[cabf_governance] Governance Change WG Tentative Recommendation (draft)

Patrick Tronnier Patrick.Tronnier at oati.net
Wed Aug 10 15:39:40 MST 2016

Kirk, would work with requirements around client certificates (i.e. mobile devices, smart grid devices, POS, non-browser based clients, etc.) fall under the Web Working Group or a 4th group (i.e. Client Working Group - TLS client certificates)?


With kind regards,

Patrick Tronnier
Principal Security Architect &
Sr. Director of Customer Support
Phone: 763.201.2000
Fax: 763.201.5333
Direct Line: 763.201.2052
Open Access Technology International, Inc.
3660 Technology Drive NE, Minneapolis, MN 55418

CONFIDENTIAL INFORMATION: This email and any attachment(s) contain confidential and/or proprietary information of Open Access Technology International, Inc. Do not copy or distribute without the prior written consent of OATI. If you are not a named recipient to the message, please notify the sender immediately and do not retain the message in any form, printed or electronic.

From: govreform-bounces at cabforum.org [mailto:govreform-bounces at cabforum.org] On Behalf Of Kirk Hall
Sent: Wednesday, August 10, 2016 1:27 PM
To: 'Govreform at cabforum.org' <Govreform at cabforum.org>
Subject: [cabf_governance] Governance Change WG Tentative Recommendation (draft)

{External email message: This email is from an external source. Please exercise caution prior to opening attachments, clicking on links, or providing any sensitive information.}
Yesterday at our meeting we decided the next step was to present some tentative recommendations to the Forum for input.  I had time waiting at the airport to write down my understanding of what we decided yesterday, so here it is.  Please edit.


Tentative Recommendation of Governance Change Working Group (Aug. 9, 2016)

1. The Forum would amend the Bylaws to create three working groups (including detailed statement of scope, deliverables, and expiration date, if any):

*         Web Working Group (basically the work of the Forum today - TLS certificates on the Web)

*         Code Signing Working Group

*         S/MIME Working Group

All substantive work of the Forum would occur in these Working Groups, and not at the Forum level.

At this time, we would not include any specific process in the Bylaws for creating additional working groups in the future.  Instead, new working groups in the future would be created by ballot amending the Bylaws.

Working Groups would have the authority to draft and finally adopt by Working Group ballot all guidelines within the Working Group scope, and Working Group guidelines would not have to be re-adopted or approved at the Forum level.

2. The Bylaws would define for each Working Group who could participate as a Working Group Member.  This would include all CAs and browsers who meet current Forum membership requirements, plus other parties with (to be defined) "skin in the game" as either producers or consumers of the product that is the subject of the Working Group's work.  For example, for the Code Signing Working Group, Adobe and Oracle could join as members, and for the S/MIME Working Group, RedHat/Linux, Blackberry, Evolution, and Federal PKI could join as members.

For the time being, we would make no change in the Bylaws concerning Interested Parties, which means that anyone in the world willing to sign the IPR agreement could participate on a Working Group (whether or not the person has skin in the game).  However, while Interested Parties could post to the Working Group list-serv and participate on conference calls, they could not vote or participate at the Forum level (see below).

2. We would amend our current IPR policy so it applies only to participation in a particular Working Group and its product, and does not apply to a member who does not participate on a particular Working Group.  (So, for example, a member who participates in the Web Working Group would be subject to the current IPR obligations as to the output of the Web Working Group, but would not be subject to any IPR obligations for the output of the Code Signing Working Group if the member did not participate in that Working Group).

We would need to define "participation" clearly, but it would start with those members (and Interested Parties) who sign up for a particular Working Group.  We may have to limit input from Forum members who have not signed up for a particular Working Group - meaning that the member could not submit ideas or comments to a Working Group until the member signs up as a participant of the Working Group and becomes subject to the IPR for that Working Group.

All Working Groups would have the same IPR policy, which would be maintained by the Forum itself and continue as a RAND-Z policy.

3. The Forum itself (the "parent" organization, which is where adoption of all final guidelines occurs today) would take on a smaller role, limiting its work to the following:

*         Amending the Bylaws (including amendments to create new Working Groups as needed)

*         Resolving any conflicts among the Working Groups

*         Adoption and maintenance of a common IPR policy, and maintaining records of participation, IP exclusion notices, etc. for the Working Groups

*         Handling logistics of face to face meetings

*         Implementing Working Group membership rules and deciding on acceptance of new members

*         Election of officers

However, the Forum itself would not adopt any guidelines or requirements, and no work at the Forum level would ever come under the IPR policy.  All members at the Working Group level (CAs, browsers, and other members) would automatically be members at the Forum level as well.

4. Voting rules would be uniform at the Working Group and Forum level, and would be essentially the same as today.  At the Working Group level, guidelines would be adopted upon approval of 2/3 of CA members and a majority of non-CA members (browsers and other members).  At the Forum level, most actions such as amendment of the Bylaws (including creation of new Working Groups) would require approval of 2/3 of CA members and a majority of non-CA members (browsers and other members).

5. We discussed whether to create a new channel for input by the public (those who do not want to sign the IPR agreement and become Interested Parties), such as a new list-serv with a click-through agreement that all IP included in a posting is being contributed to the public domain, similar to the W3C model.  However, at this point the consensus was that a new channel is not needed, and those who want to participate should sign the IPR agreement and become Interested Parties.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/govreform/attachments/20160810/69768748/attachment-0001.html 

More information about the Govreform mailing list