[cabf_governance] Issues for todays Governance Change call
Kirk.Hall at entrustdatacard.com
Tue Jun 26 09:25:26 MST 2018
Here are the issues I think we should discuss on today's call.
1. Who must sign the IPRA v1.3
(a) Associate Members and their representatives: Our practice since 2012 has been that an Associate Member itself should sign, but its representatives (who are not employees of the AM) do not have to sign either in their individual capacity or for their firms. This is in part because the Forum invites AMs to participate to help the Forum in its work, and the AMs themselves are typically not CAs or browsers (FPKI is the exception).
This practice is essentially allowed by our Bylaws, which only refer to the AMs signing the IPRA:
3.1 Associate Members
The Forum may enter into associate member relationships with other organizations when the CA/Browser Forum determines that maintaining such a relationship will be of benefit to the work of the Forum. In the past, entities qualifying as Associate Members have included the AICPA/CICA WebTrust Task Force, the European Telecommunications Standards Institute, Paypal, the Internet Corporation for Assigned Names and Numbers, tScheme, the U.S. Federal PKI, and CAs applying for membership but awaiting full qualification under Section 2.1. Participation as an Associate Member is by invitation only. In order to become an Associate Member, an organization must sign a mutual letter of intent, understanding, or other agreement and the Forum's IPR Agreement, unless this latter requirement is waived in writing by the Forum based on overriding policies of the Associate Member's own organization IPR rules. Associate Members may attend face-to-face meetings, communicate with Forum Members on member lists, and access Forum wiki content. Associate Members are not entitled to vote except on special straw polls of the Forum (e.g. when selecting meeting dates, locations, etc.)
Here is the current list of Associate Members:
US Federal PKI Policy Management Authority
It would be nice if all representatives of each would sign the IPRA for their individual companies, but we know that would cause problems for some. I think we should stay with our current policy - no Bylaws amendment needed.
(b) ETSI: ETSI signed a Memorandum of Understanding for cooperation with the Forum in 2009, and since the first IPRA in 2012 we have relied on that instead of requiring ETSI to sign the IPRA. One of ETSI's objections is that its policies will not allow it to join an unincorporated association (in part because of possible joint and several liability). Bylaw 3.1 seems to allow this exception: "In order to become an Associate Member, an organization must sign a mutual letter of intent, understanding, or other agreement and the Forum's IPR Agreement, unless this latter requirement is waived in writing by the Forum based on overriding policies of the Associate Member's own organization IPR rules."
My own opinion is that we should continue our existing policy and let ETSI rely on the MOU but not sign the IPRA v1.3. ETSI is a standards body and not a CA or browser. No changes to the Bylaws would be necessary.
Because July 3 is only about a week away and we have not determined any change of policy, as Chair I have extended an ongoing invitation to ETSI to continue participation in the Forum's activities unless and until we make a change in policy.
2. Start of Server Certificate Working Group
On July 5, I plan to issue an invitation to current Forum Members and AMs to sign up for participation in the SCWG, with the first teleconference to be the main part of our July 14 regular teleconference. Members who haven't signed the IPRA by the deadline can only participate as AMs, and AMs who haven't signed (except for ETSI) can't participate until they sign.
3. Mail lists
I propose that we use the existing Public@ and Management@ lists for both the main Forum and the SCWG for a few weeks until we get new lists going.
Then I think the current Public@ and Management@ lists should be retained for the Forum, and the SCWG gets its own public and management lists, like SCPublic@ and SCmanagement at . We can remove any AMs who don't sign the IPRA (except ETSI) - otherwise, existing Members who don't sign the IPRA can continue on the lists, but their role is as an AM only and they can't propose or vote on Ballots.
It would be great if our technically adept members can figure out how to get the new lists set up. Also, we will need to expand pages on our wiki and public site for the new WG.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Govreform