[cabf_governance] Preliminary Work on Governance Models

Jos Purvis (jopurvis) jopurvis at cisco.com
Mon May 16 11:57:27 MST 2016

I think you're asking some great questions here, and I agree: I don't mind discussing over email, but I definitely wouldn't make any decisions!

I can't comment on the IPR problem at all (and won't, since obviously my view is a little complicated at the moment!), but on the governance model, I would put forward one issue that's been on my mind lately. The balance in the CA/B-F is currently between the CAs and the Browsers: we require a quorum of the Browsers as a group and the CAs as a group to push changes forward, and that helps to balance out the uneven numbers of CAs vs. Browsers and keep the discussion on an even keel. That's an excellent model for the CABF as it exists today within the charter of SSL certificates for the web.

Let's consider document signing, however: the role of "Browser" is suddenly played by a different group, while the "CAs" group may or may not consist of the same players. I'm not sure that the group working on document signing should be beholden to that same governance model held by the SSL-for-the-web group. Perhaps instead they should be free to determine their own governance model within some overarching strictures handed down by the overall org (must include balanced representation, must document and adhere to a specific method for decision-making, must record decisions, etc.). A smaller group is then free to work in a less-formal format that permits decision by consensus, while a larger group can introduce more formality to keep discussions smooth and ensure decisions are arrived at in a timely fashion.

I very much take your point about the term "Working Group"--thanks! In that case, I think whatever term works is fine, as long as we have some distinction between ad-hoc and permanent. And I definitely agree that we should stick to simplicity: flexibility is important, but we should consider manageability and consistency as equal parts of that equation. 


Jos Purvis (jopurvis at cisco.com)  |  _.|._.|._ cisco systems
Cryptographic Compliance, Identity Assurance Services
+1 919.991.9114 (desk) | PGP: 0x89a3b545 / 0x07d19105

On 2016-May-16, 14:39, "govreform-bounces at cabforum.org on behalf of Virginia Fournier" <govreform-bounces at cabforum.org on behalf of vfournier at apple.com> wrote:

Hi Ben,

Thanks for getting the ball rolling.

I think this needs further discussion that may be difficult to do via email.  Why would we want to complicate the organizational structure in this way?  What benefits would we expect to gain?  What about the current structure is not working and why?  Are there less disruptive ways to address those issues?

Also, what’s the impetus for considering different IP policies for different groups?  I think this would introduce a lot of complication and confusion into the system.  What goal(s) would different policies be attempting to address, and would the benefits outweigh the challenges?  How would IP policy maintenance and administration work for multiple IP tracks?

So, I think we need to decide where we want/need to go and why before we talk about how we’re going to get there.

Best regards,

Virginia Fournier
Senior Standards Counsel
 Apple Inc.
☏ 669-227-9595
✉︎ vmf at apple.com

On May 16, 2016, at 11:24 AM, Ben Wilson <ben.wilson at digicert.com> wrote:

Prior to our face-to-face meeting next week, I think we have some preliminary matters that we should consider.  
For instance, do members prefer that the  CA/B Forum remain the umbrella organization (if we’re going to have an umbrella organization).  
Or should a new umbrella organization be created?  Consider these two diagrams:
The names are just placeholders.  Do we want to use “Forum”, “Working Group,” “Standing Committee”, “Subcommittee”, “Technical Committee”, etc?
Should governance policies/procedures be documented outside of the Bylaws in a document titled “Rules of Association”, “Operating Procedures”, or similar?
Should the umbrella organization have a Board of Directors/Trustees, Steering Committee, Leadership/Management Council, or similar?  If so, should there be two such upper-level bodies (Board and a Council) with differing responsibilities?
One reason for the approach taken above is that I am assuming we want committee/group structures with the ability of each committee/group to have a different IPR Policy.   Thoughts on this?  
Govreform mailing list
Govreform at cabforum.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/govreform/attachments/20160516/d1c8fbb5/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4072 bytes
Desc: not available
Url : https://cabforum.org/pipermail/govreform/attachments/20160516/d1c8fbb5/attachment-0001.bin 

More information about the Govreform mailing list