[cabfpub] Discussion Draft for Revisions to Bylaws

Ben Wilson ben at digicert.com
Mon Nov 25 21:06:31 UTC 2013

See responses inline below- 


Erwann wrote:  Would such a definition allow RedHat, Debian, or any other
Linux distribution to apply as a Platform provider?


Ben:  I don’t think that “any other” Linux distribution would qualify – only
a “a major one” that also manages a root store and does more than simply
import somebody else’s store “whole-cloth”.   

Erwann wrote:  They usually take Mozilla's root store and redistribute it.


Ben:  If RedHat only takes the Mozilla root store, then it might not
qualify, but I’ll leave the finer points on either side of that argument for
debate among others in this group who are more familiar with RedHat.  If
they do take the entire whole of Mozilla’s store “as is” then should the
definition be modified to more clearly include/exclude them?  

Erwann wrote:  Debian/Ubuntu also adds some CA certificates, and modifies
libnss to include them (2 for CACert and 1 for SPI), it has an effect on
Mozilla and Chrome browsers.


Ben:  Same analysis as above – if Debian and Ubuntu were to meet those
requirements under the proposed modification, then I think they would
qualify, but I’m open to discussion.


Le 25/11/2013 06:44, Ben Wilson a écrit :

What about this definition?  I took out the word “global” and inserted
language about managing a root store.


(3)          Browser/Platform Provider: The member organization manages a
root store as a major provider of a software product used by the general
public: (a) to browse the Web securely or (b) to authenticate digitally
signed code.


Redlined, if it comes through to you as HTML, as follows:


(3)        Browser/Platform Provider: The member organization manages a root
store as a major provider of produces a software product intended for used
by the general public (a) to for browseing the Web securely or (b) to
authenticate digitally signed code. 



-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Gervase Markham
Sent: Wednesday, November 13, 2013 4:43 AM
To: ben at digicert.com; 'CABFPub'
Subject: Re: [cabfpub] Discussion Draft for Revisions to Bylaws


On 12/11/13 19:25, Ben Wilson wrote:

> As you stated, an "influx of many small Android browsers" or any other 

> kind of numerous small browser developers.  As stated in my email of 

> October 10 with references to past discussions, the size of the browser
should be a

> relevant consideration.   Several producers of "a software product

> for use by the general public to browse" or under the expanded group 

> of software "[that] authenticates digitally signed computer code" 

> dramatically shift the current conditions.  I am acting as scribe, 

> more or less, to what I perceive is the concern of a majority of 

> members--I might be wrong, in which case we'd need to determine the
sentiment of the group.


I notice Rick's document has moved to the concept of "Root Store Operator".
Perhaps the right thing would be to try and come up with a definition of
someone who manages, or ships popular software which makes significant
policy or content changes to, a root store? That would include Mozilla,
Google, Apple, Opera and Oracle, without including browser manufacturers who
simply wrap Webkit and so have no effect on how the CA system works.


> That's fine.  I started down that road before (and I did again after 

> the last meeting).  I keep hitting a dead end because I must 

> incorporate by reference the IPR Policy, which many have complained is 

> not lightweight enough.


Why must you do so?


I thought the entire point of a lightweight IPR agreement was that it would
not incorporate the existing policy by reference, but would instead say:


"Hi. If I have ownership of patents on anything I contribute, you can have
full rights to them. And the copyright policy is fine, BTW. Ok, thanks,


This would probably only be signed by individuals who did not and had no
intention of holding patents. But a lot of our potential invited experts
fall into that category.




Public mailing list

 <mailto:Public at cabforum.org> Public at cabforum.org


Public mailing list
Public at cabforum.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131125/683dd25d/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5453 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131125/683dd25d/attachment-0001.p7s>

More information about the Public mailing list