[cabf_governance] [EXTERNAL]Re: Two topics for next Governance Change WG meeting
Kirk Hall
Kirk.Hall at entrustdatacard.com
Thu Aug 30 14:43:24 MST 2018
Virginia – our current Bylaws restrict certificate issuers to entities with WebTrust for CA or similar ETSI audits that issue certificates, and certificate consumers that rely on certificates. Based on that working, I think only CAs that issue SSL/TLS server certificates (with WT or ETSI audits) and browsers that rely on SSL/TLS server certificates qualify. We could have a new IoT Device Working Group, S/MIME Certificate Working Group, or other new WGs where the “CA” members don’t have WebTrust/ETSI audits, and their “browser” members may not require such audits. So they wouldn’t be CABF Members under our current Bylaws. I think we need a change in the Bylaws if the intention was that all WG members were automatically Forum members with a vote.
From: vfournier at apple.com [mailto:vfournier at apple.com]
Sent: Thursday, August 30, 2018 11:55 AM
To: Ryan Sleevi <sleevi at google.com>; Kirk Hall <Kirk.Hall at entrustdatacard.com>
Cc: CA/Browser Forum Governance WG List <govreform at cabforum.org>
Subject: [EXTERNAL]Re: [cabf_governance] Two topics for next Governance Change WG meeting
On Aug 30, 2018, at 7:28 AM, Ryan Sleevi via Govreform <govreform at cabforum.org<mailto:govreform at cabforum.org>> wrote:
On Thu, Aug 30, 2018 at 9:36 AM Kirk Hall via Govreform <govreform at cabforum.org<mailto:govreform at cabforum.org>> wrote:
Here are two issues for the Governance WG to discuss:
1. Move forward with Ballot Forum-2 – extending terms of CABF Chair and Vice Chair
2. Consider revising Bylaw 2.1 (Forum Membership requirements) and Bylaw 2.3(f) (voting rules). As I understand it, the intent was that ALL members of ALL new Working Groups would automatically be Members of the Forum, and ALL would have an equal vote on votes at the Forum level. Is that correct?
I don't believe so.
VMF: All members of all WGs will also be members of the Forum. There was no intent to change the voting structure. There are still the Certificate Issuers/Certificate Consumers categories, with the same approval thresholds.
That’s not how Bylaws 2.1 and 2.3 read – they only allow CAs and Browsers to be Forum members, and they still show voting at the Forum level limited to CAs and Browsers (2/3 vote, 51% vote). We did move these same rules to the SCWG level – that makes sense – but if we create new WGs with non-CA/non-browser members, they won’t be able to participate at the Forum level.
Well, browsers, mail clients, other certificate consumers. It's a broader category than just the SCWG's notion of browser.
VMF: Each WG can set its own voting rules in its charter. This in no way affects the voting structure at the Forum level.
So we should (a) change those Bylaws at the Forum level (“any Member of a WG is automatically a Member of the Forum, and all votes equal at the Forum level), and also (b) add the current voting rules to the SCWG charter (there are no voting rules there).
VMF: No, this is not what was intended.
******
Bylaw 2.1 Qualifying for Forum Membership
(a) All Forum members must participate in at least one CWG (as defined in Section 5.3.1 below), and meet at least one of the following criteria:
(1) Certificate Issuer: The member organization operates a certification authority that has a current and successful WebTrust for CAs audit or ETSI EN 319 411-1 or ETSI TS 102 042 or ETSI TS 101 456 audit report prepared by a properly-qualified auditor, is a member of a CWG, and that actively issues certificates to end entities, such certificates being treated as valid by a Certificate Consumer Member. Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Sec. 3.1 for a period of time to be designated by the Forum.
(2) Root Certificate Issuer: The member organization operates a certification authority that has a current and successful WebTrust for CAs, or ETSI EN 319 411-1102042 or ETSI TS 102
042 or ETSI TS 101 456 audit report prepared by a properly-qualified auditor, is a member of a CWG, and that issues certificates to subordinate CAs that, in turn, actively issue certificates to end entities such certificates being treated as valid by a Certificate Consumer Member. Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Section 3.1 for a period of time to be designated by the Forum.
(3) Certificate Consumer: The member organization produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a CWG.
2.3 General Provisions Applicable to all Ballots
The following rules will apply to all ballots, including Draft Guideline Ballots (defined in Section 2.4).
(f) Members fall into two categories: Certificate Issuers (including Certificate Issuers and Root
Certificate Issuers), as defined in Section 2.1(a)(1) and (2) and Certificate Consumers (as
defined in Section 2.1(a)(3)). In order for a ballot to be adopted by the Forum, two-thirds or more
of the votes cast by the Members in the Certificate Issuer category must be in favor of the ballot,
and at least 50% plus one of the votes cast by the Members in the Certificate Consumer
category must be in favor of the ballot. At least one Member in each category must vote in favor
of a ballot for the ballot to be adopted.
_______________________________________________
Govreform mailing list
Govreform at cabforum.org<mailto:Govreform at cabforum.org>
https://cabforum.org/mailman/listinfo/govreform
_______________________________________________
Govreform mailing list
Govreform at cabforum.org<mailto:Govreform at cabforum.org>
https://cabforum.org/mailman/listinfo/govreform
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/govreform/attachments/20180830/58375774/attachment-0001.html>
More information about the Govreform
mailing list