[cabfpub] FW: Bylaw update proposal
sleevi at google.com
Thu Mar 26 15:30:16 MST 2015
On Thu, Mar 26, 2015 at 10:30 AM, kirk_hall at trendmicro.com <
kirk_hall at trendmicro.com> wrote:
> Peter – on the issue of membership, I still believe that anyone on your
> list could potentially apply for membership as a CA. However, one
> requirement is that the applicant “operates a certification authority”,
> which to me implies providing certificates to others (not just to the
> applicant’s own websites). So I would argue that an enterprise with an
> unconstrained sub-CA in its name that is used only for MPKI/EPKI is not
> operating a certification authority and could not be a Member. After all,
> we cover standards for vetting, fraud prevention, etc. that are not
> relevant to MPKI/EPKI.
> If anyone thinks there is confusion on this point, maybe we need to add a
> membership limitation in the Bylaws that a CA and SubCA member must be a
> company that “operates a certification authority *to issue SSL digital
> certificates to others*”, or similar language. Maybe I will add that to
> the Bylaws ballow.
> Thanks for pointing this out.
I'm not sure I agree with your interpretation. The baseline requirements
gives a fairly clear definition of "Certification Authority", if you're
wishing to use that criteria.
"to others" is still ambiguous. Is a multi-national corporation with
affiliates issuing to others or not?
More importantly, I still fail to see why the pressing need to restrict
membership. There's already the proposal to require even more audits than
we do today - that is, the parallel to "Webtrust for CAs" would be
"Principles and Criteria for Certification Authorities 2.0", more generally.
I guess I'm still confused as to the problem you're trying to solve, since
it mostly seems to make the Forum more exclusionary.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public