[cabf_governance] DigiCert's Proposal for Governance Reform

Virginia Fournier vfournier at apple.com
Wed Jul 20 16:08:42 MST 2016

Hi Ben,

Thanks for sending this.  I haven’t digested your suggested model in detail yet, but I have some questions.
Why would the CAB Forum make these changes?  What’s the impetus?  What would the benefits be to the Forum and the members?
How do you envision the IPR policy working in the model you’ve described?   Would there be one CAB Forum IPR policy, or an IP policy for each working group (there were objections to having multiple IP policies)?
How would the “Forum” activities be funded and staffed?
Why should CAB Forum accommodate the requests of specific companies/members?
Where do you see browsers fitting into the equation?

Best regards,

Virginia Fournier
Senior Standards Counsel
 Apple Inc.
☏ 669-227-9595
✉︎ vmf at apple.com <mailto:vmf at apple.com>

On Jul 20, 2016, at 12:08 PM, Ben Wilson <ben.wilson at digicert.com> wrote:

DigiCert’s preferred model for governance reform of the CA/Browser Forum is working-group-centric as it emphasizes the importance of working groups in the areas of membership, voting, and IPR obligations.  
While the two underlying themes to our discussions about governance reform lately have been entitlement to vote and the over-inclusive scope of the IPR policy, we should not oversimplify the reasons for seeking governance reform. They go beyond the factors that caused the code signing ballot to fail.  Additional requests of members have included:  one organization where activities are coordinated, self-regulation in the industry, and a legally recognized structure (i.e. sufficient enough for the Forum to receive an EV certificate).  These additional requests should be accommodated if possible.
DigiCert favors a resolution that moves the current membership and voting criteria to a “Server Certificate Working Group” leaving membership at the Forum level of the organization responsible for administration and maintenance of the Forum.  While the purpose of the Forum as a whole would be to address standards applicable to CAs issuing digital certificates, the scope of activities at the Forum level would be limited to scheduling meetings, creating/eliminating working groups, harmonizing the work product of working groups, maintaining the website, and maintaining the IPR policy.  For these purposes, the Bylaws would create “Standing Committees” formed to work and  advise Forum membership on areas delegated to Standing Committees in the Bylaws.  There would be no Executive Committee—each member at the Forum level would  have one vote, but membership in a working group would not entitle that company to membership at the Forum level.   Membership at the Forum level would not require participation in any working group.    
Similar to today’s membership criteria, membership at the Forum level would be limited to CAs and software companies of a certain size that manage root stores.  (The name of the CA/B Forum doesn’t need to change – the meaning of “CA/B” can be historic.)  Each working group would be responsible for creating and maintaining its own membership rules and voting rules.  As stated above, the membership criteria and voting rights in the Server Certificate Working Group would be the same as they are today for the Forum as a whole.  Additional working groups would be the Code Signing Working Group and the Client Certificate Working Group.  DigiCert proposes that membership in the Code Signing Working Group be limited to those CAs that issue code signing certificates and those software providers actively engaged in maintaining trust stores for code signing.  Membership in the Client Certificate Working Group would be similarly limited to CAs that issue certificates for S/MIME, digital signature, and client authentication and to software providers that process those certificates.  However, these are just suggestions and membership in each working group would be decided by the working group itself. Voting rules could be established by each of those working groups once they convene.
This two-layer structure is important for implementation of a working-group approach to IPR obligations.  Votes by membership at the upper, Forum level of the organization should not encumber the intellectual property rights of members.  Segregating administrative-management activities at the Forum level with Standing Committees from standards-adopting activities in Working Groups provides a clear guide for members and their legal counsel to follow when evaluating the IPR consequences of Forum participation.  Conversely, the proposal to preserve voting on server-certificate issues at the Forum level does not resolve the IPR concerns that have been previously expressed. 
Govreform mailing list
Govreform at cabforum.org <mailto:Govreform at cabforum.org>
https://cabforum.org/mailman/listinfo/govreform <https://cabforum.org/mailman/listinfo/govreform>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/govreform/attachments/20160720/19f0e546/attachment-0001.html 

More information about the Govreform mailing list