[cabfpub] Arguments in opposition to Trend Micro's governance proposal

Jeremy Rowley jeremy.rowley at digicert.com
Fri Sep 14 23:41:43 UTC 2012

We appreciate the opportunity to review and respond to Trend Micro’s governance proposal and to incorporate feedback into our updated proposal to address some stated concerns.  


Our proposal is based on a belief that interested parties are materially affected by the operation and security of CAs.  Their business depends on the security and operations of our business.  Because of this, these parties deserve a true voice in the industry, meaning a vote at both the Forum and working group levels.  Without an interested party vote, the Forum lacks sufficient incentive for participation by experts and other affected parties.  (Voters should keep in mind the many contributions that the CAB Forum has already received from entities that are not CAs or Browsers, like WebTrust, PayPal, ETSI, and others.) 


We do not think that broadening the stakeholder group of interested parties will necessarily “rip the current forum and participating members entirely apart” because we have board ratification as a safety valve before a guideline becomes effective.  The board vote will act as a sanity check on the Forum’s activities and ensure that  new requirements are reasonable and provide a corresponding public benefit.  And it also provides structure and governance to help handle the contributions of the various interests—which leads in to our next point.  


TrendMicro’s proposal ignores that we are formalizing our association for additional reasons—we have encountered several instances in which we were asked to act formally and our current and future operations will incur a cost.  Under either proposal we expect to incur costs.  Right now, the Forum’s costs are not being distributed fairly among members.  The DigiCert proposal seeks only the amount necessary to cover operating costs.  Because we have some experience forming legal entities, we do not expect to incur much in legal fees if we incorporate as a non-profit in Delaware or Oregon, as has been proposed, but there will be initial filing and renewal expenses.  Other expenses include the teleconference dial-in number and the domain, email, and website hosting.  The DigiCert proposal ties the Forum’s membership and board fees to the actual costs of operation.  We do not expect that the membership fee will be a reason for not joining the Forum. 


Hopefully, we will choose a governance proposal that includes these members so we can continue to receive their input.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120914/95db74c8/attachment-0003.html>

More information about the Public mailing list