<div dir="ltr">Totally understood regarding CT Logs. It's something I think we should pursue, but perhaps not on this timeline.<div><br></div><div>I would prefer that Certificate Consumers be required to "maintain" a list of CA certificates. This maintenance can be as simple as copying some other Root Program's list of trusted certificates. But I think it's helpful to have a requirement that Certificate Consumers actively decide whether to include individual certificates, or whether to take updates from their upstream trust store, on an ongoing basis.</div><div><br></div><div>Aaron</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Sep 25, 2023 at 4:35 PM Ben Wilson <<a href="mailto:bwilson@mozilla.com">bwilson@mozilla.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div>Thanks, Martijn and Aaron,</div><div><br></div><div>Aaron, I don't think I can add a CT-support requirement for Certificate Consumers at this time, although we can take the issue up for further conversation. <br></div><div><div><br></div><div>Martijn, So that the duration of the probationary period is kept to six months, it might be better to eliminate the F2F attendance requirement. If we keep it, then a probationary member might have to wait until the next F2F (but certainly not a year). How do people feel about this?</div><div><br></div><div>Also, I have received feedback regarding whether a Certificate Consumer should be required to "maintain" a full list of CAs. (I think I didn't have the term "maintain" in the GitHub draft of the charter, so I'm thinking that we might eliminate the term from the proposal.) Similarly, I'm concerned that a requirement to <span lang="EN-US">publish "how a CA can apply for inclusion in its </span>root store" might make it less likely for a ballot to pass. So, instead of "maintaining" a (full) list, what if we left it just, "(4) its membership-qualifying software product uses a list of CA
certificates to validate the chain of trust from a TLS certificate to a
CA certificate in such list"? What are everyone's thoughts on this?<br></div><div><br></div><div>Thanks,<br></div><div><br></div><div>Ben</div>
</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Sep 14, 2023 at 9:23 AM Aaron Gable <<a href="mailto:aaron@letsencrypt.org" target="_blank">aaron@letsencrypt.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>I have a very different proposal for a Certificate Consumer membership criterion. I have no objection to any of the currently-proposed criteria; this could easily be in addition to them. What if we added:</div><div><br></div><div>> (c) Applicants that qualify as Certificate Consumers must supply the following additional information:</div><div>> - URL for its list of CA certificates that its membership-qualifying software product uses to validate the chain of trust from a TLS certificate to a CA certificate in such list; and</div><div>> <b>- URL for the Certificate Transparency log which it operates within <uptime and latency constraints> and which accepts all submissions for TLS certificates which chain up to any CA certificate in the list above</b>; and</div><div><br></div><div>Frankly, the Certificate Transparency ecosystem is in peril at the moment. With the recent <a href="https://groups.google.com/a/chromium.org/g/ct-policy/c/Ebj2hhe5QYA/m/Cl7IW33UAgAJ" target="_blank">shutdown of Sectigo's Mammoth</a> log and retirement of DigiCert's <a href="https://groups.google.com/a/chromium.org/g/ct-policy/c/PVbs0ZMVeCI/m/Hf8kwuuAAQAJ" target="_blank">Yeti</a> and <a href="https://groups.google.com/a/chromium.org/g/ct-policy/c/MXLJFHdHdFo" target="_blank">Nessie</a> logs, the already-tiny <a href="https://googlechrome.github.io/CertificateTransparency/log_list.html" target="_blank">handful of organizations</a> operating usable CT logs is feeling even smaller. So what if Certificate Consumers -- the organizations which benefit most from a diverse and robust ecosystem of CT logs -- were required to bring their own to the table? Running a CT log is clearly non-trivial, so such a requirement would effectively demonstrate that potential Certificate Consumer members are serious about operating for the good of the ecosystem in the long term.</div><div><br></div><div>Thanks,</div><div>Aaron</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Sep 1, 2023 at 1:42 AM Martijn Katerbarg via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div lang="en-SE"><div><p class="MsoNormal"><span lang="EN-US">Ben,<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">This seems like a good option. I’d say maybe we need to increase the 6 months period to 12, otherwise within a 6 months period there may only be 1 F2F. Requiring attendance (remote or in-person) if there’s only 1 F2F in the time-span, could be hard if there’s a case of bad timing.<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">Additionally, I’d like to request the addition of an additional criteria (although it’s related to the “publish how it decides to add or remove a CA certificate from its list.” item. I’d like to request we add a requirement to:<u></u><u></u></span></p><p><span lang="EN-US"><u></u> <u></u></span></p><ul style="margin-top:0cm" type="disc"><li style="margin-left:0cm"><span lang="EN-US">Publish how a CA can apply for inclusion in its root store<u></u><u></u></span></li></ul><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">With this addition, I’d be happy to endorse<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">Regards,<br><br>Martijn<u></u><u></u></span></p><p class="MsoNormal"><span lang="en-SE"><u></u> <u></u></span></p><div><div style="border-width:1pt medium medium;border-style:solid none none;border-color:rgb(225,225,225) currentcolor currentcolor;padding:3pt 0cm 0cm"><p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">servercert-wg-bounces@cabforum.org</a>> <b>On Behalf Of </b>Ben Wilson via Servercert-wg<br><b>Sent:</b> Thursday, 31 August 2023 00:50<br><b>To:</b> CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br><b>Subject:</b> [Servercert-wg] Proposed Revision of SCWG Charter<u></u><u></u></span></p></div></div><p class="MsoNormal"><u></u> <u></u></p><div style="border:1pt solid black;padding:2pt"><p class="MsoNormal" style="line-height:12pt;background:rgb(250,250,3)"><span style="font-size:10pt;color:black">CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.<u></u><u></u></span></p></div><p class="MsoNormal"><u></u> <u></u></p><div><div><div><div><p class="MsoNormal">All,<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Thanks for your suggestions and recommendations. I think we are much closer to an acceptable revision of the Server Certificate Working Group Charter. Here is the current draft: <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fforum%2Fblob%2FBenWilson-SCWG-charter-1.3%2FSCWG-charter.md&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C8b9a53bc77c6445114a808dba9ab7821%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638290326178847047%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=v5YGnqCdwBXA4fa4h%2FMaUTSLaGOOXxUdcP5mwUYbRRA%3D&reserved=0" target="_blank">https://github.com/cabforum/forum/blob/BenWilson-SCWG-charter-1.3/SCWG-charter.md</a><u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">We have decided that a participation/attendance requirement for ongoing membership is currently too complicated to manage, but we believe it is important that there be a probationary period of six months during which all new CABF-voting applicants must attend at least 30% of the teleconferences and at least the SCWG portion of one F2F (virtually or in-person). See section 4(d) in the draft cited above. We believe that with this limited scope, we can and should measure attendance to ensure that prospective members are serious about participating in the Forum.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">We no longer seek to require that a Certificate Consumer have any particular size or user base (or that they meet other criteria that were floated in recent emails). Those criteria were also currently too complicated. However, in addition to those Certificate Consumer requirements that are in the existing charter, we want a Certificate Consumer to:<u></u><u></u></p></div><ul type="disc"><li class="MsoNormal">have public documentation stating that it requires Certificate Issuers to comply with the TLS Baseline Requirements; <u></u><u></u></li><li class="MsoNormal">maintain a list of CA certificates used to validate the chain of trust from a TLS certificate to a CA certificate in such list; and<u></u><u></u></li><li class="MsoNormal"><span>publish how it decides to add or remove a CA certificate from its list</span>.<u></u><u></u></li></ul><div><p class="MsoNormal">I am looking for two endorsers of a FORUM ballot, so if the above-referenced draft is generally acceptable, please contact me, and we can work out any remaining details.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Thanks,<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Ben <u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div></div><p class="MsoNormal"><u></u> <u></u></p><div><div><p class="MsoNormal">On Tue, Jul 25, 2023 at 11:07 PM Roman Fischer via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>> wrote:<u></u><u></u></p></div><blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;border-color:currentcolor currentcolor currentcolor rgb(204,204,204);padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm"><div><div><div><p class="MsoNormal"><span lang="DE">Dear Ben,<u></u><u></u></span></p><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">I like your two new suggestions as they offer more lightweight mechanisms.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">One other idea (completely ad hoc and not really thought through) would be to change the charter to allow suspension of members from the SCWG by ballot. That way a ballot could be proposed, discussed, endorsed and voted on. And since the state of “suspended membership” is well defined (including the way back to full membership), this might offer the “accused” member enough possibility to counter the “allegations” made in the ballot. It would also make transparent who wants to suspend whom for what reasons…</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">Kind regards<br>Roman</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><div style="border-width:1pt medium medium;border-style:solid none none;border-color:currentcolor;padding:3pt 0cm 0cm"><p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Ben Wilson <<a href="mailto:bwilson@mozilla.com" target="_blank">bwilson@mozilla.com</a>> <br><b>Sent:</b> Dienstag, 25. Juli 2023 17:40<br><b>To:</b> Roman Fischer <<a href="mailto:roman.fischer@swisssign.com" target="_blank">roman.fischer@swisssign.com</a>><br><b>Cc:</b> CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br><b>Subject:</b> Re: [Servercert-wg] Participation Proposal for Revised SCWG Charter</span><span lang="DE"><u></u><u></u></span></p></div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p><div><div><p class="MsoNormal"><span lang="DE">Thanks for your insights, Roman.<u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE">I'm not yet convinced that the attendance approach would not be effective. Nevertheless, here are some other potential alternatives to discuss:<u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE">1 - require that a Certificate Consumer have a certain size userbase, or alternatively, that they be a <a href="https://www.ccadb.org/rootstores/how" target="_blank">Root Store member of the Common CA Database</a>, or<u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE">2 - require that a Certificate Consumer pay a membership fee to the CA/Browser Forum.<u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE">Does anyone have any other ideas, proposals, or suggestions that we can discuss?<u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE">The approaches listed above would be in addition to the following other requirements already proposed:<u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p></div><div style="margin-left:30pt"><p class="MsoNormal"><span lang="DE" style="font-family:Arial,sans-serif;color:black">The Certificate Consumer has public documentation stating that it requires Certification Authorities to comply with the CA/Browser Forum’s Baseline Requirements for the issuance and maintenance of TLS server certificates; its membership-qualifying software product uses a list of CA certificates to validate the chain of trust from a TLS certificate to a CA certificate in such list; and it publishes how it decides to add or remove a CA certificate from the root store used in its membership-qualifying software product.</span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE">Thanks,<u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE">Ben<u></u><u></u></span></p></div></div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p><div><div><p class="MsoNormal"><span lang="DE">On Mon, Jul 24, 2023 at 10:48 PM Roman Fischer <<a href="mailto:roman.fischer@swisssign.com" target="_blank">roman.fischer@swisssign.com</a>> wrote:<u></u><u></u></span></p></div><blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;border-color:currentcolor currentcolor currentcolor rgb(204,204,204);padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt"><div><div><div><p class="MsoNormal"><span lang="DE">Dear Ben,<u></u><u></u></span></p><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">As stated before, I’m against minimal attendance (or even participation – however you would measure that, numbers of words spoken or written?) requirements. I’ve seen in university, in private associations, policitcs… that this simply doesn’t solve the problem. I totally agree with Tim: It will create administrative overhead and not solve the problem.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">IMHO non-particpants taking part in the democratic process (i.e. voting) is just something we have to accept and factor in. It’s one end of the extreme spectrum. There might be over-active participants that overwhelm the group by pushing their own agenda… If we have minimum participation requirements, then we maybe should also have maximum participation rules? </span><span lang="EN-US" style="font-family:"Segoe UI Emoji",sans-serif">😉</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">Rgds<br>Roman</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><div style="border-width:1pt medium medium;border-style:solid none none;border-color:currentcolor;padding:3pt 0cm 0cm"><p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">servercert-wg-bounces@cabforum.org</a>> <b>On Behalf Of </b>Ben Wilson via Servercert-wg<br><b>Sent:</b> Montag, 24. Juli 2023 21:40<br><b>To:</b> Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" target="_blank">tim.hollebeek@digicert.com</a>>; CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br><b>Subject:</b> Re: [Servercert-wg] Participation Proposal for Revised SCWG Charter</span><span lang="DE"><u></u><u></u></span></p></div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p><div><div><p class="MsoNormal" style="margin-bottom:8pt;line-height:105%"><span lang="DE">Tim,<u></u><u></u></span></p><p class="MsoNormal" style="margin-bottom:8pt;line-height:105%"><span lang="DE">One problem we're trying to address is the potential for a great number of “submarine voters”. Such members may remain inactive for extended periods of time and then surface only to vote for or against something they suddenly are urged to support or oppose, without being aware of the issues. This will skew and damage the decision-making process. <u></u><u></u></span></p><p class="MsoNormal" style="margin-bottom:8pt;line-height:105%"><span lang="DE">Another problem, that I don't think has been mentioned before, is the reliability of the CA/Browser Forum to adopt well-informed standards going forward. In other words, if something like I suggest happens, then I can see Certificate Consumers leaving the Forum and unilaterally setting very separate and distinct rules. This will result in fragmentation, inconsistency, and much more management overhead for CAs than the effort needed to keep track of attendance, which is already being done by the Forum. (If you'd like, I can share with everyone the list of members who have not voted or attended meetings in over two years.) <u></u><u></u></span></p><p class="MsoNormal" style="margin-bottom:8pt;line-height:105%"><span lang="DE">Ben<u></u><u></u></span></p></div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p><div><div><p class="MsoNormal"><span lang="DE">On Mon, Jul 24, 2023 at 11:41 AM Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" target="_blank">tim.hollebeek@digicert.com</a>> wrote:<u></u><u></u></span></p></div><blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;border-color:currentcolor currentcolor currentcolor rgb(204,204,204);padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt"><div><div><div><p class="MsoNormal"><span lang="EN-US">What is your argument in response to the point that any potential bad actors will be trivially able to satisfy the participation metrics?</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">I’m very worried we’ll end up doing a lot of management and tracking work, without actually solving the problem.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">-Tim</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><div style="border-width:medium medium medium 1.5pt;border-style:none none none solid;border-color:currentcolor currentcolor currentcolor blue;padding:0cm 0cm 0cm 4pt"><div><div style="border-width:1pt medium medium;border-style:solid none none;border-color:currentcolor;padding:3pt 0cm 0cm"><p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Ben Wilson <<a href="mailto:bwilson@mozilla.com" target="_blank">bwilson@mozilla.com</a>> <br><b>Sent:</b> Monday, July 24, 2023 10:21 AM<br><b>To:</b> Ben Wilson <<a href="mailto:bwilson@mozilla.com" target="_blank">bwilson@mozilla.com</a>>; CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br><b>Cc:</b> Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" target="_blank">tim.hollebeek@digicert.com</a>><br><b>Subject:</b> Re: [Servercert-wg] Participation Proposal for Revised SCWG Charter</span><span lang="DE"><u></u><u></u></span></p></div></div><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><div><p class="MsoNormal" style="margin-bottom:8pt;line-height:105%"><span lang="EN-US">All,</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal" style="margin-bottom:8pt;line-height:105%"><span lang="EN-US">I have thought a lot about this, including various other formulas (e.g. market share) to come up with something reasonable, but I've come back to attendance as the key metric that we need to focus on. I just think that an attendance metric provides the only workable, measurable, and sound solution for determining the right to vote as a Certificate Consumer because it offers the following three elements:</span><span lang="DE"><u></u><u></u></span></p><ul type="disc"><li class="MsoNormal" style="margin-bottom:8pt;line-height:105%"><span lang="EN-US">Informed Decision-Making: Voting requires a comprehensive understanding of ongoing discussions and developments. Regular attendance provides members with the necessary context and knowledge to make well-informed decisions.</span><span lang="DE"><u></u><u></u></span></li><li class="MsoNormal"><span lang="EN-US">Commitment: Attendance is a tangible and measurable representation of a member's commitment to the Server Certificate WG and its objectives. It demonstrates a genuine interest in contributing to the development and improvement of the requirements.</span><span lang="DE"><u></u><u></u></span></li><li class="MsoNormal"><span lang="EN-US">Active Involvement: By prioritizing attendance, we encourage active involvement and discourage passive membership. Voting rights should be earned through consistent engagement, as this ensures that decisions are made by those who are genuinely invested in the outcomes.</span><span lang="DE"><u></u><u></u></span></li></ul><div><p class="MsoNormal"><span lang="EN-US">At this point, I'm going to re-draft a proposal for a revision to the Server Certificate WG Charter and present it on the public list (because an eventual revision of the Charter will have to take place at the Forum level).</span><span lang="DE"><u></u><u></u></span></p></div><p class="MsoNormal" style="margin-bottom:8pt;line-height:105%"><span lang="EN-US">Thanks,</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal" style="margin-bottom:8pt;line-height:105%"><span lang="EN-US">Ben</span><span lang="DE"><u></u><u></u></span></p></div><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><div><div><p class="MsoNormal"><span lang="EN-US">On Thu, Jul 13, 2023 at 9:45 AM Ben Wilson via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>> wrote:</span><span lang="DE"><u></u><u></u></span></p></div><blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;border-color:currentcolor currentcolor currentcolor rgb(204,204,204);padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt"><div><div><p class="MsoNormal"><span lang="EN-US">Thanks, Tim.</span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US">All,</span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US">I will look closer at the distribution and use of software for browsing the internet securely, instead of participation metrics. There is at least one source, StatCounter (<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgs.statcounter.com%2Fbrowser-market-share&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C8b9a53bc77c6445114a808dba9ab7821%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638290326179003260%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ydD0D6sfKEJ6o2wTujCNQ%2BdatbbJCovHalOjQM9heHA%3D&reserved=0" target="_blank">https://gs.statcounter.com/browser-market-share</a>), that purports to measure use of browsing software, both globally and regionally. Would it be worthwhile to explore distribution by region and come up with a reasonable threshold? Can we rely on StatCounter, or should we look elsewhere?</span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US">Thanks,</span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US">Ben</span><span lang="DE"><u></u><u></u></span></p></div></div><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><div><div><p class="MsoNormal"><span lang="EN-US">On Wed, Jul 12, 2023 at 9:30 AM Tim Hollebeek via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>> wrote:</span><span lang="DE"><u></u><u></u></span></p></div><blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;border-color:currentcolor currentcolor currentcolor rgb(204,204,204);padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt"><div><div><div><p class="MsoNormal"><span lang="EN-US">I have a meaningful comment.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">I don’t want to ever have to discuss or judge whether someone’s comment is “meaningful” or not, and I don’t think incentivizing people to post more comments than they otherwise would is helpful.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">I also think getting the chairs involved in any way in discussing whether a member representative did or did not have a medical condition during a particular time period is an extremely bad idea.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">Given that the original issue was trying to determine whether a certificate consumer is in fact a legitimate player in the ecosystem or not, I would suggest that exploring metrics like market share might be far more useful. Metrics like participation are rather intrusive and onerous, except to those who are trying to game them, and those trying to game such metrics will succeed with little or no effort.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">-Tim</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><div style="border-width:medium medium medium 1.5pt;border-style:none none none solid;border-color:currentcolor currentcolor currentcolor blue;padding:0cm 0cm 0cm 4pt"><div><div style="border-width:1pt medium medium;border-style:solid none none;border-color:currentcolor;padding:3pt 0cm 0cm"><p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">servercert-wg-bounces@cabforum.org</a>> <b>On Behalf Of </b>Roman Fischer via Servercert-wg<br><b>Sent:</b> Wednesday, July 12, 2023 7:23 AM<br><b>To:</b> CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br><b>Subject:</b> Re: [Servercert-wg] Participation Proposal for Revised SCWG Charter</span><span lang="DE"><u></u><u></u></span></p></div></div><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE">Dear Ben,<u></u><u></u></span></p><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">Mandatory participation has in my experience never resulted in more or better discussions. People will dial into the telco and let it run in the background to “earn the credits”.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">Also, what would happen after the 90 day suspension? Would the organization be removed as a CA/B member?</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">Rgds<br>Roman</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"> </span><span lang="DE"><u></u><u></u></span></p><div style="border-width:1pt medium medium;border-style:solid none none;border-color:currentcolor;padding:3pt 0cm 0cm"><p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">servercert-wg-bounces@cabforum.org</a>> <b>On Behalf Of </b>Ben Wilson via Servercert-wg<br><b>Sent:</b> Freitag, 7. Juli 2023 21:59<br><b>To:</b> CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br><b>Subject:</b> [Servercert-wg] Participation Proposal for Revised SCWG Charter</span><span lang="DE"><u></u><u></u></span></p></div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p><div><div><p class="MsoNormal"><span lang="DE" style="font-size:13.5pt">All,</span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE" style="font-size:13.5pt">Here is a draft participation proposal for the SCWG to consider and discuss for inclusion in a revised SCWG Charter.</span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p></div><div><p class="MsoNormal" style="margin-top:9pt;vertical-align:baseline"><span lang="DE" style="font-size:12pt;color:rgb(17,17,17)">#. Participation Requirements to Maintain Voting Privileges</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:black"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:black">(a) Attendance. The privilege to vote “Yes” or “No” on ballots is suspended for 90 days if a Voting Member fails to meet the following attendance requirement over any 365-day period:</span><span lang="DE"><u></u><u></u></span></p><ul type="disc"><li class="MsoNormal"><span lang="DE" style="font-size:12pt;color:black">10% of SCWG meetings for Voting </span><span lang="DE" style="font-size:12pt;color:rgb(17,17,17)">Members located in time zones offset by UTC +5 through UTC +12</span><span lang="DE"> <u></u><u></u></span></li><li class="MsoNormal"><span lang="DE" style="font-size:12pt;color:black">30% of SCWG meetings for Voting Members located in all other time zones</span><span lang="DE"><u></u><u></u></span></li></ul><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:rgb(17,17,17)">(b) Meaningful Comments. Posting a Meaningful Comment is an alternative means of meeting the attendance requirement in subsection (a). A Voting Member can earn an attendance credit to make up for each missed meeting by posting a Meaningful Comment to the SCWG Public Mail List. Each Meaningful Comment is equal to attending one (1) meeting.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:rgb(17,17,17)"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:rgb(17,17,17)">A Meaningful Comment is one that follows the Code of Conduct and provides relevant information to the SCWG, such as new information, an insight, suggestion, or perspective related to the Scope of the SCWG, or that proposes an improvement to the TLS Baseline Requirements or EV Guidelines. It can also be something that responds to or builds on the comments of others in a meaningful way, or that offers feedback, suggestions, or solutions to the issues or challenges raised by the topic of discussion. </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:rgb(17,17,17)"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:rgb(17,17,17)">A Meaningful Comment should be both r</span><span lang="DE" style="font-size:12pt">elevant (within the Scope of the SCWG or <span style="color:rgb(17,17,17)">related to the discussion that is taking place on the mailing list) and </span>well-supported (<span style="color:rgb(17,17,17)">clear reasons why the Voting Representative believes what they believe and supported by facts, data, or other information.) </span></span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:rgb(17,17,17)"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:rgb(17,17,17)">(c) A Voting Member that has failed to meet the attendance requirement in subsection (a) above is considered an "Inactive Member". Any Member who believes that any other Member is an Inactive Member may report that Member on the Forum's Management List by providing specific information about that Member's non-participation, and the </span><span lang="DE" style="font-size:12pt;color:black">SCWG Chair shall send written notice to the Inactive Member by email within seven (7) calendar days. The notice will include a reminder of the requirement to participate and inform the Inactive Member of the consequences of not participating.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:black">(d) Suspension of Voting Privileges. The Inactive Member's privilege to vote “Yes” or “No” on any ballot shall be temporarily suspended for a period of 90 days from the date of the notice. During the suspension period, the Inactive Member may vote “Abstain” on ballots.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:black">(e) Restoration of Voting Privilege. Voting privileges will be automatically restored to the Inactive Member upon attending three consecutive meetings. The restoration of voting privileges will be effective on the next ballot that enters the voting period after the Inactive Member meets the reactivation criteria.</span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt"> </span><span lang="DE"><u></u><u></u></span></p><p class="MsoNormal"><span lang="DE" style="font-size:12pt;color:black">(f) Exceptional Circumstances. In cases where an Inactive Member can demonstrate justifiable reasons for their inability to participate, such as medical conditions or other extenuating circumstances affecting their Voting Representative(s), the SCWG Chair may review and consider reinstating voting privileges on a case-by-case basis.</span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE" style="font-size:13.5pt">Thanks,</span><span lang="DE"><u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE"> <u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="DE" style="font-size:13.5pt">Ben</span><span lang="DE"><u></u><u></u></span></p></div></div></div></div></div><p class="MsoNormal"><span lang="EN-US">_______________________________________________<br>Servercert-wg mailing list<br><a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C8b9a53bc77c6445114a808dba9ab7821%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638290326179003260%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mtCK0NJkw5hpj930sutPJm39JGzqRirYiQH7YIL2XEo%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span><span lang="DE"><u></u><u></u></span></p></div></blockquote></div><p class="MsoNormal"><span lang="EN-US">_______________________________________________<br>Servercert-wg mailing list<br><a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C8b9a53bc77c6445114a808dba9ab7821%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638290326179003260%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mtCK0NJkw5hpj930sutPJm39JGzqRirYiQH7YIL2XEo%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span><span lang="DE"><u></u><u></u></span></p></blockquote></div></div></div></div></div></blockquote></div></div></div></div></div></blockquote></div></div></div><p class="MsoNormal">_______________________________________________<br>Servercert-wg mailing list<br><a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C8b9a53bc77c6445114a808dba9ab7821%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638290326179003260%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mtCK0NJkw5hpj930sutPJm39JGzqRirYiQH7YIL2XEo%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><u></u><u></u></p></div></blockquote></div></div></div></div></div>_______________________________________________<br>
Servercert-wg mailing list<br>
<a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
<a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
</div></blockquote></div>
</blockquote></div></div>
</blockquote></div>