[cabf_governance] [EXTERNAL]Re: Two topics for next Governance Change WG meeting
Dimitris Zacharopoulos
jimmy at it.auth.gr
Fri Aug 31 00:50:12 MST 2018
On 31/8/2018 2:25 πμ, Virginia Fournier via Govreform wrote:
> This will need more discussion. We’ll need everyone to be members at
> the Forum (not SCWG) level so they’ll be bound by the Bylaws, IPR
> Policy, etc.
>
>
> Best regards,
>
> Virginia Fournier
> Senior Standards Counsel
> Apple Inc.
> ☏669-227-9595
> ✉︎vmf at apple.com <mailto:vmf at apple.com>
>
>
>
> On Aug 30, 2018, at 2:43 PM, Kirk Hall <Kirk.Hall at entrustdatacard.com
> <mailto:Kirk.Hall at entrustdatacard.com>> wrote:
>
> Virginia – our current Bylaws restrict certificate issuers to entities
> with WebTrust for CA or similar ETSI audits that issue certificates,
> and certificate consumers that rely on certificates. Based on that
> working, I think only CAs that issue SSL/TLS server certificates (with
> WT or ETSI audits) and browsers that rely on SSL/TLS server
> certificates qualify. We could have a new IoT Device Working Group,
> S/MIME Certificate Working Group, or other new WGs where the “CA”
> members don’t have WebTrust/ETSI audits, and their “browser” members
> may not require such audits. So they wouldn’t be CABF Members under
> our current Bylaws. I think we need a change in the Bylaws if the
> intention was that all WG members were automatically Forum members
> with a vote.
Kirk, this is not an entirely accurate description of ETSI or WT, as far
as I understand.
The certifications called out in 2.1(a) are not limited to SSL/TLS
server certificates. They may be used for "Certificate Issuers" that
issue S/MIME, Code Signing, Digital Signature Certificates, Client
Authentication and others. I don't think we need to make any amendments
on the "Certificate Issuer" part, except for the improvement regarding
the audit criteria versions that we've already discussed and is pending
to enter a ballot.
The description of "Certificate Consumers" is also inclusive for
non-browser members, as long as they produce a software product intended
for use by the general public for relying upon certificates. The only
controversial spot that might be worth discussing is 2.2(a)- items 2 and 3:
"A Certificate Consumer Member's membership will automatically cease if
any of the following become true:
1. it is not a member of any CWG;
2. it stops providing updates for its membership-qualifying software
product;
3. six months have elapsed since the last such published update."
There might be Certificate Consumers in certain business areas that
don't update their software product every six months.
Dimitris.
> *From:*vfournier at apple.com <mailto:vfournier at apple.com>
> [mailto:vfournier at apple.com]
> *Sent:*Thursday, August 30, 2018 11:55 AM
> *To:*Ryan Sleevi <sleevi at google.com <mailto:sleevi at google.com>>; Kirk
> Hall <Kirk.Hall at entrustdatacard.com
> <mailto:Kirk.Hall at entrustdatacard.com>>
> *Cc:*CA/Browser Forum Governance WG List <govreform at cabforum.org
> <mailto:govreform at cabforum.org>>
> *Subject:*[EXTERNAL]Re: [cabf_governance] Two topics for next
> Governance Change WG meeting
> On Aug 30, 2018, at 7:28 AM, Ryan Sleevi via Govreform
> <govreform at cabforum.org <mailto:govreform at cabforum.org>> wrote:
>
> On Thu, Aug 30, 2018 at 9:36 AM Kirk Hall via Govreform
> <govreform at cabforum.org <mailto:govreform at cabforum.org>> wrote:
>
> Here are two issues for the Governance WG to discuss:
> 1. Move forward with Ballot Forum-2 – extending terms of CABF
> Chair and Vice Chair
> 2. Consider revising Bylaw 2.1 (Forum Membership requirements) and
> Bylaw 2.3(f) (voting rules). As I understand it, the intent was
> that ALL members of ALL new Working Groups would automatically be
> Members of the Forum, and ALL would have an equal vote on votes at
> the Forum level. Is that correct?
>
> I don't believe so.
> VMF: All members of all WGs will also be members of the Forum. There
> was no intent to change the voting structure. There are still the
> Certificate Issuers/Certificate Consumers categories, with the same
> approval thresholds.
>
> That’s not how Bylaws 2.1 and 2.3 read – they only allow CAs and
> Browsers to be Forum members, and they still show voting at the
> Forum level limited to CAs and Browsers (2/3 vote, 51% vote). We
> did move these same rules to the SCWG level – that makes sense –
> but if we create new WGs with non-CA/non-browser members, they
> won’t be able to participate at the Forum level.
>
> Well, browsers, mail clients, other certificate consumers. It's a
> broader category than just the SCWG's notion of browser.
> VMF: Each WG can set its own voting rules in its charter. This in no
> way affects the voting structure at the Forum level.
>
> So we should (a) change those Bylaws at the Forum level (“any
> Member of a WG is automatically a Member of the Forum, and all
> votes equal at the Forum level), and also (b) add the current
> voting rules to the SCWG charter (there are no voting rules there).
> VMF: No, this is not what was intended.
> ******
>
> *Bylaw 2.1 Qualifying for Forum Membership*
>
> (a) All Forum members must participate in at least one CWG (as
> defined in Section 5.3.1 below), and meet at least one of the
> following criteria:
>
> (1) Certificate Issuer: The member organization operates a
> certification authority that has a current and successful WebTrust
> for CAs audit or ETSI EN 319 411-1 or ETSI TS 102 042 or ETSI TS
> 101 456 audit report prepared by a properly-qualified auditor, is
> a member of a CWG, and that actively issues certificates to end
> entities, such certificates being treated as valid by a
> Certificate Consumer Member. Applicants that are not actively
> issuing certificates but otherwise meet membership criteria may be
> granted Associate Member status under Bylaw Sec. 3.1 for a period
> of time to be designated by the Forum.
>
> (2) Root Certificate Issuer: The member organization operates a
> certification authority that has a current and successful WebTrust
> for CAs, or ETSI EN 319 411-1102042 or ETSI TS 102
>
> 042 or ETSI TS 101 456 audit report prepared by a
> properly-qualified auditor, is a member of a CWG, and that issues
> certificates to subordinate CAs that, in turn, actively issue
> certificates to end entities such certificates being treated as
> valid by a Certificate Consumer Member. Applicants that are not
> actively issuing certificates but otherwise meet membership
> criteria may be granted Associate Member status under Bylaw
> Section 3.1 for a period of time to be designated by the Forum.
>
> (3) Certificate Consumer: The member organization produces a
> software product, such as a browser, intended for use by the
> general public for relying upon certificates and is a member of a CWG.
>
> *2.3 General Provisions Applicable to all Ballots*
> The following rules will apply to all ballots, including Draft
> Guideline Ballots (defined in Section 2.4).
> (f) Members fall into two categories: Certificate Issuers
> (including Certificate Issuers and Root
> Certificate Issuers), as defined in Section 2.1(a)(1) and (2) and
> Certificate Consumers (as
> defined in Section 2.1(a)(3)). In order for a ballot to be adopted
> by the Forum, two-thirds or more
> of the votes cast by the Members in the Certificate Issuer
> category must be in favor of the ballot,
> and at least 50% plus one of the votes cast by the Members in the
> Certificate Consumer
> category must be in favor of the ballot. At least one Member in
> each category must vote in favor
> of a ballot for the ballot to be adopted.
> _______________________________________________
> Govreform mailing list
> Govreform at cabforum.org <mailto:Govreform at cabforum.org>
> https://cabforum.org/mailman/listinfo/govreform
>
> _______________________________________________
> Govreform mailing list
> Govreform at cabforum.org <mailto:Govreform at cabforum.org>
> https://cabforum.org/mailman/listinfo/govreform
>
>
>
> _______________________________________________
> Govreform mailing list
> Govreform at cabforum.org
> https://cabforum.org/mailman/listinfo/govreform
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/govreform/attachments/20180831/d300d18b/attachment-0001.html>
More information about the Govreform
mailing list