[cabf_governance] Ballot 206 and documents

Dimitris Zacharopoulos jimmy at it.auth.gr
Tue Feb 6 10:15:45 MST 2018



On 6/2/2018 6:25 μμ, Virginia Fournier wrote:
> Hi Dimitris,
>
> Would you please let us know what changes you’d propose to resolve the
> issues you’ve mentioned below?  Your changes weren’t left out
> intentionally - we probably just missed your request. Thanks.

Certainly. I have attached a red-lined version of the proposed changes
on the "CABF-Bylaws-v.1.8_23-Jan-2018.doc" file, to align the ETSI audit
criteria with WebTrust. I also made a small reference correction to the
"Certificate Consumer" definition.

However, I couldn't provide an easy language fix for the requirement 2.1
a, and I hope the WG will be able to discuss on a future call. I will
try to highlight the problem and propose some language to resolve the loop.

Here are the current definitions:

_(1) "Certificate Issuer_: The member organization operates a
certification authority that has a current and successful WebTrust for
CAs audit or ETSI EN 319 401 audit report prepared by a
properly-qualified auditor, is a member of a Working Group, and that
actively issues certificates to end entities, such certificates being
treated as valid by a Certificate Consumer Member.  Applicants that are
not actively issuing certificates but otherwise meet membership criteria
may be granted Associate Member status under Bylaw Sec. 3.1 for a period
of time to be designated by the Forum"

_(2) _"_Root Certificate Issuer_: The member organization operates a
certification authority that has a current and successful WebTrust for
CAs,or ETSI EN 319 401 audit report prepared by a properly-qualified
auditor, is a member of a Working Group, and that issues certificates to
subordinate CAs that, in turn, actively issue certificates to end
entities such certificates being treated as valid by a Certificate
Consumer Member.  Applicants that are not actively issuing certificates
but otherwise meet membership criteria may be granted Associate Member
status under Bylaw Sec. 3.1 for a period of time to be designated by the
Forum. "

_(3) _"_Certificate Consumer_: The member organization produces a
software product, such as a browser, intended for use by the general
public for relying upon certificates and is a member of a Working Group"

First of all, since 2.1 talks about "qualifying for Forum Membership",
which I understand to mean "Applicants", I propose we replace "member
organization" to "applicant organization". In order to resolve the loop
problem, perhaps the part of the "Certificate Consumer" definition that
talks about software intended for use by the general public for relying
upon certificates, should be included in the definitions of (1) and (2).

Here is a suggestion for these definitions:

_(1) "Certificate Issuer_: The applicant organization operates a
certification authority that has a current and successful WebTrust for
CAs audit or ETSI EN 319 401 audit report prepared by a
properly-qualified auditor, is a member of a Working Group, and that
actively issues certificates to end entities, such certificates being
treated as valid by a software product, such as a browser, intended for
use by the general public for relying upon certificates.Applicants that
are not actively issuing certificates but otherwise meet membership
criteria may be granted Associate Member status under Bylaw Sec. 3.1 for
a period of time to be designated by the Forum"

_(2) _"_Root Certificate Issuer_: The applicant organization operates a
certification authority that has a current and successful WebTrust for
CAs,or ETSI EN 319 401 audit report prepared by a properly-qualified
auditor, is a member of a Working Group, and that issues certificates to
subordinate CAs that, in turn, actively issue certificates to end
entities such certificates being treated as valid by a software product,
such as a browser, intended for use by the general public for relying
upon certificates.Applicants that are not actively issuing certificates
but otherwise meet membership criteria may be granted Associate Member
status under Bylaw Sec. 3.1 for a period of time to be designated by the
Forum. "

_(3) _"_Certificate Consumer_: The applicant organization produces a
software product, such as a browser, intended for use by the general
public for relying upon certificates and is a member of a Working Group"


Thank you,
Dimitris.
>
> Virginia Fournier
> Sent from my iPhone
> Please excuse iTypos
>
> On Feb 6, 2018, at 12:14 AM, Dimitris Zacharopoulos <jimmy at it.auth.gr
> <mailto:jimmy at it.auth.gr>> wrote:
>
>>
>> Hello all,
>>
>> I reviewed the diffs and the proposed alignment between WebTrust and
>> ETSI is not included in the proposed Bylaws draft (2.1a). I sent a
>> proposal on Jan 9th
>> (https://cabforum.org/pipermail/govreform/2018-January/000355.html)
>> about the Server Certificate Working Group Charter but the concept is
>> the same for the Bylaws.
>>
>>   * If we include the requirement for "WebTrust for CAs" audit, then
>>     the equivalent ETSI audit should be "*ETSI EN 319 401*". This
>>     probably fits best for the Bylaws.
>>   * If we include the requirement for "WebTrust for CAs + WebTrust
>>     Baseline + NetSec " audit, then the equivalent ETSI audit should
>>     be "ETSI EN 319 411-1". This probably fits best for the Server
>>     Certificate Working Group Charter.
>>
>> The old ETSI TS standards should not be included in the new bylaws.
>>
>> I was also puzzled with the following requirement in the Bylaws
>> (section 2.1a) "such certificates being treated as valid by a
>> Certificate Consumer*Member*". So, if a CA issues Certificates for
>> Digital Signatures which are trusted by Adobe and Adobe is not a
>> Member of the Forum, then this CA doesn't meet the requirements. Is
>> this a correct interpretation?
>>
>>
>> Best regards,
>> Dimitris.
>>
>>
>> On 6/2/2018 9:15 πμ, Virginia Fournier via Govreform wrote:
>>> Hi all,
>>>
>>> My apologies, I have a conflict for tomorrow’s meeting and will not
>>> be able to attend.  I am sending what I hope are virtually final
>>> versions of the documents.  I am sending diff files for the Bylaws
>>> and IPR policy, as the Word compare function will not cooperate. The
>>> diffs may be easier to read in the end anyway.
>>>
>>> As you may have seen from my email earlier today, we have to cut off
>>> any new issues, content, etc. from being added to the ballot so we
>>> can finalize it.  From this point forward, we need to just review
>>> what we have, clean up typos or any errors in the ballot, and move
>>> it forward.  With this in mind, I’d appreciate it if you’d review
>>> the documents attached/referenced below to see if there are any
>>> corrections/adjustments that need to be made.  We can keep a list of
>>> additional issues that should be addressed for the next ballot.
>>>
>>> What is the status of the Server Certificate WG charter?  I sent
>>> some comments to Dean/Ben - have you had a chance to look at those?
>>>  We need the final version of that document also to complete the
>>> package.
>>>
>>> I’d like to send the documents out early next week and start
>>> an “informal” discussion period of 7 days next for any questions
>>> people may have.  Does anyone see any obstacles to doing that?
>>>
>>> Here’s the diff for the Bylaws (all changes since version 1.7 shown).
>>>
>>> https://draftable.com/compare/JHYFfXWaHGRx
>>>
>>> Here’s the diff for the IPR Policy (all changes since version 1.2 shown:
>>>
>>> https://draftable.com/compare/QuHvYZiCAAUr
>>>
>>> =
>>>
>>>
>>>
>>>
>>>
>>> Best regards,
>>>
>>> Virginia Fournier
>>> Senior Standards Counsel
>>>  Apple Inc.
>>> ☏ 669-227-9595
>>> ✉︎ vmf at apple.com <mailto:vmf at apple.com>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Dec 21, 2017, at 11:19 AM, Virginia Fournier via Govreform
>>> <govreform at cabforum.org <mailto:govreform at cabforum.org>> wrote:
>>>
>>> Hello all,
>>>
>>> Here are the final documents for Ballot 206.  Please confirm that
>>> you’re ready to go forward with them in January after the holidays.
>>>  Please also let me know if you can open the Bylaws diff file.  What
>>> is the status of the Server Certificate WG’s charter?  Thanks for
>>> everyone’s hard work on this project.
>>>
>>> <CABF_Ballot206_20DEC17.docx>
>>> <CABF-IPR-Policy-v.1.3_20DEC17_clean.doc>
>>> <CABF-IPR-Policy-v.1.3_20DEC17_redline.doc>
>>> <CABF-Bylaws-v.1.8_20DEC17_clean.doc>
>>> <CABF-Governance Change FAQ_20DEC17.docx>
>>> <Bylaws DiffNow Comparison Report.htm>
>>>
>>>
>>> Best regards,
>>>
>>> Virginia Fournier
>>> Senior Standards Counsel
>>>  Apple Inc.
>>> ☏ 669-227-9595
>>> ✉︎ vmf at apple.com <mailto:vmf at apple.com>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Govreform mailing list
>>> Govreform at cabforum.org <mailto:Govreform at cabforum.org>
>>> https://cabforum.org/mailman/listinfo/govreform
>>>
>>> =
>>>
>>>
>>> _______________________________________________
>>> Govreform mailing list
>>> Govreform at cabforum.org
>>> https://cabforum.org/mailman/listinfo/govreform
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/govreform/attachments/20180206/75c8c468/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CABF-Bylaws-v.1.8_23-Jan-2018-DZ.doc
Type: application/msword
Size: 139776 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/govreform/attachments/20180206/75c8c468/attachment-0001.doc>


More information about the Govreform mailing list