[cabfpub] FW: Bylaw update proposal

[Ryan Sleevi]

On Thu, Mar 26, 2015 at 10:30 AM, kirk_hall at trendmicro.com <
kirk_hall at trendmicro.com> wrote:

>  Peter – on the issue of membership, I still believe that anyone on your
> list could potentially apply for membership as a CA.  However, one
> requirement is that the applicant “operates a certification authority”,
> which to me implies providing certificates to others (not just to the
> applicant’s own websites).  So I would argue that an enterprise with an
> unconstrained sub-CA in its name that is used only for MPKI/EPKI is not
> operating a certification authority and could not be a Member.  After all,
> we cover standards for vetting, fraud prevention, etc. that are not
> relevant to MPKI/EPKI.
>
>
>
> If anyone thinks there is confusion on this point, maybe we need to add a
> membership limitation in the Bylaws that a CA and SubCA member must be a
> company that “operates a certification authority *to issue SSL digital
> certificates to others*”, or similar language.  Maybe I will add that to
> the Bylaws ballow.
>
>
>
> Thanks for pointing this out.
>
>
>
> Kirk
>

Kirk,

I'm not sure I agree with your interpretation. The baseline requirements
gives a fairly clear definition of "Certification Authority", if you're
wishing to use that criteria.

"to others" is still ambiguous. Is a multi-national corporation with
affiliates issuing to others or not?

More importantly, I still fail to see why the pressing need to restrict
membership. There's already the proposal to require even more audits than
we do today - that is, the parallel to "Webtrust for CAs" would be
"Principles and Criteria for Certification Authorities 2.0", more generally.

I guess I'm still confused as to the problem you're trying to solve, since
it mostly seems to make the Forum more exclusionary.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150326/e2267a4a/attachment-0003.html>