-XX<span> </span>xx:xx UTC<span></span></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><span> </span>End Time: Not
before 2023-05-xx<span> </span>xx:xx UTC<span></span></p><div style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><span> </span><br></div><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif">Vote for approval (7 days)<span></span></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><span> </span>Start Time: TBD<span></span></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><span> </span>End Time: TBD<span></span></p>
</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May 8, 2023 at 10:28 PM Ben Wilson <<a href="mailto:bwilson@mozilla.com" target="_blank">bwilson@mozilla.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>All,</div><div><br></div><div>I reiterate my intent that we establish a moratorium on admitting new Certificate Consumer members
<font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">until we have updated the criteria for membership of Certificate Consumers</span></font>. <br></div><div><br></div><div>I think we've made good progress on refining a set of membership criteria, which I'll soon share, but the effort takes time. A moratorium will allow us to re-evaluate our criteria and revise them so that they are more clear, fair, and aligned with the goals of the Forum. <br></div><div><br></div><div>I am looking for one more endorser so that I can propose a ballot that would formalize the moratorium.</div><div><br></div><div>Thanks,</div><div><br></div><div>Ben <br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 10, 2023 at 6:39 PM Ben Wilson <<a href="mailto:bwilson@mozilla.com" target="_blank">bwilson@mozilla.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>I've set up a call for those interested in discussing this. It's on Wednesday, 12-April-2023, at 1400 UTC.</div><div>I'll send out the dial-in/Zoom information separately for those interested.</div><div>Ben<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Apr 6, 2023 at 3:22 PM Ben Wilson <<a href="mailto:bwilson@mozilla.com" target="_blank">bwilson@mozilla.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><font size="2"><span style="font-family:arial,sans-serif">Hi Paul,</span></font></div><div><font size="2"><span style="font-family:arial,sans-serif"></span></font></div><div><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><font size="2"><span style="font-family:arial,sans-serif">These are all things that I would like to discuss with those
of you who are interested in helping to work on the membership requirements for
Certificate Consumers in the Server Certificate WG.<span> </span>Those of you who are interested, please send
me email, and I'll set up a discussion.</span></font></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><font size="2"><span style="font-family:arial,sans-serif">Thanks,</span></font></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><font size="2"><span style="font-family:arial,sans-serif">Ben<br></span></font></p><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:"Calibri",sans-serif"><font size="2"><span style="font-family:arial,sans-serif"><br></span></font></p>
</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Apr 6, 2023 at 2:44 AM Paul van Brouwershaven <<a href="mailto:Paul.vanBrouwershaven@entrust.com" target="_blank">Paul.vanBrouwershaven@entrust.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
Hi Ben,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
Here are some intial questions on your proposal.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
> <span style="display:inline;background-color:rgb(255,255,255)">That the Applicant develops and maintains its own code;</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<span style="display:inline;background-color:rgb(255,255,255)"><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
Can you explain what you mean with this, I suppose that this does not mean that Microsoft can no longer be a Certificate Consumer as their browser is based on Chromium? What would this say about the usage of Open-Source code, etc.?<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
> That the Applicant provides a browser for both mobile and desktop platforms;</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
Certificate Consumers are Application Software Suppliers, and these are not limited to browsers. Why would a Certificate Consumer be required to provide an application for both mobile and desktop platforms?</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
> That the Applicant has an installed user base of at least one tenth of a percent of all browsers in use globally (or some other comparable objective measurement);</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
This means that the CA/Browser Forum is excluding all browsers that would like to enter the market until they have a sufficient user base, which might take years for new browsers, or a browser might even choose to operate in a niche market, for example in a
specific demographic. While it is not required to be a Certificate Consumer Member to operate a browser or a root store, it feels like this is hindering new/niche browsers to participate on an equal level.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
> That the Applicant and its representatives have never been sanctioned for misconduct;</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
Can you be more specific on "sanctioned for misconduct", for what and by who? This would currently mean that an employee of a certificate consumer would be sanctioned for life for any <span style="display:inline;background-color:rgb(255,255,255)">misconduct<span> of
any form, which can be irrelevant for the CA/Browser forum, we probably should provide a path to rehabilitation in the aftermath of misconduct in a way that recognizes the humanity of those involved.</span></span><br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
> That the Applicant has actively participated in the CA/Browser Forum as a non-voting Associate Member for at least one year.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
What is the purpose of this requirement, we don't have this requirement for certificate issuers.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
Thanks,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
Paul</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<br>
</div>
<div id="m_-3924029693014939978m_-5423582319988320134m_4801131883562131995m_-4305842810272084872m_-7722363995780211841m_-847439904230053311m_-4098784856015020365m_-4884151536322693861m_6013386599819874066appendonsend"></div>
<hr style="display:inline-block;width:98%">
<div id="m_-3924029693014939978m_-5423582319988320134m_4801131883562131995m_-4305842810272084872m_-7722363995780211841m_-847439904230053311m_-4098784856015020365m_-4884151536322693861m_6013386599819874066divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif"><b>From:</b> Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">servercert-wg-bounces@cabforum.org</a>> on behalf of Ben Wilson via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br>
<b>Sent:</b> Wednesday, April 5, 2023 18:30<br>
<b>To:</b> CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br>
<b>Subject:</b> [EXTERNAL] [Servercert-wg] Request for a Moratorium on New Certificate Consumer Members</font>
<div> </div>
</div>
<div>WARNING: This email originated outside of Entrust.<br>
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.<br>
<hr>
<div dir="ltr">
<div><font size="2"><span style="font-family:arial,sans-serif">All,</span></font></div>
<div><font size="2"><span style="font-family:arial,sans-serif"><br>
</span></font></div>
<div><p dir="ltr" id="m_-3924029693014939978m_-5423582319988320134m_4801131883562131995m_-4305842810272084872m_-7722363995780211841m_-847439904230053311m_-4098784856015020365m_-4884151536322693861m_6013386599819874066x_gmail-docs-internal-guid-04c649a2-7fff-64c7-f381-fd36ae34c53a" style="line-height:1.38;margin-top:0pt;margin-bottom:12pt">
<font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">I would like to request a
moratorium on admitting new Certificate Consumer members to the Server Certificate Working Group until we have updated the criteria for membership of Certificate Consumers.</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">The
basis for this request is that we are in the process of developing better criteria for membership of Certificate Consumers. As noted during Face-to-Face meeting #58, our current requirement of “produc[ing] a software product intended for use by the general
public for browsing the Web securely” lacks sufficient detail. Here are a few things we are considering that should be part of the membership criteria for Certificate Consumers:</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant develops and maintains its own code;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant maintains its own root store;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant provides a browser for both mobile and desktop platforms;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant patches and delivers automatic updates of its browser software and root store;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant has publicly disclosed and documented processes for its users to report problems and to receive updates on the resolution of those problems;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant has an installed user base of at least one tenth of a percent of all browsers in use globally (or some other comparable objective measurement);</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant employs developers and infosec-trained professionals;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant’s representatives regularly, consistently, and actively participate in relevant standards bodies such as the W3C, IETF, WHATWG, and OWASP;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant and its representatives have never been sanctioned for misconduct;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant has a good history of compliance with industry standards, including but not limited to HTML (</span><a href="https://urldefense.com/v3/__https://platform.html5.org/__;!!FJ-Y8qCqXTj2!Ypa5WQHN2FbZUYE7Kjs1Lm1fL3oRd24UBjDyVngBxMiVnOxRmyqQtMzEv8h1TC7QxqctX2YlUpiW8WiW1vjLTb4ekfWZTPL5ytmb$" style="text-decoration:none;font-family:arial,sans-serif" target="_blank"><span style="color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">https://platform.html5.org</span></a><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">);
CSS (</span><a href="https://urldefense.com/v3/__https://www.w3.org/TR/css-2023/__;!!FJ-Y8qCqXTj2!Ypa5WQHN2FbZUYE7Kjs1Lm1fL3oRd24UBjDyVngBxMiVnOxRmyqQtMzEv8h1TC7QxqctX2YlUpiW8WiW1vjLTb4ekfWZTE2pxyS5$" style="text-decoration:none;font-family:arial,sans-serif" target="_blank"><span style="color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">https://www.w3.org/TR/css-2023/</span></a><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">);
JavaScript, HTTPS/TLS, and the IETF RFCs, such as RFC 5280;</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant’s browser passes at least certain percentages of various test suites (Acid Tests, Test 262 and web-platform-tests);</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:12pt;margin-bottom:12pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant has a published commitment to user security and privacy; and</span></font></p><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">That
the Applicant has actively participated in the CA/Browser Forum as a non-voting Associate Member for at least one year.</span></font></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif"><br>
</span></font></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">Thanks,</span></font></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif"><br>
</span></font></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif">Ben</span><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif"><br>
</span></font></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="background-color:transparent;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;font-family:arial,sans-serif"><br>
</span></font></div>
</div>
</div>
</div>
<i>Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the
information it contains. <u>Please notify Entrust immediately</u> and delete the message from your system.</i>
</div>
</div></blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>
_______________________________________________<br>
Servercert-wg mailing list<br>
<a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
<a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
</blockquote></div>
_______________________________________________<br>Servercert-wg mailing list<br><a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br><a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br></div></blockquote></div><br></div></div></blockquote></div></div>