[cabfpub] Ballot 110 - Motion to Adopt Version 1.1 of the Bylaws

Ryan Sleevi sleevi at google.com
Sat Jan 18 02:40:58 UTC 2014 

On Fri, Jan 17, 2014 at 6:26 PM, Ben Wilson <ben at digicert.com> wrote:

> Ryan,
>
> See my responses inline below.
>
> Thanks,
>
> Ben
>
>
>
> *From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] *On
> Behalf Of *Ryan Sleevi
> *Sent:* Friday, January 17, 2014 5:37 PM
> *To:* Ben Wilson
> *Cc:* CABFPub
> *Subject:* Re: [cabfpub] Ballot 110 - Motion to Adopt Version 1.1 of the
> Bylaws
>
>
>
> While I realize it's not at ballot review period, a few thoughts, given
> the time constraints being operated in:
>
>
>
> 1) I'd prefer to not change the "Purpose of the Forum" (Section 1.1) at
> this time.
>
>
>
> BTW:  That’s fine.  I just didn’t like the current wording because it was
> written as if we’d just finished version 1.0 of the EV Guidelines.
>

Yup. I'd love to see this iteratively refined, I just wouldn't want to hold
up the IG aspects.


>
>
> 2) Section 2.1 ("authenticate digitally signed code") is still a much
> greater increase of scope of the work of the members. I'd prefer if we
> could leave that for broader discussion. While I'm aware of the "Code
> Signing WG" discussions, this change in definitions has the effective
> quality of allowing/encouraging vendors with no/limited stake in the
> SSL/TLS ecosystem to vote on changes to the BRs / EVGs, and vice versa. I'm
> sure you can recognize at it's face, that has some degree of
> undesirability, and effectively changes the "CA/Browser Forum" to the
> "CA/ISV Forum"
>
>
>
> BTW:  I disagree that we’re calling it the “ISV” forum under the proposed
> language, but in any event I’m fine with reverting the title to “Browser
> Member”.  I also thought that the wording was sufficient to limit potential
> browser concerns, but here is a start on revised language that could make
> it a little more clear in its restrictions:
>

>
> (3)       *Browser Member*: The member organization:
>
> (A) manages a root store AND
>
> (B) is a major global provider of a hardware or software product that is:
>
> (i) used by the general public as a browser or computing platform,
>
> (ii) used to browse the Web securely or authenticate digitally signed
> code, AND
>
> (iii) able to verify the digital signatures on certificates used with the
> product (i.e. by processing the chain to a root certificate managed within
> the member’s root store).
>
>
>
> However, if browser members still have strong opposition to the proposed
> wording, or this alternative above, I’d rather delete it from the proposal
> now than have the ballot fail, but I would hope you could see the
> importance of it to CAs who must deal with public key stores.
>

I'd love to deal with this in a separate ballot, since it doesn't really
tie to the Invited Guests discussion. I certainly can understand how it was
originally part of a general clean-up, whereas now we're at a point of just
trying to get a bylaws revision in place before the next F2F.


>
>
> 3) Why the removal of the transparency requirements in Section 5.2 for
> WGs? This is not at all desirable - although the modifications to Section
> 5.2(c) are.
>
> BTW:  The current language requires that EVERYTHING (even things that are
> not currently being done, like the creation of agendas and minutes for
> working groups) be posted to the public list – for some people, the amount
> of email traffic on the public list is already bad.  Read Section 5.2(e)
> where “important” working group updates are addressed.  Otherwise, as the
> responsible executive interpreting the bylaws I will have to start telling
> everyone that they must prepare agendas and minutes and that all emails and
> every single interim draft, agenda and all minutes will now need to be
> posted to the public list, and then we’ll just eliminate the WG lists.
>

I for one would welcome the enhanced transparency, and see it as a feature,
even as I'm already deluged in e-mail.


>
>
> 4) Why are Invited Guests at the sole discretion of Chair/Vice-Chair,
> whereas Interested Parties go through Forum/WG consent? If anything,
> Invited Guests represent the greatest "threat" to members, in that they've
> not executed any IPR Agreement for any of the discussions they are present
> in.
>
> BTW:  If someone represents such a threat, we just won’t invite
> them—problem solved.  However, we will likely run into situations where we
> value the input of someone, or we want their individual expertise, and for
> one reason or another they cannot sign the agreement in time (because of
> employment situation, legal advice, or whatever), then we will have to
> “pass” on having that person attend, and then maybe we’ll miss out on
> valuable information.  If we invite [fill-in-the-blank] as our “invited
> guest”, I want to have sufficient discretion on whether to require them to
> sign the IPR Agreement.  I would hope that attendees would we able to
> identify when an invited guest is trying to submarine us with some great
> idea (albeit contained in an undisclosed patent), and hopefully the Chair
> or Vice Chair, who we elect as our trusted representative will be smart
> enough to exercise his or her discretion appropriately.   If we do change
> this, then we’ll need something appropriate to take its place—I’m fine if
> someone comes up with a simplified voting process that can also accommodate
> last-minute guest speaker replacements, etc.
>
> Thanks again for your comments.
>
> Cheers,
>
> Ben
>
When I used such a loaded term as "threat", I do not ascribe malicious
intent. I simply mean that, for the members, every one of these IGs - and
their contributions - does represent a threat to anything produced by a
Standards Defining Organization or (as in the CA/B Forum's case) "similar"
organizations. That is the unfortunate situation that we find ourselves in
with respect to IPR.

I would definitely feel more comfortable seeing us put the same rigor as
applied to members / associates, and simply present it to the Forum,
especially when attendance-without-IPR-agreement is an entirely dangerous
can of worms, no matter how well-intentioned or well-meaning the IG is. The
further nuance is that an IG is, presumably, a natural person, whereas the
IPR agreement is with legal persons - typically, corporations. The
distinction is that no matter how good the IG is, they may be employed by
an organization that does not share the same values, and thus that presents
a 'risk'.

Anyways, I think these are the foundations of a series of good changes, I
just think they will trigger a variable level of engagement, and for
expediency, it might be best to just ballot the minimal set of changes for
the F2F, and perhaps simultaneously ballot "the rest" for further
discussion. Just $.02 from dealing with code and "minimal patches" / "one
commit, one bug".


>
> On Fri, Jan 17, 2014 at 3:49 PM, Ben Wilson <ben at digicert.com> wrote:
>
> I am seeking two endorsers.
>
>
>
> On 17 January 2014, Ben Wilson of DigiCert made the following motion,
> endorsed by _____ of _______ and ______ of __________:
>
> –Motion Begins–
>
> Be it resolved that the CA / Browser Forum adopts the attached “CA-Browser
> Forum Bylaws v. 1.1- Draft for Ballot 110” as its Bylaws, effective as of 4
> February 2014.
>
> –Motion Ends–
>
> The review period for this ballot shall commence at 2100 UTC on 20 January
> 2014 and will close at 2100 UTC on 27 January 2014. Unless the motion is
> withdrawn during the review period, the voting period will start
> immediately thereafter and will close at 2100 UTC on 3 February 2014.
>
>
>
> Votes must be cast by posting an on-list reply to this thread. A vote in
> favor of the ballot must indicate a clear ‘yes’ in the response. A vote
> against the ballot must indicate a clear ‘no’ in the response. A vote to
> abstain must indicate a clear ‘abstain’ in the response. Unclear responses
> will not be counted. The latest vote received from any representative of a
> voting member before the close of the voting period will be counted.
>
>
>
> Voting members are listed here: https://cabforum.org/members/. In order
> for the motion to be adopted, two thirds or more of the votes cast by
> members in the CA category and more than one half of the votes cast by
> members in the browser category must be in favor. Quorum is currently six
> (6) members– at least six members must participate in the ballot, either by
> voting in favor, voting against, or by abstaining for the vote to be valid.
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140117/2e0e443c/attachment-0003.html>

More information about the Public mailing list