[cabfpub] FW: Associate member of the CA/B Forum

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Mon Apr 11 20:23:45 UTC 2016

Just to add one more perspective – I have always viewed Associate Members as people or groups that CAs and Browsers wanted on our calls and meetings as providing necessary expertise – starting with WebTrust and ETSI representatives.  It’s very convenient to have them understand what we are doing and provide feedback during meetings and calls.  I was not active with the Forum when PayPal was added as an Associate Member, and was never entirely certain about the reasons for a single company to be an Associate Member.

As to adding ETA as an Associate Member – I think the Forum would benefit by adding one financial services group Associate Member who can provide rapid responses to our work at meetings and on calls (and serve as a conduit of information back to the ETA membership), especially after the SHA-1 problems.  Some Forum members have been very harsh toward those financial services companies who didn’t respond in time to the SHA-1 cutoff and are now seeking SHA-1 certificates, saying “they should have paid attention”.  Future Forum changes are likely to have a disproportionate impact on financial services companies, so I think one Associate Member makes sense – I just want to make sure ETA is the right member from that community.

Perhaps we also could benefit from one Associate Member who can represent all the independent hosting and registrar companies out there (not associated with a CA or browser).  But to keep meetings and calls to manageable size, in my opinion we should only add a very limited number of Associate Members.

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Dean Coclin
Sent: Saturday, April 09, 2016 2:29 PM
To: Ryan Sleevi
Cc: public at cabforum.org
Subject: Re: [cabfpub] FW: Associate member of the CA/B Forum

Basically because they would like to be more active in meetings and one benefit of Associate membership is the ability to attend F2F meetings.

So can Interested Parties

>>Yes, by invitation only. As I read the bylaws, AMs can come w/o invitation.

As a representative of 5000 members, ETA can better communicate things they learn from the forum and our meetings to a wide audience of theirs. Traditionally, associations have been granted Associate member status, rather than Interested Party.

So that seems to be two arguments:
- So they can talk to members
- Because it's what we did in the past

The first can be accomplished by Interested Parties, and the Second is... more complicated.

The notion of Associate Members is actually relatively new - they were introduced in Bylaws v1.1, rather than the original version. Contributions, such as PayPal's, which arguably occupies a similar niche as ETA, were under the Interested Party contribution. The introduction of the notion in v1.1 (via Ballot 116 - https://cabforum.org/2014/03/24/ballot-116-bylaw-amendment-for-associate-member-category/ ) was to align our practices and inconsistencies with following our bylaws, but I don't know if we can argue they were associate members.

Given that https://cabforum.org/liaisons/ is now, seemingly, considerably out of date due to non-renewal of the IPR policy, I don't know how much we can argue on that basis either. In terms of membership tracking, unfortunately, the Wiki is not very helpful in determining who, of the parties that have executed IPR agreements (and are thus members in good standing) are Interested Parties vs Associate Members, but it seems that there are entities comparable to ETA that are as Interested Parties.

I would also note that the Associate Member status seems to have been granted to the SDOs directly involved in the Web PKI operations - that is, WebTrust and ETSI stand out as participants. To what degree ETA is an SDO is unclear to me; my understanding is they are merely a trade association, and not responsible for the standards themselves (compared to, say, the PCI SSC)

While I fully welcome greater participation in the Forum, and that's a topic that we've advocated for rather hard in the past, my feeling and suspicion is that many potential members needs will be met as an Interested Party. A concern, of course, has been raised by many CAs in the past, which is that the larger the F2F meetings get, the less likely we'll be able to accomplish anything productive, and the more expensive it will be to host. However, my concern is that the F2F's are notoriously "smoke-filled rooms", in that minutes fail to capture the many nuances of discussions, due to their subtleties, and thus provide much less transparency or accountability to discussions on the list.

That's why I favor greater Interested Party participation, because it encourages greater participation on the list, and greater transparency of what was said and why decisions were made.

While I'm uncertain as to whether "oppose" the application would be the right position I'm advocating, I would like to strongly encourage an Interested Party membership, which should confer almost all of the benefits - except for that of secrecy (the ability to post on the management list, and the ability to routinely hold discussions that aren't well or completely minuted during the F2F). That seems certainly in everyone's best interests.

>>I’m hearing two points here: One is that as part of the Governance Change WG, we should re-look at the categories of IPs and AMs and determine if there is a meaningful distinction. That can certainly be done.

The other subtle point is that the F2F meetings are not valuable, not transparent enough and should be discontinued. I think you’ll find some arguments there from members but again, can be tackled by the WG to determine if the frequency of meetings is too much, too little or just right and if minute taking should be recorded or changed to another format.

Back to the issue of ETA, I’ll put this on the agenda for next week’s call and would be interested in hearing from others either on the list or the call.


<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160411/49ffdd53/attachment-0003.html>

More information about the Public mailing list