[cabf_governance] Ballot 206 and documents

Tim Hollebeek tim.hollebeek at digicert.com
Tue Feb 6 10:52:14 MST 2018


You … may be onto something.  I was going to say yes, this is fine, the first member of a WG has to be a Certificate Consumer Member, and then CAs can start joining.  We don’t want WGs with no Consumers, do we?

 

But then I realized that Large Company who is a consumer of Certificates of Awesomeness cannot join the main Forum, because it is not a member of any working group!  So it can’t bootstrap its own WG …

 

I guess CAs that issue Certificates of Awesomeness would have to include in the WG charter that Large Company is the founding member, and then bootstrap from there?

 

-Tim

 

From: Dimitris Zacharopoulos [mailto:jimmy at it.auth.gr] 
Sent: Tuesday, February 6, 2018 10:46 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; CA/Browser Forum Governance WG List <govreform at cabforum.org>; Virginia Fournier <vfournier at apple.com>
Subject: Re: [cabf_governance] Ballot 206 and documents

 

 

On 6/2/2018 7:27 μμ, Tim Hollebeek wrote:

I think this is the correct interpretation.

 

It’s similar to the current situation, where if you issue server certificates that are only trusted by Joe’s Hobby Browser, you are not a CA for server certificates.

 

I think other working groups should work similarly, so yes, if you are not trusted by a Certificate Consumer Member, you are not a CA for that WG.


So, to bootstrap a WG, you would need to have at least one "Certificate Consumer Member" and then start adding CAs that produce Certificates that are trusted by this "Certificate Consumer Member". In other words, even if there is a widely used Application Software Supplier out there that offers a product for the general public but is not a "Certificate Consumer Member", you can't add a CA as a Member :)

Dimitris.




 

-Tim

 

I was also puzzled with the following requirement in the Bylaws (section 2.1a) "such certificates being treated as valid by a Certificate Consumer Member". So, if a CA issues Certificates for Digital Signatures which are trusted by Adobe and Adobe is not a Member of the Forum, then this CA doesn't meet the requirements. Is this a correct interpretation?

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/govreform/attachments/20180206/06f86cda/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/govreform/attachments/20180206/06f86cda/attachment-0001.p7s>


More information about the Govreform mailing list