[cabf_governance] Siemens participation in CA/Browser Forum

Tim Hollebeek tim.hollebeek at digicert.com
Fri Apr 27 15:02:37 MST 2018


IIRC Siemens is using QuoVadis sub-CA, but someone should double-check that.

 

-Tim

 

From: Govreform [mailto:govreform-bounces at cabforum.org] On Behalf Of Virginia Fournier via Govreform
Sent: Friday, April 27, 2018 5:59 PM
To: Dean Coclin <dean.coclin at digicert.com>
Cc: CA/Browser Forum Governance WG List <govreform at cabforum.org>
Subject: Re: [cabf_governance] Siemens participation in CA/Browser Forum

 

Good question.  The Siemens guys said they had been participating through QuoVadis, so I thought it was an affiliate.  But it looks like maybe QuoVadis is a CA that Siemens uses?  We should just take that sentence out.

 





Best regards,

 

Virginia Fournier

Senior Standards Counsel

 Apple Inc.

☏ 669-227-9595

✉︎ vmf at apple.com <mailto:vmf at apple.com> 

 

 

 

 

 

On Apr 27, 2018, at 2:52 PM, Dean Coclin <dean.coclin at digicert.com <mailto:dean.coclin at digicert.com> > wrote:

 

I probably missed something but how does QuoVadis fit into this equation?

 

From: Govreform [mailto:govreform-bounces at cabforum.org] On Behalf Of Virginia Fournier via Govreform
Sent: Friday, April 27, 2018 5:44 PM
To: CA/Browser Forum Governance WG List <Govreform at cabforum.org <mailto:Govreform at cabforum.org> >
Subject: Re: [cabf_governance] Siemens participation in CA/Browser Forum

 

Hello,

 

Here is a draft of email back to Siemens that Kirk, Tim and I came up with.  Please let us know if there are any questions or concerns.  If not, we’ll plan to send it out Tuesday a.m.

 

Ok, here is the updated email to Siemens.  Please let me know your thoughts.  Thanks!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

DRAFT

 

Dear Markus,

 

This email is in response to your questions about modifying the CAB Forum IPR Agreement for Siemens.

 

We can certainly appreciate the challenges that Forum participants have with respect to their patent portfolios.  Many current Forum participants have this challenge, and have still agreed to comply with the terms of the Forum IPR Policy.  It would not be fair or reasonable to negotiate a different version of the IPR Policy for each Forum participant - this is not the way standards organizations work.  The key is that everyone has the same agreement/policy for fairness, predictability, and consistency.  

 

It would be completely unmanageable to have a unique agreement with each Forum member, and would be difficult, if not impossible, to determine who could use which parts of the Guidelines without having patent exposure.  This is especially true because the Forum, unlike many other standards organizations, does not have its own staff or financial resources.  Therefore, in order to participate in the Forum, either as an Interested Party or a member, Siemens will need to sign the same IPR Agreement as the other Forum members have signed, without modification.

 

To be fair to other Forum members and to abide by the Forum’s IPR Policy,  Siemens will be required to sign the Forum’s IPR Agreement before participating in any Forum activities.  Each participant is subject to all of the provisions of the IPR Policy, including the representations and warranties included in Section 6.4.  Of course, QuoVadis may continue to participate in Forum activities provided that it continues to have a current IPR Policy Agreement in place.

 

Please let us know if you have any questions, or would like to discuss this matter further.






Best regards,

 

Kirk or Dean or Governance WG, or ??

 

~~~~~~~~~~~~~~~~~~~~~~~











Best regards,

 

Virginia Fournier

Senior Standards Counsel

 Apple Inc.

☏ 669-227-9595

✉︎  <mailto:vmf at apple.com> vmf at apple.com

 

 

 

 

 

On Apr 24, 2018, at 2:09 PM, Kirk Hall < <mailto:Kirk.Hall at entrustdatacard.com> Kirk.Hall at entrustdatacard.com> wrote:

 

I’m on my way to a conference in Salt Lake City (which I am organizing), so jammed until Friday.

 

I’m happy to defer to your interpretation and recommendations.  This has been an issue from the start, and our rules allow individuals to join as Interested Parties.  We can either just live with that, or seek to change it.

 

I will add as a discussion item for the May 3 teleconference, and refrain from posting anything more on the topic.

 

What do you want us to do?  The Bylaws need to be changed if we want to be more restrictive.

 

From:  <mailto:vfournier at apple.com> vfournier at apple.com [ <mailto:vfournier at apple.com> mailto:vfournier at apple.com] 
Sent: Tuesday, April 24, 2018 12:59 PM
To: Kirk Hall < <mailto:Kirk.Hall at entrustdatacard.com> Kirk.Hall at entrustdatacard.com>
Subject: [EXTERNAL]Re: [cabf_governance] Siemens participation in CA/Browser Forum

 

Hi Kirk,

 

Do you have time for a short call later today or tomorrow?  I don’t agree with what you’ve described below, and I’d like to discuss it live.  We need to get on the same page on this issue.  Thanks. 

 







Best regards,

 

Virginia Fournier

Senior Standards Counsel

 Apple Inc.

☏ 669-227-9595

✉︎  <mailto:vmf at apple.com> vmf at apple.com

 

 

 

 

 

On Apr 24, 2018, at 8:54 AM, Kirk Hall < <mailto:Kirk.Hall at entrustdatacard.com> Kirk.Hall at entrustdatacard.com> wrote:

 

My main response is, if John Jones signs in his personal capacity (and not for his employer MegaTech Co.), only John Jones is the Participant and only John Jones is bound.  If a Guideline includes IP owned by MegaTech, it was not required to declare it or offer a RF license.  Jones can argue he complied because he doesn’t own any of the IP and was not limited in his ability to contribute it – in fact, his employer might even think it’s a great idea (so subsection a is covered).  Jones can say there is no violation of subsection c because he had no idea MegaTech planned to assert royalty rights (or maybe he had no idea MegaTech had a patent on the process, etc., they just talked about it a lot).  The whole reason for preferring companies sign, not individuals, is it eliminates those issues.

 

From: Tim Hollebeek [ <mailto:tim.hollebeek at digicert.com> mailto:tim.hollebeek at digicert.com] 
Sent: Tuesday, April 24, 2018 6:42 AM
To: Kirk Hall < <mailto:Kirk.Hall at entrustdatacard.com> Kirk.Hall at entrustdatacard.com>; CA/Browser Forum Governance WG List < <mailto:govreform at cabforum.org> govreform at cabforum.org>;  <mailto:vfournier at apple.com> vfournier at apple.com
Subject: [EXTERNAL]RE: [cabf_governance] FW: Siemens participation in CA/Browser Forum

 

What does that promise do that isn’t already here?

 

6.4 Representations and Warranties

 

Participants that submit Contributions, by making a Contribution to a Working Group, represent and warrant that, to the extent personally known to the individual Contributors under their control: 

a. There are no limits to the Participant’s ability to make the grants, acknowledgments and agreements herein,

b. The Contribution does not contain source code that is intended to be incorporated as a technical component of a Guideline, and 

c. The Contribution, if incorporated into a Final Guideline or Final Maintenance Guideline will not subject the Final Guideline or Final Maintenance Guideline or implementations of the Final Guideline or Final Maintenance Guideline, in whole or in part, to licensing obligations, restrictions or requirements which are inconsistent with those set forth in this Intellectual Property Rights Policy.

 

From: Govreform [ <mailto:govreform-bounces at cabforum.org> mailto:govreform-bounces at cabforum.org] On Behalf Of Kirk Hall via Govreform
Sent: Monday, April 23, 2018 8:16 PM
To:  <mailto:vfournier at apple.com> vfournier at apple.com; CA/Browser Forum Governance WG List < <mailto:govreform at cabforum.org> govreform at cabforum.org>
Subject: Re: [cabf_governance] FW: Siemens participation in CA/Browser Forum

 

I am in violent agreement with you – should I add to the May 3 CABF agenda for you to discuss?

 

My one question is, how do we know who someone works for (especially if they use a personal email address)?

 

How does W3C handle this when an individual joins?

 

We could also change the IPR Agreement to say “I promise on my own behalf and on behalf of any of my current employers that I will contribute…”  At least it’s a promise.  Would not cover independent contractors, but..

 

From:  <mailto:vfournier at apple.com> vfournier at apple.com [ <mailto:vfournier at apple.com> mailto:vfournier at apple.com] 
Sent: Monday, April 23, 2018 4:22 PM
To: Kirk Hall < <mailto:Kirk.Hall at entrustdatacard.com> Kirk.Hall at entrustdatacard.com>; CA/Browser Forum Governance WG List < <mailto:govreform at cabforum.org> govreform at cabforum.org>
Subject: [EXTERNAL]Re: [cabf_governance] FW: Siemens participation in CA/Browser Forum

 

Hi Kirk,

 

I think this needs further discussion - it’s a way to do an end-run around the IPR Policy and can create IP vulnerabilities.  

 

Let’s say the 3 Siemens guys each join as an Interested Party rather than as a Siemens entity member.  Then let’s say they each contribute suggestions for the Guidelines via GitHub.  They could each be contributing Siemens IP, because Siemens probably has an “employee invention assignment agreement” with the employees stating that Siemens owns all the work they do.  Or they knowingly contribute Siemens IP because they think it will be helpful and they don’t think anyone at Siemens will care.  

 

So now we have Siemens material in the Guidelines, but no patent license.  Siemens could then hypothetically sue everyone using the Guideline that the 3 “Interested Parties” worked on, because Siemens owned the IP, and not the “Interested Parties,” and didn’t grant anyone a patent license.

 

At the very least, I think we should put some parameters around who qualifies to be an “Interested Party” to avoid this type of scenario.

 

In any event, we can’t accept the language proposed by Siemens’ lawyers.  We can’t allow each member/Interested Party to negotiate their own patent license - that would be unfair to others and unmanageable.  If they want to participate, they'll need to agree to the same terms as everyone else - that’s how standards organizations work.

 

Best regards,

 

Virginia Fournier

Senior Standards Counsel

 Apple Inc.

☏ 669-227-9595

✉︎  <mailto:vmf at apple.com> vmf at apple.com

 

 

 

 

 

On Apr 23, 2018, at 11:39 AM, Kirk Hall via Govreform < <mailto:govreform at cabforum.org> govreform at cabforum.org> wrote:

 

See the proposal from Siemens for modification of the IPR Agreement obligations, and my response.

 

Does someone on this WG (Virginia?) want to respond directly?

 

Kirk

 

From: Kirk Hall 
Sent: Monday, April 23, 2018 11:38 AM
To: 'Wichmann, Markus Peter' < <mailto:markus.wichmann at siemens.com> markus.wichmann at siemens.com>
Cc: Buschart, Rufus < <mailto:rufus.buschart at siemens.com> rufus.buschart at siemens.com>; Grotz, Florian < <mailto:florian.grotz at siemens.com> florian.grotz at siemens.com>
Subject: RE: Siemens participation in CA/Browser Forum

 

Markus – I apologize for my delay in responding – I was at the RSA 2018 meeting in San Francisco last week.

 

The timing is unfortunate for talking about changes to the Forum’s IPR Policy, as a Governance Change Working Group just completed two years of work to change our structure, which also required changes to our IPR Policy – the updated policy is being circulated and signed by the members and Interested Parties right now.  The updated agreement is attached.

 

I will forward your message to that Working Group for review, but I don’t think they will endorse it.  The existing IPR Agreement (which is still part of the new agreement) was developed over a year in 2011, with IP lawyers from Microsoft, Apple, Google, etc. all involved.  It was based on the existing IPR Agreement language of standards bodies such as W3C, which most of our companies have already signed.  So I think modifications to that would not be popular – the existing language was hammered out (and amended once) and everyone now thinks they know what it means.

 

One possible solution is for you to sign the IPR Agreement (version 1.3 attached) as an individual, and don’t list Siemens itself as an Interested Party.  The agreement obligations would then only apply to you as an individual, and you would be able to post to the various lists.  That’s what some others have done.

 

Kirk

 

From: Wichmann, Markus Peter [ <mailto:markus.wichmann at siemens.com> mailto:markus.wichmann at siemens.com] 
Sent: Monday, April 9, 2018 1:17 PM
To: Kirk Hall < <mailto:Kirk.Hall at entrustdatacard.com> Kirk.Hall at entrustdatacard.com>
Cc: Buschart, Rufus < <mailto:rufus.buschart at siemens.com> rufus.buschart at siemens.com>; Grotz, Florian < <mailto:florian.grotz at siemens.com> florian.grotz at siemens.com>
Subject: [EXTERNAL]AW: Siemens participation in CA/Browser Forum

 

Hello Kirk, 

 

Discussing with our legal department, we could offer the following:

 

“Siemens AG will allow the use of Siemens AG patents relating to the browser functionality that is the subject of the Browser Forum by members of the Forum at no cost, to the extent that the members use these patents in connection with their own products and solutions.”

 

Please note, we cannot decide for the patents of our affiliates, especially not about the patents of affiliates which we control as “strategically managed companies”, as they are themselves listed on the stock exchange. 

 

Would that be a good starting point for the discussion, as you suggested?

 

BR, Markus  

 

 

Von: Wichmann, Markus Peter (GS IT ISEC TE DI IS) 
Gesendet: Mittwoch, 4. April 2018 10:18
An: 'Kirk Hall'; Buschart, Rufus (GS IT HR 7 4)
Cc: Grotz, Florian (GS IT HR 7 4)
Betreff: AW: Siemens participation in CA/Browser Forum

 

Hello Kirk, Rufus,

 

first, no mail got missed, I did not manage to clear my to do list completely before my vacation – Rufus, thanks for taking over.

 

Kirk, thank you very much for your clarification and your suggestion how to overcome the IP issue. As we definitely see the value in participating in the CA/B Forum, I will reach out to our lawyers and ask them to provide a memo as you suggested.

 

BR, Markus

 

Von: Kirk Hall [ <mailto:Kirk.Hall at entrustdatacard.com> mailto:Kirk.Hall at entrustdatacard.com] 
Gesendet: Mittwoch, 4. April 2018 02:21
An: Buschart, Rufus (GS IT HR 7 4)
Cc: Wichmann, Markus Peter (GS IT ISEC TE DI IS); Grotz, Florian (GS IT HR 7 4)
Betreff: RE: Siemens participation in CA/Browser Forum

 

Ah, this is a difficult issue.

 

For several years the CA/Browser Forum operated as a non-corporate entity (just a name, really) without any IPR Agreement.  Then, around 2011, the browsers led by Microsoft insisted we create an IPR Agreement to avoid IP conflicts when adopting “best practices” in CA/Browser Forum document (which eventually become the equivalent of standards or requirements once the browsers adopt them as trusted root program requirements for being included in their browsers, and also become WebTrust / ETSI audit standards).  Their biggest stated concern was that a CABF member could participate in drafting a CABF guideline while secretly knowing it had a patent on the process.  After the browsers made the guideline a program requirement for all CAs, the member could then surprise everyone and demand an IP license with royalties.  A drafting committee of IP lawyers (again dominated by the browsers) turned to models like the IP agreement of W3C, etc. as a template for the CABF IPR Agreement.

 

That’s how we got to our current IPR Agreement.  I personally have no great investment in the IPR Agreement, and think that it is unlikely that any CABF requirements are likely to get into any “patentable” processes – plus we can simply eliminate a requirement if someone shows up demanding a royalty.  But others in the Forum don’t agree with me.

 

Also – the active member participants in the Forum are technology oriented, not law oriented, and it’s exceedingly difficult to get them to focus on IP issues.  It might be somewhat painful trying to get the whole Forum to discuss this – they would likely turn to their IP lawyers instead, and the IP lawyers often are hard to schedule.  In addition, and changes would have to preserve the current objective of our IPR Agreement, which is essentially to force parties who participate in discussion of changes to Forum standards to disclose any IP they have that is relevant to the changes, or else automatically grant non-exclusive royalty free licenses to the IP.

 

With that, I would say I can certainly forward to the Forum any suggestions from Siemens for changes to our IPR Agreement – the suggestions would need to be in pretty simple language (these are not lawyers) with good reasons for making the changes.  Also, it would be very helpful to Siemens’ case if you can point out other ISO standards organizations that already use the IP approach you are suggesting – so you can reassure the Forum members that this is already done in other places, is reasonable, and works.  I don’t think the Forum will want to make “custom” changes to our IPR Agreement that are not fairly standard in the IP agreements of other standards organizations.

 

With this information, do you want to propose your changes?  I would not spend a great deal of time on this for the first effort – maybe a fairly short memo.  I can then forward to Forum members (it would be on the Public list, so anyone could see it), and we could schedule a time on a future CABF conference call for you to discuss.  Let me know if you are interested.

 

I don’t use the github link you included in your message below, so I’m not fully aware of who gets access.  Let me do some checking on that, and I will get back to you.

 

Kirk

 

From: Buschart, Rufus [ <mailto:rufus.buschart at siemens.com> mailto:rufus.buschart at siemens.com] 
Sent: Tuesday, April 3, 2018 10:47 AM
To: Kirk Hall < <mailto:Kirk.Hall at entrustdatacard.com> Kirk.Hall at entrustdatacard.com>
Cc: Wichmann, Markus Peter < <mailto:markus.wichmann at siemens.com> markus.wichmann at siemens.com>; Grotz, Florian < <mailto:florian.grotz at siemens.com> florian.grotz at siemens.com>
Subject: [EXTERNAL]RE: Siemens participation in CA/Browser Forum

 

Hello Kirk!

 

I’m not sure if Markus reached out to you before his vacation – I haven’t seen any email but maybe it’s only because I wasn’t on cc: In this case please excuse receiving double emails.

 

We got feedback from our intellectual properties department and they told us, that they would need to check a big list of potentially affected patents. This would take a very long time and will cost a lot of money – so we can’t really do this. But would you be willing to discuss with our legal department changes in the IPR-form so that it would be possible for us to join? Otherwise I would like to propose that we continue to contribute through GitHub (https://github.com/cabforum/documents/issues ) for which no IPR form seems to be necessary.

 

Greetings from Bavaria

 

Rufus

 


Siemens AG
GS IT HR 7 4
Hugo-Junkers-Str. 9
90411 Nuernberg, Germany 
Tel.: +49 1522 2894134
 <mailto:rufus.buschart at siemens.com> mailto:rufus.buschart at siemens.com
www.siemens.com/ingenuityforlife
<image001.gif>

From: Kirk Hall [ <mailto:Kirk.Hall at entrustdatacard.com> mailto:Kirk.Hall at entrustdatacard.com] 
Sent: Mittwoch, 17. Januar 2018 23:15
To: Buschart, Rufus (GS IT HR 7 4)
Cc: Wichmann, Markus Peter (GS IT ISEC TE DI IS); Grotz, Florian (GS IT HR 7 4)
Subject: RE: Siemens participation in CA/Browser Forum

 

In theory, Siemens shouldn’t be participating in working group lists right now because of IP issues – that’s why we require Interested Parties to sign the IPR Agreement first.  See attached.  We would welcome Siemens if it wants to do that.

 

From: Buschart, Rufus [ <mailto:rufus.buschart at siemens.com> mailto:rufus.buschart at siemens.com] 
Sent: Wednesday, January 17, 2018 10:41 AM
To: Kirk Hall < <mailto:Kirk.Hall at entrustdatacard.com> Kirk.Hall at entrustdatacard.com>
Cc: Wichmann, Markus Peter < <mailto:markus.wichmann at siemens.com> markus.wichmann at siemens.com>; Grotz, Florian < <mailto:florian.grotz at siemens.com> florian.grotz at siemens.com>
Subject: [EXTERNAL]RE: Siemens participation in CA/Browser Forum

 

Hi Kirk!

 

Thank you for your email!

 

Right now, we are only an ‘un-official interested party’, as we are a sub-CA to QuoVadis and therefore officially being represented by them. I personally like the idea, that we could become an official interested party under CA/B forums Bylaws, but I have to discuss this with my Policy Management Authority.

 

With best regards

 


Rufus

Siemens AG
Information Technology
Human Resources
PKI / Trustcenter
GS IT HR 7 4
Hugo-Junkers-Str. 9
90411 Nuernberg, Germany 
Tel.: +49 1522 2894134
 <mailto:rufus.buschart at siemens.com> mailto:rufus.buschart at siemens.com
www.siemens.com/ingenuityforlife
<image001.gif>

From: Kirk Hall [ <mailto:Kirk.Hall at entrustdatacard.com> mailto:Kirk.Hall at entrustdatacard.com] 
Sent: Mittwoch, 17. Januar 2018 19:10
To: Buschart, Rufus (GS IT HR 7 4)
Subject: Siemens participation in CA/Browser Forum

 

Hi, Rufus – I see you have posted to some emails relating to the work of the Validation Working Group of the CA/Browser Forum (relating to validation of domains).

 

Can you remind me of Siemens’ involvement in the Forum?  Is Siemens an Interested Party under our Bylaws?  I don’t see it listed on our wiki.

 

I’m not objecting to your involvement, I’m just trying to figure it out.  How did you get included on the list?

 

If you are not already an Interested Party, it is easy to become one and then you can post directly to the VWG list.

 

Thanks.

 

Kirk Hall

Chair, CA/Browser Forum

<CAB Forum Agreement for IPR Policy_20FEB18.pdf><CABF-IPR-Policy-v.1.3_4APR18.pdf>_______________________________________________
Govreform mailing list
 <mailto:Govreform at cabforum.org> Govreform at cabforum.org
https://cabforum.org/mailman/listinfo/govreform

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/govreform/attachments/20180427/e583bad5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/govreform/attachments/20180427/e583bad5/attachment-0001.p7s>


More information about the Govreform mailing list