[cabf_governance] Draft Notes of Call - 13-Sept.-2016

Ben Wilson ben.wilson at digicert.com
Thu Sep 15 12:56:01 MST 2016


Here are my draft notes from our call this past Tuesday.

Present:  Mike Johnson, Ben Wilson, Virginia Fournier, Peter Bowen, Andrew
Whalley

Virginia presented the following from her comment to the summary document-"I
think 5.1.g is broad enough as far as suspension of the license goes.
However, we could also add a new section to the policy (and the IP
agreement) that states:
If a CAB Forum Participant initiates litigation (the "Litigating
Participant") against any other CAB Forum Participant asserting a patent
infringement claim based on an Essential Claim (excluding counter-claims,
and cross-claims) alleging that an implementation of a Final Guideline or a
Final Maintenance Guideline directly or indirectly infringes any Essential
Claim, then the licenses granted to the Litigating Participant by any and
all CAB Forum Participants for all Essential Claims shall immediately
terminate. In addition, the Litigating Participant's membership in the CAB
Forum shall automatically terminate without notice upon initiating such
litigation. All licenses to Essential Claims granted by the Litigating
Participant prior to its termination from CAB Forum shall remain in full
force and effect."

The language was reviewed by the group and it was agreed that this language
would be a good enhancement to the IPR Policy.

Peter noted that voting was an issue that we needed to address.  For
instance, the Bylaws state "representatives of corporate affiliates shall
not vote" but they do not define the term "affiliates".   

Ben said that after the last call he was still confused about the status of
subcommittees, which were previously called "ad hoc" committees and how the
IPR rules would apply when things weren't IP-related, or when we have
standing committees that he had proposed.  How did we resolve the issues
with peripheral committees?  

Virginia:  During the last call, we agreed that they would not be called
working groups, but what do you mean about the application of the IPR rules?
What would the groups be doing?  Would there be two groups?

Ben:  There would be one like an ad hoc advisory committee that wouldn't be
adopting guidelines, but they could do work preliminary to becoming a
working group . incubators, interest groups, etc. Those would revolve around
some kind of technology, but they wouldn't be creating guidelines unless
they were a working group.  The other kind of group would be formed to
schedule the face-to-face meetings, etc. 

Peter:  I don't think they should be exempt from the IPR Policy.

Ben:  It's just that they wouldn't be creating essential claims.  

Virginia:  Well, they could be though. 

Andrew:  What about what we have written in section 7 of the summary?

Peter:  The groups being discussed here, .

Ben:  I think you were saying that they would be working on things that
might have implications for IP rights.

Peter:  The concern here is that we've had these things called working
groups in the past, such as this one, that are really just functions of the
parent group, where they have defined topics for an agenda. I don't think we
should treat it differently.  It's not a different membership group from an
IPR policy perspective. Somebody decides to lead a call on a specific topic.


Ben: Well, the thing I want to avoid is people not participating in these
other groups because they have to get legal clearance. 

Peter:  But they're not separate groups.

Ben:  Sure they are.

Peter:  Why?

Ben: Because you're setting up a subcommittee or something.  The way I look
at it is that things done at the Forum level wouldn't be covered by the IPR
policy. You could do a lot of the without creating a committee - you could
say, "Joe, Bob, and Sally, go work on planning the next meeting."  That is
not a working group and the IPR policy shouldn't apply to them. 

Peter:  Why not?

Virginia: I think it should apply to them.

Peter:  Right.  Every action should be either in the scope of the parent
Forum or the top level or in the scope of a specifically segregated working
group. Even if it is a group of people meeting, a subset of people meeting,
that this still the action of the overall group.  

Virginia:  I think that the IPR policy should apply to everything. In W3C
the IPR policy applies to interest groups and community groups, which are
kind of incubator groups, although there is a  contributor license agreement
that applies to the community groups,  but I don't think we want to get that
complicated, but the IPR policy applies to pretty much everything.  There
isn't anything that is exempt from the IPR policy.

Ben:  So, you're both saying that the IPR Policy applies to everything?  

Virginia:  I don't know why it wouldn't, because we don't want to be in a
situation where something gets developed in an ad hoc group and it ends up
in a guideline and somehow we don't have license to it. 

Ben: OK, so in this last paragraph seven, there is nothing in here that
really conflicts with what you guys are saying, but in order to be more
clear, maybe we need to say something to make it clear from your position
that the IPR policy applies.  We'll also replace "IPR rules" with "IPR
scope" to clarify that there aren't multiple IPR policies.  So it could say,
"for avoidance of doubt, the IPR policy applies to all activities of the
Forum including the work of subcommittees."  

So back to voting and voting rights . when we've talked about creating
working groups there's been the thought that the working group itself would
be able to establish the membership rules of themselves, but because we're
doing working groups in the bylaws, I think that this committee needs to
develop the membership rules because those are going in the bylaws. So, for
instance, code signing, should we write language for what the membership is
of the code signing working group? 

Peter:  In a more specific case, the concern is that currently the Forum has
a two-class voting system--browsers and CAs. It works reasonably well to
meet the goals of the current scope.  It also works reasonably well because
we do have multiple voting members in each class.  I think there was some
concern raised that some working groups might be in a position where they
would have either zero members or one member of the class, at which point it
doesn't work so well.

Ben: I've been of the opinion that you could have a working group with just
one class of members.  Maybe a bunch of CAs want to go and talk about, let's
say, IOT - Internet of Things, and there aren't any other classes of groups
that are really interested.  Then they should be able to have a committee
that talks about that.

Andrew:  Would it be interesting to think about different types of votes?
There is nothing stopping a working group with all members of one class from
forming to produce anything that would be the equivalent of a current
top-level CAB Forum binding document.  Or would it need to find sufficient
members of the other class to join? 

Peter:  What is sufficient members? I would look at the code signing group.
I think that based on the current non-CA members, I think we identified that
only one of them was terribly interested in the code signing guidelines.  

Andrew:  So sufficient members could be one-just for the sake of
argument-talking about a group that forms to produce proposals that could do
so without regards to membership class.  So, if they wanted to go forward
with a document where they wanted to have the full brand of the CAB Forum
behind it, it needs to then have a diversity of membership.

Peter:  The other option is that the documents are all the product of the
CAB Forum XX working group, and chartering the working group gives them the
authority to use, generate, and approve documents with that name.  

Ben:  So, when we charter a working group, do we do it in the bylaws or do
we just charter it in a separate document and say, "this is their charter"?
It seems like maybe the latter is more efficient.   

Virginia:  I thought that in the new bylaws we were going to do it in the
bylaws and that the charter would be a separate document.  We could specify
it in the charter as a separate document so that the whole thing doesn't
have to be in the bylaws.  

Ben:  Okay.  That sounds good. That's a good suggestion.  Peter, you earlier
in the call had something to address.

Peter:  When we talk about who gets to vote, it was raised before, and
somebody said at the time, something like, "well, anyone who brings a
WebTrust audit." One vote for one audit, etc. but I noticed on this week's
CAB Forum agenda for Thursday there is mention of a rule in the bylaws that
affiliates can't vote. You only get one vote per group of affiliated
companies, so I mean for example, Symantec only gets one vote even though
they have Thawte, Geotrust, etc. but I noticed that our bylaws don't
actually define what "affiliate" is.  

Ben:  I think it should be common ownership where you have 10% common
interest and not majority or majority control, to be considered an
affiliate.

Peter: Thinking down that path, we ask members when they join to declare
whether they are a CA or a browser.   I think we've got several members who
qualify as both. Microsoft, Apple, Google, and probably Amazon, all can make
the argument that they have browsers.  I believe all of them have published
WebTrust audits.  They are not necessarily operating a CA for general public
use, but they meet the requirements under our bylaws.   So I guess one of
the questions in my mind is if we keep classed voting, can a member
participate in different working groups and come in different classes?
Let's say, for example, a new company comes in and they are another
browser-CA combination. Can they be a CA in the code signing working group
but a browser in the SSL working group?

Ben: That might cause some confusion, but as long as they declare at the
Forum level what they are, what membership voting group they are there, then
I think it would work. 
I would think that it would be good to have them in the working groups be
able to determine what they are, where there their interest is.  

Peter:  The question is, especially as we expand outside of browser scope,
some of those members may want to vote with the interests of CAs rather
browsers, and would that be permissible?  It's kind of complex. We've
ignored it for the most part. The IPR policy does define affiliate so maybe
we should reuse that.  I think there's a couple of things like, how do we
decide who gets to vote and how many votes they get?  The 
obvious answer is probably one.

Andrew:  A strawman to the first part of that is, upon joining or change of
control, you can declare whether you are a software vendor, CA, or both, at
the time of voting.

Peter:  So you could swap, ballot by ballot?

Andrew:  Yes, potentially.

JC: It seems like it would lead to some interesting strategic voting.

Ben: Back to this one-member, one-vote, technically if you have a weighted
vote, then it really isn't one member one vote, if you have different
classes. That's one of the things that some of the larger members of the
Forum want to ensure, because they have a greater interest-- some animals
are more equal than others.

Peter: Sure. We just need to work it out. Code signing might be a good
example.  Take Google for example, if it wanted to start issuing code
signing certificates for its Windows binaries it might want to vote as a CA
in the code signing working group. Another example is Amazon, which made the
strategic decision to join as a CA, but it was pointed out to me before we
joined that we've got Silk, which is a browser.  It's not the biggest market
share out there but it meets the requirements.  We need to figure out how to
handle it.

Ben:  And write it up in the bylaws with enough detail so that people don't
feel like we didn't address it.

Andrew:  It might make more sense to do it at a working group level than on
a per ballot basis.  

Peter: It can get extremely confusing, and we're lucky to date that nobody
has pushed  this, whether it has been due to gentlemen's agreements or
something along those lines, that has prevented it. 

Ben:  Well, they could switch, but then somebody would say, "well you just
switched, and you can't be switching within so many days back and forth."
Well, what are our tasks?  What do we tell the group about our status and
next steps?

Andrew:  I have an outstanding task of preparing a template of what a
charter would look like and what would be in the bylaws.  

Ben:  With redlining or marking up the bylaws, when do we think we would be
ready to start doing something like that?  I mean we could post those up on
a Google doc and and start marking those up, that's a possibility.  I guess
I'll do that.

Virginia:  I could help with that.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
Url : https://cabforum.org/pipermail/govreform/attachments/20160915/7eaa2f6a/attachment.bin 


More information about the Govreform mailing list