[cabfpub] Notes of meeting, CAB Forum, 20 Sept 2012, Version 1

Ben Wilson ben at digicert.com
Tue Oct 9 17:47:45 MST 2012


All,

 

I'm still working on preparing the minutes of the face-to-face meeting in
NYC on 25-26 September and revocation discussion on 27 Sept.  However, here
are the notes of the meeting held just before the face-to-face meeting on
Thurs. 20 Sept.  While these will be approved during our telephone call this
Thursday, the rule provides that they be posted to the public list after 14
days of publication.  

 

Notes of meeting, CAB Forum, 20 Sept 2012, Version 1

Notes of meeting

CAB Forum 

20 September 2012

Version 1

 

1.   Present:  Dean Coclin, Ben Wilson, Atsushi Inaba, Rich Smith, Phillip
Hallam-Baker, Kirk Hall, Eddy Nigg, Jeremy Rowley, Brad Hill, Gerv Markham,
Patricia Forsythe, Robin Alden, Rick Andrews, Bill Maddell 

2. Agenda review

The agenda was reviewed.

3. Minutes of Meeting 6-Sept-2012

Minutes of 6 September 2012 were approved as published.  

4.  Ballot status

Ballot 89 (Requirements for the Processing of EV SSL Certificates v.2)
failed for lack of quorum.  Rick noted that Tom had objected to the ballot
because he was concerned that it had not been adequately reviewed or
modified to incorporate browser comments.  Subsequently Rick and Ben had
modified and resubmitted a new draft of the requirements during the review
period and before voting had begun.  They explained that voting did not
proceed on Ballot 89 because the sponsor and endorsers felt that the
document needed one more review before being voted on.  Kirk asked whether
voting periods are announced, and Ben explained that the practice has been
for voting to begin immediately after the review period without any
announcement.  Ben said that he would re-send a new ballot with the attached
document and announce a review period.

Rick said that the revised revocation whitepaper for clients implementing
SSL is being finalizing with input from Ben, Scott Rea, and Ryan Hurst.  

Ben asked whether there were any questions on Ballot 90 (Governance), and
Rick asked whether it would be good to provide a synopsis of the proposals.
Kirk suggested that instead of creating a full review document maybe the
document could point to where all of the questions and answers have been
provided.  Ben offered to provide a synopsis and said that DigiCert and
Trend Micro would coordinate on what would be provided.  

Ballot to publish v.1.1 of Baseline Requirements - Ben asked whether
everyone had noticed that he had attached a proposed v. 1.1 of the Baseline
Requirements to the results of Ballot 88 (BR_9_2_4_Errata-ISO3166) and
whether there was anyone who would endorse a motion.    It was generally
agreed that since it only incorporated the results of other ballots that it
could be published for a one-week review period.  Ben said he would do that.

Kirk asked, with regard to Ballot 88, whether CAs alone could adopt
guidelines (for example, when no browsers vote).  Gerv said he didn't think
that a ballot could pass without at least one browser vote because the
voting rule says "50% plus one."  Ben said that there are two sections to
the voting rules-one for determining quorum and one for voting percentages.
He said it was his understanding that the 50%+1 was meant to correct the
prior rule for voting percentages that had caused concern among browsers
when some votes had tied at 2-2 because the previous language said a ballot
passed if "half or more" of the browsers supported it.   Ben also said that
the percentage rule applies to "those voting" - "of the votes cast"- in a
category.   So, if anyone wants to amend the rule, then they should propose
language that more clearly states that at least one member of each group has
to vote (as a quorum-requirement provision).   

 

Kirk also said he was concerned about the current quorum calculation formula
if only 6 members are required to constitute a quorum.  Ben said that the
quorum rule was amended back in December 2007 (Ballot 5 - January 2008)
because we had gone for quite a while without being able to pass a motion
for lack of quorum.  Ben asked Kirk to come up with a proposal that would be
somewhere in between the previous formula (50% of members) and the current
formula (50% of active members as determined by the number of members
attending the last three meetings).  Rich recommended that we should add
posting to the list as means of calculating quorum since geographic reasons
can cause active members to be under-counted.  It was generally agreed that
this was a good idea.  Kirk suggested a 90-day period.  Ben said he thought
a 60-day period would be easier to apply.  There was open discussion on what
would work best, and Kirk said he would also like to bunch votes together in
batches so that they are easier to follow, review and vote on.  Ben
requested that Kirk give a presentation during the face-to-face in NYC on
some of the ballot-improvement suggestions.  

 

5.  Update on revisions to IPR Policy

Ben said he thought that some very good progress had occurred this week on
the revisions to the IPR policy.  Jeremy said that Marc Braner of Apple was
working on some amendments to IPR Policy, including for example, that new
entrants could file exclusion notices.  Dean said that he understood from
his participation during the IPR call that the changes would satisfy
Entrust, Identrust and other former members.  Ben asked whether the proposed
revisions would have a "working group model."   Gerv said he recalled that
Tom Albertson had suggested that after governance was revised we would turn
to an IETF policy (which has a working group model).  Gerv asked,
anticipating that the governance issue will be sorted out, what will we do?
Kirk said that regardless of which governance model or IPR policy we have,
we'll have to deal with individuals contributing and that he recalled that
we were going to have a simplified form of IPR agreement for these people.
Gerv said that we will want one agreement for people who are clearly not
patent holders and who cannot hire lawyers to review an IPR Agreement and
another agreement for companies that have IP and lawyers to review them.
Kirk asked whether the IETF had a single agreement.    Brad said that the
IETF IPR agreement is entered into by individuals rather than by companies.
Ben said that we could continue this discussion during the face-to-face
meeting.

6.  Review Face-to-face agenda 

We walked through the current draft of the face-to-face agenda. Members are
asked to help fill in any gaps in the agenda with items, suggestions and
topics for discussion.  Rick said he would like to spend some time
discussing the fact that lots of enterprises are implementing mobile apps
that interface directly with mobile devices (without relying on browsers)
and that it is unclear whether the stacks between the servers and those
mobile systems follow recommended protocols.  

If anyone has any new proposals or research results that that they would
like to present, they should contact Ben for a slot on the agenda. 

7. Any Other Business

None.

8.  Next telephone call will be Oct. 11th.  Robin will send a note to the
list in case anyone wants to dial in to the face-to-face meeting.


9.  Meeting adjourned.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cabforum.org/pipermail/public/attachments/20121009/3dfae6ab/attachment.html 


More information about the Public mailing list