[cabfpub] Post-Ballot 110 Bylaw Issues

Ben Wilson ben at digicert.com
Fri Jan 24 21:51:07 UTC 2014



For the currently pending Ballot 110 version of the Bylaws, we postponed
changes to Section 2.1(a)(3) for more group discussion about the membership
category of “Browser.”   


We also postponed any changes to Section 5.2 for more discussions about
transparency vs. security of working group lists--we have had discussions
about whether existing WG mailing lists need to be shut down so that new
ones can be started which are publicly accessible.  I mention an alternative
solution below.  


Also note that regardless of any changes we might make to the Browser
membership category, we’re not going to rename our organization to something
else.  Also, Iñigo’s email concerning Cisco this morning reminded me that
Cisco had asked to become a member in the CA/Browser Forum.   I think Cisco
fits better in the browser category than in the CA category even though they
do manage a publicly trusted PKI – as do Google, Microsoft, and Apple.
However, the proposed edit to section 3.1(3) of the bylaws says:


(3)          Browser Category:  The member organization 

(A) manages a root store and 

(B) is a major global provider of a hardware or software product that is: 

(i)  intended for use by the general public as a browser or computing

(ii) used to browse the Web securely or authenticate digitally signed code,

(iii) able to verify the digital signatures on certificates used with that
entity’s product by processing the chain to a root certificate managed by
that entity’s root store.


So, even under this proposed subsection (3)(B)(i) category definition, Cisco
might not qualify because unless someone can clarify if Cisco provides a
browser or computing platform – so additional wordsmithing may be necessary.
That being said, I’d suggest that if they want to, we allow Cisco to join
the CA/B Forum in the interim as an Associate Member, upon their submission
of a signed IPR Agreement.  Then, their membership status can change if our
membership criteria in the bylaws change.




Also, to reignite the discussion on section 5.2, one of the arguments for
amendment, in addition to the one I’ve made for administrative
simplification, is that security sensitive discussions should be exempted
from public disclosure – I think that means that certain email lists should
not be required to be made public.  Does anyone disagree with the general
proposition that the public disclosure of security measures weakens the
effectiveness of those security measures?


Section 5.1 of the Bylaws currently provides that non-public discussions of
the following may take place on the management list:

(d)          Security incidents if, in the opinion of the Members,
discussion on the Public Mail List could reasonably be detrimental to the
implementation of security measures by Members.

(f)           Matters which, in the opinion of the Members, require


So, there are working group discussions that should be allowed to take place
confidentially without flooding the Management List (or the Public List).


Edits to sections 5.1 and 5.2 are needed to clarify our position on this.
Meanwhile, maybe we need to adopt an approach like we have for the
management and public lists – i.e. two lists for each working group – one
public and one private?  Then “Members have discretion about which mailing
list they use, but are strongly encouraged to use the Public Mail List for
[most] matters.”  And “[they] are strongly discouraged from posting the text
of [non-public working group] list messages [publicly] without the
permission of the author or commenter.”  This is consistent with the current
approach of our bylaws.









-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140124/e02f65d4/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5453 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140124/e02f65d4/attachment.p7s>

More information about the Public mailing list