[cabfpub] Ballot [94] - Adoption of CA/Browser Forum Bylaws

Rich Smith richard.smith at comodo.com
Fri Nov 9 20:49:14 UTC 2012


2.2 (f)

" At least one CA Member and one browser Member must vote in favor of a
ballot for the ballot to be adopted."

 

If I'm not mistaken this is an addition that is not in the current voting
guidelines.  I'm not necessarily against it, but there could conceivably be
a ballot that either the CA's as a group or the browsers as a group really
don't care about and therefore don't vote on, and would then fail purely
from disinterest of a member group.  With that in mind, how about this
instead:

"Any ballot which contains binding requirements on any member group must
have at least one vote in favor cast by a member of that group in order for
that ballot to be adopted."

 

Regards,

Rich

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Ben Wilson
Sent: Friday, November 09, 2012 2:42 PM
To: public at cabforum.org; CABFMAN
Subject: [cabfpub] Ballot [94] - Adoption of CA/Browser Forum Bylaws

 

Ballot 94 - Adoption of CA/Browser Forum Bylaws 

Kirk Hall made the following motion and it was endorsed by Wayne Thayer and
Jeremy Rowley. 

--Motion Begins-- 

A. Be it resolved that the CA / Browser Forum adopts the following set of
Bylaws. 

--Bylaws Begin-- 

Proposed CA-Browser Forum Bylaws_(v4) Trend Micro 8 Nov 2012.doc (on wiki)

Proposed CA-Browser Forum Bylaws_(v4) Trend Micro 8 Nov 2012.pdf (on wiki)


BYLAWS OF THE CA/BROWSER FORUM 

Adopted effective as of [Date]

1. CA/BROWSER FORUM - PURPOSE, STATUS, AND ANTITRUST LAWS 

1.1 Purpose of the Forum: 

The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary
gathering of leading certification authorities (CAs) and vendors of Internet
browser software and other applications. 

Members of the CA/Browser Forum have worked closely together in defining the
guidelines and means of implementation for best practices as a way of
providing a heightened security for Internet transactions and creating a
more intuitive method of displaying secure sites to Internet users. 

1.2 Status of the Forum and Forum Activities 

The Forum has no corporate or association status, but is simply a group of
CAs and browsers which communicates or meets from time to time to discuss
matters of common interest relevant to the Forum's purpose. The Forum has no
regulatory or industry powers over its members or others. Other than those
rights and responsibilities found in the Forum's Intellectual Property
Rights Policy (IPR), Forum "membership" or other participation status does
not convey any legal status or rights, but is intended simply as a guide to
the levels of participation in Forum activities. 

1.3 Intellectual Property Rights Policy; Antitrust Laws and Regulations;
Goal; Conduct 

Forum Members and Interested Parties must comply with the then-current IPR
policy and all applicable antitrust laws and regulations during their Forum
activities. 

The historic goal of Forum activities (including development of proposed
requirements and guidelines and voting on all matters) has been to seek
substantial consensus among Forum Members before proceeding or adopting
final work product, and this goal will remain for the future. Members shall
not use their participation in the Forum either to promote their own
products and offerings or to restrict or impede the products and offerings
of other Members. 

The Chair will read an antitrust compliance statement at the start of all
Forum Meetings (and on other occasions, as the Chair deems necessary) in
substantially the following form: 

"As you know, this meeting includes companies that compete against one
another. This meeting is intended to discuss technical standards related to
the provision of existing and new types of digital certificates without
restricting competition in developing and marketing such certificates. This
meeting is not intended to share competitively-sensitive information among
competitors, and therefore all participants agree not to discuss or exchange
information related to: 

(a) Pricing policies, pricing formulas, prices or other terms of sale; 

(b) Costs, cost structures, profit margins, 

(c) Pending or planned service offerings, 

(d) Customers, business, or marketing plans; or 

(e) The allocation of customers, territories, or products in any way." 

2. FORUM MEMBERSHIP AND VOTING 

2.1 Qualifying for Forum Membership 

(a) CA/Browser Forum members shall meet at least one of the following
criteria. 

(1) Issuing CA: The member organization operates a certification authority
that has a current and successful WebTrust for CAs audit, or ETSI 102042 or
ETSI 101456 audit report prepared by a properly-qualified auditor, and that
actively issues certificates to Web servers that are openly accessible from
the Internet using any one of the mainstream browsers. 

(2) Root CA: The member organization operates a certification authority that
has a current and successful WebTrust for CAs, or ETSI 102042 or ETSI 101456
audit report prepared by a properly-qualified auditor, and that actively
issues certificates to subordinate CAs that, in turn, actively issue
certificates to Web servers that are openly accessible from the Internet
using any one of the mainstream browsers. 

(3) Browser: The member organization produces a software product intended
for use by the general public for browsing the Web securely. 

(b) Applicants should supply the following information: 

(1) Confirmation that the applicant satisfies at least one of the membership
criteria (and if it satisfies more than one, indication of the single
category under which the applicant wishes to apply). 

(2) URL of the current qualifying performance audit report. 

(3) The organization name, as you wish it to appear on the Forum Web site
and in official Forum documents. 

(4) URL of the applicant's main Web site. 

(5) Names and email addresses of employees who will participate in the Forum
mail list. 

(6) Emergency contact information for security issues related to certificate
trust. 

(c) An Applicant shall become a Member once the Forum has determined by vote
that the Applicant meets all of the requirements of subsection (a). A vote
of Members shall be held as soon as the Applicant indicates that it has
presented all information required under subsection (b) and has responded to
all follow-up questions from the Forum and the Member has complied with the
requirements of Section 5.5. 

2.2 Ballots Among Forum Members 

Ballots will be conducted in accordance with the following rules. 

(a) Only votes by Members shall be accepted. 

(b) Only one vote per Member company shall be accepted; representatives of
corporate affiliates shall not vote. 

(c) A representative of any Member can call for a proposed ballot to be
published for review and comment by the membership. Any proposed ballot
needs two endorsements by other Members in order to proceed. The review
period then shall take place for at least seven calendar-days before votes
are cast. 

(d) The CA/Browser Forum shall provide seven calendar-days for voting, with
the deadline clearly communicated via the members' electronic mailing list.
All voting will take place online via the members' electronic mailing list. 

(e) Only votes that indicate a clear 'yes' or 'no' response to the ballot
question shall be considered (i.e. votes to abstain and votes that do not
indicate a clear 'yes' or 'no' response will not figure in the calculation
of item 6, below). 

(f) Members fall into two categories: CAs (comprising issuing CAs and root
CAs, as defined in the membership criteria) and product suppliers (as
defined in the membership criteria). In order for the motion to be adopted
by the Forum, two-thirds or more of the votes cast by the Members in the CA
category must be in favor of the motion, and at least 50% plus one of the
votes cast by the members in the browser category must be in favor of the
motion At least one CA Member and one browser Member must vote in favor of a
ballot for the ballot to be adopted. 

(g) A ballot result will be considered valid only when more than half of the
number of currently active members has participated. The number of currently
active members is the average number of member organizations that have
participated in the previous three meetings (both teleconferences and
face-to-face meetings). 

(h) The CA/Browser Forum will tabulate and announce the results within one
calendar-day of the close of the voting period. 

3. OTHER FORUM PARTICIPATION 

3.1 Interested Parties 

Any person or entity that wishes to participate in the Forum as an
Interested Party may do so by completing an enrollment form and
Participation Agreement (completed and submitted manually or online)
including name, affiliation (optional), and contact information, and by
agreeing to the IPR Agreement attached as Exhibit B (indicating agreement by
manual signing or a click-through agreement). 

Interested Parties may participate in Forum activities in the following
ways: 

(a) By becoming involved in Working Groups, 

(b) By posting to the Public Mail List, and 

(c) By participating in those portions of Forum Teleconferences and Forum
Meetings to which they are invited by the Forum Chair relating to their
areas of special expertise or the subject of their Working Group
participation. 

Interested Parties are required to comply with the provisions of the
Participation Agreement and these Bylaws. Interested Parties may lose their
status as Interested Parties by vote of the Members, in the Members' sole
discretion. 

3.2 Other Parties 

The public may follow the Forum's activities by reading all postings on the
Public Mail List and the Public Web Site. Questions or comments to the Forum
may be sent to Questions Mail List. 

4. OFFICERS AND FINANCES 

4.1 Officers 

The Forum will elect a Chair and Vice Chair, each to serve for a two-year
term. The Vice Chair has the authority of the Chair in the event of any
absence or unavailability of the Chair, and in such circumstances, any duty
delegated to the Chair herein may be performed by the Vice Chair. For
example, the Vice Chair will preside at Forum Meetings and Forum
Teleconferences in the Chair's absence. The offices of Chair and Vice Chair
may only be filled by Forum Member representatives. 

No person may serve as Chair for more than a two-year period or be elected
to Vice Chair upon expiration or termination of the person's service as
Chair, but a person is eligible to be elected as Chair again after having
vacated the position as Chair for at least two years. 

Upon expiration or early termination of the current Chair's term, the Vice
Chair will automatically be nominated to become the next Chair, but Members
may nominate themselves or others to be additional candidates as Chair. Upon
close of nominations a ballot will be held in the regular manner to elect
the new Chair. If the election of a new Chair means the office of Vice Chair
becomes vacant, the Members may nominate themselves or other candidates to
the office of Vice Chair, and a ballot will be held in the regular manner to
elect the new Vice Chair. 

The Chair and Vice Chair shall exercise their functions in a fair and
neutral manner, allowing all Members equal treatment for their comments and
proposals, and shall not favor one side over another in any matter (except
that the Chair and Vice Chair may indicate their own position during
discussion and voting on the matter). The Chair and Vice Chair shall have no
personal liability for any activities of the Forum or its Members or
Interested Parties. 

The Chair or the Vice Chair may sign correspondence, applications, forms,
Letters of Intent, and Memoranda of Understanding relating to projects with
standards bodies, industry groups, and other third parties, but shall have
no personal liability therefor.

4.2 Finances 

Because the Forum has no corporate status, it will not maintain funds or
banking accounts. The costs of operating Forum websites or mailing lists
will be covered by voluntary contribution from Forum Members (who may seek
voluntary contributions from other Members to help defray such costs). Forum
Members may propose other group activities which they propose to sponsor
(e.g., research projects, etc.) which require funding and may seek voluntary
contributions from other Members for such activities. 

Forum Meetings may be held from time to time upon the voluntary sponsorship
of one or more Forum members. The sponsor of a Forum Meeting may suggest a
fixed cost per meeting participant as reimbursement to the sponsor to cover
(a) the cost of meeting rooms and refreshments, and (b) the cost of any
meeting dinner or other group activity. Sponsors will be encouraged to
announce any suggested per-participant fixed cost reimbursement amount in
advance of the Forum Meeting for participant planning purposes, and will
provide a statement or invoice to each participant upon request after the
Forum Meeting for submission to the participant's accounting department. All
per-participant reimbursements shall be paid directly to the sponsor. 

Interested Parties will not be required to pay anything for their
participation in Forum activities, but must cover their own expenses for
participation in any Working Group meetings. 

5. FORUM ACTIVITIES 

5.1 Member Mail List and Member Web Site 

The Forum shall maintain a Member Mail List and Member Web Site that are not
accessible by the public. The following matters may be posted to the Member
Mail List and Member Web Site: 

(a) Draft minutes of Forum meetings (both virtual and in-person, and
including any sub-groups or committees) will be posted to the Member Mail
List to allow Members to make sure they are being correctly reported. 

Minutes will be considered Final when approved at a subsequent Forum Meeting
or Forum Teleconference, or after 2 weeks have elapsed since publication of
the draft if no Forum Meeting or Forum Teleconference is imminent. Final
minutes will then be posted to the Public Mail List and Public Web Site. The
Chair will, upon request, make redactions of any part of the public copy of
the minutes identified as private or sensitive by either the information
discloser or a member mentioned or affiliated with the subject of the
information. 

(b) Messages formally announcing ballots or ballot outcomes, including vote
and quorum counts, will be posted to the Public Mail List. However, ballots
and the listing of final votes by each Member will only be posted to the
Member Mail List and Member Web Site. 

(c) Nominations for officer positions, Forum Meeting and Forum
Teleconference scheduling issues, and discussion of Forum financial issues. 

(d) Security incidents if, in the opinion of the Members, discussion on the
Public Mail List could reasonably be detrimental to the implementation of
security measures by Members. 

(e) Proposed responses to questions sent to the Questions Mail List. 

(f) Matters which, in the opinion of the Members, require confidentiality. 

Members have discretion about which mailing list they use, but are strongly
encouraged to use the Public Mail List for matters other than those listed
above. 

Members are strongly discouraged from posting the text of Member Mail List
messages to the Public Mail List without the permission of the author or
commenter. 

5.2 Public Mail List and Public Web Site 

The Chair shall appoint a List Manager who shall maintain a Public Mail
List. Forum Members and Interested Parties may post to the Public Mail List
in compliance with these Bylaws. Anyone else is allowed to subscribe to and
receive messages posted to the Public Mail List, which may be crawled and
indexed by Internet search engines. 

The Chair shall appoint a Webmaster. The Webmaster shall post instructions
on the Public Web Site for subscribing to the Public Mail List. 

The following materials shall be posted to the Public Mail List or Public
Web Site: 

(a) Draft and final agendas for Working Group meetings, Forum Meetings and
Forum Teleconferences (including any sub-groups or committees). 

(b) Final minutes of Forum Meetings and Forum Teleconferences (including
minutes of any sub-groups or committees), and minutes of all Working Group
teleconferences and meetings. 

(c) Messages formally proposing a Forum ballot (including ballots to
establish, modify, or terminate Working Groups) and announcing ballot
outcomes, including vote and quorum counts but not identifying individual
votes by name of Member. 

(d) Initial and final drafts of Forum requirements, guidelines, and
recommendations after the drafter has had an opportunity to receive and
respond to initial Member comments. 

(e) Initial and final drafts of Working Group requirements, guidelines, and
recommendations after the drafter has had an opportunity to receive and
respond to initial Working Group member comments. 

5.3 Working Groups 

Members may propose by ballot the appointment of Working Groups open to
participation by Members and Interested Parties. The ballot shall outline
the scope of the Working Group's activities, including deliverables, any
limitations, and Working Group expiration date. Upon approval of the Working
Group, the Chair will call for a show of interest in participation by
Members, and shall appoint a Working Group Chair from among the interested
Members. 

Upon creation of a Working Group, the Forum will post an invitation to all
Interested Parties to participate, and will solicit others with expertise
and interest in the Working Group subject matter to become Interested
Parties and participate in the Working Group. With the approval of the
Chair, Working Groups may establish separate list-servs, wikis, and web
pages for their communications, but all such separate list-servs must be
managed in the same fashion as the Public Mail List. Working Groups may meet
by teleconference or face-to-face meetings upon approval by the Chair and
the Working Group Chair, but the Forum shall not be responsible for the
expenses of any such teleconferences or meetings. 

Working Groups may draft recommendations to be forwarded to the Forum for
its consideration, but no recommendations will be considered the product of
the Working Group unless approved by two-thirds of all Working Group members
who vote on the recommendations. All substantial initial and final drafts of
the Working Group product will be posted on the Public Mail List. 

The Forum shall review the final recommendations from a Working Groups and
may approve and implement some or all of the recommendations as appropriate
in the Forum's judgment following the Forum's regular voting rules. The
Forum shall retain the right to amend a Working Group recommendation before
approval, but in most cases should first return the proposed amended
recommendation to the Working Group for its review and response before
voting. 

The Forum shall not be required to submit any matter to a Working Group, but
may itself draft requirements and guidelines without a Working Group in its
discretion. 

5.4 Forum Teleconferences and Forum Meetings 

>From time to time the Forum will hold Forum Teleconferences and Forum
Meetings among the Members, who may participate in person or (where
feasible) by teleconference. Interested Parties and others may be invited by
the Chair, in the Chair's discretion, to participate in those portions of
Forum Teleconferences and Forum Meetings that are relevant to their
expertise or their participation in Working Groups. 

5.5 IPR policies 

As a requirement for membership, Members must execute and return to the
Chair the IPR Agreement attached as Exhibit A. 

As a requirement for participation as an Interested Party, Interested
Parties must execute and return to the Chair (or indicate their agreement by
clicking through an online agreement) the IPR Agreement attached as Exhibit
B. 

5.6 Project Lifecycle 

In general, Forum projects will follow the model Project Lifecycle attached
as Exhibit C. However, the Members may modify this model as appropriate by
their subsequent actions. 

6. MISCELLANEOUS 

6.1 Posting and Amendment of the Bylaws 

The current Bylaws shall be posted to the Public Web Site. These Bylaws may
be amended by subsequent ballot of the Members. 

6.2 Procedure for Dealing with Questions and Comments 

The Forum procedure for dealing with questions and comments sent to the
Questions Mail List shall be as follows. The Chair shall appoint a Questions
List Coordinator. The responsibilities of the Questions List Coordinator
are: 

(a) If practical, within 24 hours send an acknowledgment to the questioner
indicating that the question or comment has been received and that a
response will provided as soon as is practical. 

(b) Coordinate discussion using the Member Mail List until consensus has
been achieved. 

(c) Post the proposed response to the Member Mail List indicating that
Members have 24 hours to object. 

(d) If no objections are received before the deadline expires, then send the
response to the questioner. 

(e) If consensus cannot be achieved, or one or more objections are received,
then the matter should be dealt with in the next Forum Meeting or Forum
Teleconference. 

DEFINITIONS 

Forum Meetings: Face-to-face meetings of Members as scheduled from time to
time. 

Forum Teleconferences: Teleconference meetings of Members as scheduled from
time to time. 

Member: A Member of the Forum or a representative of the Member (depending
on context). 

Member Mail List: The email list-serv maintained by the Forum for
communications by and among Forum Members. The Member Mail List is not
available to Interested Parties or Other Parties. 

Member Web Site: The password-protected web site available only to Members
(currently called the CA/Browser Forum Wiki). 

Participation Agreement: An agreement that individuals or entities must
agree to in order to participate in the Forum as Interested Parties. The
current form of Participation Agreement is attached as Exhibit D. 

Public Mail List: The public email list-serv currently located at
public at cabforum.org maintained by the Forum for communications by and among
Members and Interested Parties. The Public Mail List may be read by Other
Parties, but Other Parties may not post to the Public Mail List. 

Public Web Site: The web site available only to Members, Interested Parties,
and Other Parties (currently located at cabforum.org
<http://www.cabforum.org/> ). A Forum Member will be appointed as Webmaster
and will control all postings to the Public Web Site. 

Questions Mail List: The email list-serv currently located at
questions at cabforum.org maintained by the Forum for communications from the
public to the Forum. 

Exhibit A [Insert Member IPR Agreement here] 

Exhibit B [Insert Interested Party IPR Agreement here] 

Exhibit C - Project Lifecycle 

Exhibit D - Interested Parties Participation Agreement [Insert Agreement
here] 

--Bylaws End-- 

B. Be it further resolved that these Bylaws do not modify the status of, or
requirements applicable to, current observers such as ETSI, WebTrust,
PayPal, tScheme, or the Federal PKI Management Authority, and they may
continue to participate in meetings and on lists on the same basis as they
did previously. 

--Motion ends-- 

The ballot review period comes into effect immediately upon posting today
(Friday, 9 Nov 2012) and will close at 2000 UTC on Friday, 16 Nov 2012.
Unless the ballot is withdrawn or modified during the review period, the
voting period will start immediately thereafter and will close at 2000 UTC
on Friday, 23 Nov 2012. If the ballot is modified for reasons other than to
correct minor typographical errors, then the ballot will be deemed to have
been withdrawn. 

Votes must be cast by posting an on-list reply to this thread. 

A vote in favor of the ballot must indicate a clear 'yes' in the response. 

A vote against the ballot must indicate a clear 'no' in the response. A vote
to abstain must indicate a clear 'abstain' in the response. Unclear
responses will not be counted. The latest vote received from any
representative of a voting member before the close of the voting period will
be counted. 

Voting members are listed here: http://www.cabforum.org/forum.html 

In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and one half or more of the votes cast by
members in the browser category must be in favor. Also, at least six members
must participate in the ballot, either by voting in favor, voting against or
abstaining. 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121109/f3f37acd/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6391 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121109/f3f37acd/attachment-0004.bin>


More information about the Public mailing list