[cabfpub] [cabfman] Ballot [94] - Adoption of CA/Browser Forum Bylaws

[Jeremy Rowley]

I do not agree that “most [members] assumed this was the rule already” since three members have already provided the opposite view. I also do not agree that browser input is mandatory on issues that primarily affect CAs.  I see the Forum as a body delegated the responsibility to create and amend standards and guidelines.  The browsers adopt forum work product in their discretion, but the Forum remains free to amend these guidelines and create/modify requirements through errata. 

 

Of course, browser input is always important, which is why require a majority vote of browsers interested in the discussion.  However, I do not think their vote should be essential on issues that impact only CA processes (such as ballot 88).  The browser communities lack of interest should not prevent the modification of guidelines to account for unexpected conflicts that arise between the guidelines and a CAs daily operations.

 

Jeremy

 

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of kirk_hall at trendmicro.com
Sent: Thursday, November 15, 2012 3:17 PM
To: richard.smith at comodo.com; 'Eddy Nigg (StartCom Ltd.)'; public at cabforum.org
Subject: Re: [cabfpub] [cabfman] Ballot [94] - Adoption of CA/Browser Forum Bylaws

 

On this point, I revert to what I have said before – I have never believed that CAs themselves (alone) could impose requirements on other CAs – their competitors – through the Forum or otherwise.  That raises serious competition and antitrust issues.

 

I have always viewed the Forum as a place where CAs and browsers together can develop recommendations for best practices via Guidelines – but they are not binding on any CA because of Forum action.  The Guidelines only become binding on CAs if one or more browsers independently choose to incorporate them as requirements for participation in their trusted root programs.

 

For this reason, I don’t think any recommended requirement or best practices guideline should ever be adopted by the Forum without positive input (i.e., a yes vote) from at least one browser.

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Rich Smith
Sent: Thursday, November 15, 2012 2:04 PM
To: 'Eddy Nigg (StartCom Ltd.)'; public at cabforum.org
Subject: Re: [cabfpub] [cabfman] Ballot [94] - Adoption of CA/Browser Forum Bylaws

 

 

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)

[RWS] <snip> If a change to the guidelines doesn't provide any benefit to the relying parties (e.g. browsers) then it might be questionable if it's really necessary or if it's just something some CAs would like to have. [RWS] </snip>

[RWS] But if it doesn't have any detrimental effect to relying parties and is beneficial to CAs and/or their customers, then I would definitely not call that unnecessary.  Going back to ballot 88 we had placed restrictions that had real consequences for a subscriber with a very legitimate use case.  I don't consider the changes made by that ballot unnecessary at all.  And I think the government of a widely recognized independent country whose problem we solved would agree.

-Rich



 
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cabforum.org/pipermail/public/attachments/20121116/66d50cc8/attachment.html