[cabf_governance] Ballot 206 and documents
Dimitris Zacharopoulos
jimmy at it.auth.gr
Tue Feb 6 12:24:58 MST 2018
On 6/2/2018 9:17 μμ, Tim Hollebeek wrote:
>
> For those of us who have historically tried hard not to understand
> European regulations, but probably should understand them better than
> we do, is one a superset of the other, and if so, in which direction?
> If not, what does the Venn diagram look like?
>
ETSI EN 319 401 is the first level and 411 (part 1) is built on top of
401. Here is a diagram available from the document ETSI TR 119 400
(http://www.etsi.org/deliver/etsi_tr/119400_119499/119400/01.01.01_60/tr_119400v010101p.pdf)
I hope it is clearer now.
Dimitris.
>
>
> -Tim
>
>
>
> *From:*Govreform [mailto:govreform-bounces at cabforum.org] *On Behalf Of
> *Dimitris Zacharopoulos via Govreform
> *Sent:* Tuesday, February 6, 2018 12:10 PM
> *To:* Dean Coclin <dean.coclin at digicert.com>; CA/Browser Forum
> Governance WG List <govreform at cabforum.org>
> *Subject:* Re: [cabf_governance] Ballot 206 and documents
>
>
>
>
>
> On 6/2/2018 9:02 μμ, Dean Coclin wrote:
>
> I’m still confused. The requirements from browsers is 411-1.
>
>
> But the new Bylaws are not only for Browsers :-)
>
> The Server Certificates WG will require ETSI EN 319 411-1 BUT IT
> SHOULD ALSO require not just WebTrust for CAs but also WebTrust for
> CAs Baseline and NetSec.
>
> Dimitris.
>
>
>
>
> *From:*Dimitris Zacharopoulos [mailto:jimmy at it.auth.gr]
> *Sent:* Tuesday, February 6, 2018 2:01 PM
> *To:* Dean Coclin <dean.coclin at digicert.com>
> <mailto:dean.coclin at digicert.com>; CA/Browser Forum Governance WG
> List <govreform at cabforum.org> <mailto:govreform at cabforum.org>
> *Subject:* Re: [cabf_governance] Ballot 206 and documents
>
>
>
>
>
> On 6/2/2018 8:15 μμ, Dean Coclin wrote:
>
> Dimitris,
>
> We currently list ETSI 411-1. Why should we change to 401?
>
>
> 411-1 covers Baseline Requirements and Network Security
> Requirements, which is equal to WebTrust for CAs Baseline and NetSec.
> 401 covers similar items as WebTrust for CAs.
>
> Dimitris.
>
>
>
>
> Dean
>
>
>
> *From:*Govreform [mailto:govreform-bounces at cabforum.org] *On
> Behalf Of *Dimitris Zacharopoulos via Govreform
> *Sent:* Tuesday, February 6, 2018 12:16 PM
> *To:* Virginia Fournier <vfournier at apple.com>
> <mailto:vfournier at apple.com>
> *Cc:* CA/Browser Forum Governance WG List
> <govreform at cabforum.org> <mailto:govreform at cabforum.org>
> *Subject:* Re: [cabf_governance] Ballot 206 and documents
>
>
>
>
>
> On 6/2/2018 6:25 μμ, Virginia Fournier wrote:
>
> Hi Dimitris,
>
>
>
> Would you please let us know what changes you’d propose to
> resolve the issues you’ve mentioned below? Your changes
> weren’t left out intentionally - we probably just missed
> your request. Thanks.
>
>
> Certainly. I have attached a red-lined version of the proposed
> changes on the "CABF-Bylaws-v.1.8_23-Jan-2018.doc" file, to
> align the ETSI audit criteria with WebTrust. I also made a
> small reference correction to the "Certificate Consumer"
> definition.
>
> However, I couldn't provide an easy language fix for the
> requirement 2.1 a, and I hope the WG will be able to discuss
> on a future call. I will try to highlight the problem and
> propose some language to resolve the loop.
>
> Here are the current definitions:
>
> _(1) "Certificate Issuer_: The member organization operates a
> certification authority that has a current and successful
> WebTrust for CAs audit or ETSI EN 319 401 audit report
> prepared by a properly-qualified auditor, is a member of a
> Working Group, and that actively issues certificates to end
> entities, such certificates being treated as valid by a
> Certificate Consumer Member. Applicants that are not actively
> issuing certificates but otherwise meet membership criteria
> may be granted Associate Member status under Bylaw Sec. 3.1
> for a period of time to be designated by the Forum"
>
> _(2) _"_Root Certificate Issuer_: The member organization
> operates a certification authority that has a current and
> successful WebTrust for CAs,or ETSI EN 319 401 audit report
> prepared by a properly-qualified auditor, is a member of a
> Working Group, and that issues certificates to subordinate CAs
> that, in turn, actively issue certificates to end entities
> such certificates being treated as valid by a Certificate
> Consumer Member. Applicants that are not actively issuing
> certificates but otherwise meet membership criteria may be
> granted Associate Member status under Bylaw Sec. 3.1 for a
> period of time to be designated by the Forum. "
>
> _(3) _"_Certificate Consumer_: The member organization
> produces a software product, such as a browser, intended for
> use by the general public for relying upon certificates and is
> a member of a Working Group"
>
> First of all, since 2.1 talks about "qualifying for Forum
> Membership", which I understand to mean "Applicants", I
> propose we replace "member organization" to "applicant
> organization". In order to resolve the loop problem, perhaps
> the part of the "Certificate Consumer" definition that talks
> about software intended for use by the general public for
> relying upon certificates, should be included in the
> definitions of (1) and (2).
>
> Here is a suggestion for these definitions:
>
> _(1) "Certificate Issuer_: The applicant organization operates
> a certification authority that has a current and successful
> WebTrust for CAs audit or ETSI EN 319 401 audit report
> prepared by a properly-qualified auditor, is a member of a
> Working Group, and that actively issues certificates to end
> entities, such certificates being treated as valid by a
> software product, such as a browser, intended for use by the
> general public for relying upon certificates. Applicants that
> are not actively issuing certificates but otherwise meet
> membership criteria may be granted Associate Member status
> under Bylaw Sec. 3.1 for a period of time to be designated by
> the Forum"
>
> _(2) _"_Root Certificate Issuer_: The applicant organization
> operates a certification authority that has a current and
> successful WebTrust for CAs,or ETSI EN 319 401 audit report
> prepared by a properly-qualified auditor, is a member of a
> Working Group, and that issues certificates to subordinate CAs
> that, in turn, actively issue certificates to end entities
> such certificates being treated as valid by a software
> product, such as a browser, intended for use by the general
> public for relying upon certificates.Applicants that are not
> actively issuing certificates but otherwise meet membership
> criteria may be granted Associate Member status under Bylaw
> Sec. 3.1 for a period of time to be designated by the Forum. "
>
> _(3) _"_Certificate Consumer_: The applicant organization
> produces a software product, such as a browser, intended for
> use by the general public for relying upon certificates and is
> a member of a Working Group"
>
>
> Thank you,
> Dimitris.
>
>
>
>
>
> Virginia Fournier
>
> Sent from my iPhone
>
> Please excuse iTypos
>
>
> On Feb 6, 2018, at 12:14 AM, Dimitris Zacharopoulos
> <jimmy at it.auth.gr <mailto:jimmy at it.auth.gr>> wrote:
>
>
> Hello all,
>
> I reviewed the diffs and the proposed alignment
> between WebTrust and ETSI is not included in the
> proposed Bylaws draft (2.1a). I sent a proposal on Jan
> 9th
> (https://cabforum.org/pipermail/govreform/2018-January/000355.html
> <https://clicktime.symantec.com/a/1/xRJEOuXg-y_jlF4bPlvzPYNhn8a6eit8kncIq_wfMZ8=?d=zYU90j46QxTFNxAvlm_vJ4ZGqsTgwmt8yY9zvr0ptokxsxcxPTiHyfv81qHB08VOX3rrzZExOGgmgJkxIPZh2VDCB2-WrHv3HSXYZ8Wzk09rw2zFsyEvlFL13nhb7UzygerGhghF5qQl0uKJbkrgfHeL3_MxqGdnvlA7v_LK1cQLQhJS5vIh8quuXAU7PSSJvzKot7DAJo6bZDIRpzkFwNY2W9QBa2ODpEWTq9Pgug2qPyiezauI14B6fZZzXDwU0Ivj6KGS2Dy_1JXgXrsoUU_njc0WcH8N60MzLhzfYru_KK1QzFyolSRuA_TbFD0QG9P-7dp5mSt1H1BWsQ8OFAuLGgGHPbw9v12-oYSxeZkcV1l_eqlq15pTQI-hUSzH_gt5129IW5k-Txy56XOL79S-5w%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fpipermail%2Fgovreform%2F2018-January%2F000355.html>)
> about the Server Certificate Working Group Charter but
> the concept is the same for the Bylaws.
>
> * If we include the requirement for "WebTrust for
> CAs" audit, then the equivalent ETSI audit should
> be "*ETSI EN 319 401*". This probably fits best
> for the Bylaws.
> * If we include the requirement for "WebTrust for
> CAs + WebTrust Baseline + NetSec " audit, then the
> equivalent ETSI audit should be "ETSI EN 319
> 411-1". This probably fits best for the Server
> Certificate Working Group Charter.
>
> The old ETSI TS standards should not be included in
> the new bylaws.
>
> I was also puzzled with the following requirement in
> the Bylaws (section 2.1a) "such certificates being
> treated as valid by a Certificate Consumer*Member*".
> So, if a CA issues Certificates for Digital Signatures
> which are trusted by Adobe and Adobe is not a Member
> of the Forum, then this CA doesn't meet the
> requirements. Is this a correct interpretation?
>
>
> Best regards,
> Dimitris.
>
>
> On 6/2/2018 9:15 πμ, Virginia Fournier via Govreform
> wrote:
>
> Hi all,
>
>
>
>
>
> My apologies, I have a conflict for tomorrow’s
> meeting and will not be able to attend. I am
> sending what I hope are virtually final versions
> of the documents. I am sending diff files for the
> Bylaws and IPR policy, as the Word compare
> function will not cooperate. The diffs may be
> easier to read in the end anyway.
>
>
>
>
>
> As you may have seen from my email earlier today,
> we have to cut off any new issues, content, etc.
> from being added to the ballot so we can finalize
> it. From this point forward, we need to just
> review what we have, clean up typos or any errors
> in the ballot, and move it forward. With this in
> mind, I’d appreciate it if you’d review the
> documents attached/referenced below to see if
> there are any corrections/adjustments that need to
> be made. We can keep a list of additional
> issues that should be addressed for the next ballot.
>
>
>
>
>
> What is the status of the Server Certificate WG
> charter? I sent some comments to Dean/Ben - have
> you had a chance to look at those? We
> need the final version of that document also to
> complete the package.
>
>
>
>
>
> I’d like to send the documents out early next week
> and start an “informal” discussion period of 7
> days next for any questions people may have. Does
> anyone see any obstacles to doing that?
>
>
>
>
>
> Here’s the diff for the Bylaws (all changes since
> version 1.7 shown).
>
>
>
>
>
> https://draftable.com/compare/JHYFfXWaHGRx
> <https://clicktime.symantec.com/a/1/uyKpIpWVOanrzEuutNyKQlSALyoi3PkQHMormrBAvWs=?d=zYU90j46QxTFNxAvlm_vJ4ZGqsTgwmt8yY9zvr0ptokxsxcxPTiHyfv81qHB08VOX3rrzZExOGgmgJkxIPZh2VDCB2-WrHv3HSXYZ8Wzk09rw2zFsyEvlFL13nhb7UzygerGhghF5qQl0uKJbkrgfHeL3_MxqGdnvlA7v_LK1cQLQhJS5vIh8quuXAU7PSSJvzKot7DAJo6bZDIRpzkFwNY2W9QBa2ODpEWTq9Pgug2qPyiezauI14B6fZZzXDwU0Ivj6KGS2Dy_1JXgXrsoUU_njc0WcH8N60MzLhzfYru_KK1QzFyolSRuA_TbFD0QG9P-7dp5mSt1H1BWsQ8OFAuLGgGHPbw9v12-oYSxeZkcV1l_eqlq15pTQI-hUSzH_gt5129IW5k-Txy56XOL79S-5w%3D%3D&u=https%3A%2F%2Fdraftable.com%2Fcompare%2FJHYFfXWaHGRx>
>
>
>
> Here’s the diff for the IPR Policy (all changes
> since version 1.2 shown:
>
>
>
> https://draftable.com/compare/QuHvYZiCAAUr
> <https://clicktime.symantec.com/a/1/8q3XvGqohjM8pvFAj8n2TNaDAB0so_mrZcspY58oCLE=?d=zYU90j46QxTFNxAvlm_vJ4ZGqsTgwmt8yY9zvr0ptokxsxcxPTiHyfv81qHB08VOX3rrzZExOGgmgJkxIPZh2VDCB2-WrHv3HSXYZ8Wzk09rw2zFsyEvlFL13nhb7UzygerGhghF5qQl0uKJbkrgfHeL3_MxqGdnvlA7v_LK1cQLQhJS5vIh8quuXAU7PSSJvzKot7DAJo6bZDIRpzkFwNY2W9QBa2ODpEWTq9Pgug2qPyiezauI14B6fZZzXDwU0Ivj6KGS2Dy_1JXgXrsoUU_njc0WcH8N60MzLhzfYru_KK1QzFyolSRuA_TbFD0QG9P-7dp5mSt1H1BWsQ8OFAuLGgGHPbw9v12-oYSxeZkcV1l_eqlq15pTQI-hUSzH_gt5129IW5k-Txy56XOL79S-5w%3D%3D&u=https%3A%2F%2Fdraftable.com%2Fcompare%2FQuHvYZiCAAUr>
>
>
>
> =
>
>
>
>
>
>
>
>
>
> Best regards,
>
>
>
> Virginia Fournier
>
> Senior Standards Counsel
>
> Apple Inc.
>
> ☏669-227-9595
>
> ✉︎ vmf at apple.com <mailto:vmf at apple.com>
>
>
>
>
>
>
>
>
>
>
>
> On Dec 21, 2017, at 11:19 AM, Virginia Fournier
> via Govreform <govreform at cabforum.org
> <mailto:govreform at cabforum.org>> wrote:
>
>
>
> Hello all,
>
>
>
> Here are the final documents for Ballot 206.
> Please confirm that you’re ready to go forward
> with them in January after the holidays. Please
> also let me know if you can open the Bylaws diff
> file. What is the status of the Server
> Certificate WG’s charter? Thanks for everyone’s
> hard work on this project.
>
>
>
> <CABF_Ballot206_20DEC17.docx>
>
> <CABF-IPR-Policy-v.1.3_20DEC17_clean.doc>
>
> <CABF-IPR-Policy-v.1.3_20DEC17_redline.doc>
>
> <CABF-Bylaws-v.1.8_20DEC17_clean.doc>
>
> <CABF-Governance Change FAQ_20DEC17.docx>
>
> <Bylaws DiffNow Comparison Report.htm>
>
>
>
>
>
>
>
>
>
> Best regards,
>
>
>
> Virginia Fournier
>
> Senior Standards Counsel
>
> Apple Inc.
>
> ☏669-227-9595
>
> ✉︎ vmf at apple.com <mailto:vmf at apple.com>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Govreform mailing list
> Govreform at cabforum.org <mailto:Govreform at cabforum.org>
> https://cabforum.org/mailman/listinfo/govreform
> <https://clicktime.symantec.com/a/1/8rSOldnBKg8XvPcCi-8xhn3L1EZQhM_E6Wxoe2uL3ps=?d=zYU90j46QxTFNxAvlm_vJ4ZGqsTgwmt8yY9zvr0ptokxsxcxPTiHyfv81qHB08VOX3rrzZExOGgmgJkxIPZh2VDCB2-WrHv3HSXYZ8Wzk09rw2zFsyEvlFL13nhb7UzygerGhghF5qQl0uKJbkrgfHeL3_MxqGdnvlA7v_LK1cQLQhJS5vIh8quuXAU7PSSJvzKot7DAJo6bZDIRpzkFwNY2W9QBa2ODpEWTq9Pgug2qPyiezauI14B6fZZzXDwU0Ivj6KGS2Dy_1JXgXrsoUU_njc0WcH8N60MzLhzfYru_KK1QzFyolSRuA_TbFD0QG9P-7dp5mSt1H1BWsQ8OFAuLGgGHPbw9v12-oYSxeZkcV1l_eqlq15pTQI-hUSzH_gt5129IW5k-Txy56XOL79S-5w%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fgovreform>
>
>
> =
>
>
>
>
> _______________________________________________
>
> Govreform mailing list
>
> Govreform at cabforum.org <mailto:Govreform at cabforum.org>
>
> https://cabforum.org/mailman/listinfo/govreform
> <https://clicktime.symantec.com/a/1/8rSOldnBKg8XvPcCi-8xhn3L1EZQhM_E6Wxoe2uL3ps=?d=zYU90j46QxTFNxAvlm_vJ4ZGqsTgwmt8yY9zvr0ptokxsxcxPTiHyfv81qHB08VOX3rrzZExOGgmgJkxIPZh2VDCB2-WrHv3HSXYZ8Wzk09rw2zFsyEvlFL13nhb7UzygerGhghF5qQl0uKJbkrgfHeL3_MxqGdnvlA7v_LK1cQLQhJS5vIh8quuXAU7PSSJvzKot7DAJo6bZDIRpzkFwNY2W9QBa2ODpEWTq9Pgug2qPyiezauI14B6fZZzXDwU0Ivj6KGS2Dy_1JXgXrsoUU_njc0WcH8N60MzLhzfYru_KK1QzFyolSRuA_TbFD0QG9P-7dp5mSt1H1BWsQ8OFAuLGgGHPbw9v12-oYSxeZkcV1l_eqlq15pTQI-hUSzH_gt5129IW5k-Txy56XOL79S-5w%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fgovreform>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/govreform/attachments/20180206/fe28fcd1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: khaofkbelemimbhp.png
Type: image/png
Size: 240603 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/govreform/attachments/20180206/fe28fcd1/attachment-0001.png>
More information about the Govreform
mailing list