[cabfpub] Discussion Draft for Revisions to Bylaws

Ryan Sleevi sleevi at google.com
Tue Oct 15 16:46:03 MST 2013


As expressed previously, I do have concerns about the definition of browser.

For example, if I write a popular mobile application for Android and iOS
that is downloaded by 10 million users, and which uses SSL/TLS to update an
online leaderboard, it would appear that under the current definition of
browser, I would qualify (and, presumably, as a voting-eligible member).

I realize that this is, perhaps, a challenging definition. For instance, we
have organizations like Opera who have long participated and helped steer
towards a more secure Internet, but which are in the process of
transitioning away from operating a Root Store directly. Likewise, Google's
participation has largely been made up of members from the Google Chrome
team, even though the primary Root Programs are through Android and
ChromeOS (as noted in the past, Chrome on Windows / Mac / Linux attempts to
defer to a notion of a 'system' trust store). And on the other end, we have
organizations like Oracle, for which operate a Root Program (for Java),
which indirectly may be used towards the construction of either a Web
Browser or any other number of applications.

However, I think it's best we balance the desire to be inclusive with the
recognition of where the primary strength of this group lies in - the
development of baseline policies that can reduce both the complexity of
compliance to AND (hopefully) avoid any contradictory guidance between
Browser Root Programs.

My fear is that an overly broad definition will destablize some of these
efforts, bringing the industry back to a place it was 5 - 10 years ago -
where each Root Program has an independent set of guidelines with limited
commonality, and even weaker auditing frameworks.

Just food for thought, as I don't yet have particular language to propose
to enhance this, but am left with a general unease at the current wording.


On Tue, Oct 15, 2013 at 4:23 PM, Ben Wilson <ben at digicert.com> wrote:

> Here is a discussion draft for changes to the bylaws.  You’ll notice I
> haven’t edited any of the provisions related to Interested Parties because
> there are a few things to iron out there and maybe somebody else has some
> good suggestions.  I’ll post the Word version on the wiki in case anyone
> needs it.****
>
> Thanks,****
>
> Ben****
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20131015/f8dfe903/attachment.html 


More information about the Public mailing list