[cabfpub] FW: Associate member of the CA/B Forum

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Mon Apr 11 21:05:15 UTC 2016

Responses inline

From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Monday, April 11, 2016 1:31 PM
To: Kirk Hall (RD-US)
Cc: Dean Coclin; public at cabforum.org
Subject: Re: [cabfpub] FW: Associate member of the CA/B Forum

On Mon, Apr 11, 2016 at 1:23 PM, kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com> <kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com>> wrote:
Just to add one more perspective – I have always viewed Associate Members as people or groups that CAs and Browsers wanted on our calls and meetings as providing necessary expertise – starting with WebTrust and ETSI representatives.  It’s very convenient to have them understand what we are doing and provide feedback during meetings and calls.  I was not active with the Forum when PayPal was added as an Associate Member, and was never entirely certain about the reasons for a single company to be an Associate Member.

As to adding ETA as an Associate Member – I think the Forum would benefit by adding one financial services group Associate Member who can provide rapid responses to our work at meetings and on calls (and serve as a conduit of information back to the ETA membership), especially after the SHA-1 problems.

Interested Parties can participate as invited guests when topics relevant to their interests are discussed. If they're not sure when such items will be discussed, then it would be because we aren't sending out agendas with advance notice, or they're not paying attention to the agendas and speaking up about their relevant interest?

I think there is a lot to be gained by an Associate Member’s ongoing participation in the full meetings.  We may not always know what is important to the group they represent.  I also think that trust and rapport grow among people who spend time together rather than parachuting in for limited discussion from time to time (and it may not be worth it for an invitee to come to a distant meeting only for a 20 minute segment).
Some Forum members have been very harsh toward those financial services companies who didn’t respond in time to the SHA-1 cutoff and are now seeking SHA-1 certificates, saying “they should have paid attention”.  Future Forum changes are likely to have a disproportionate impact on financial services companies, so I think one Associate Member makes sense – I just want to make sure ETA is the right member from that community.

Is there a reason you feel these parties can't participate on the Public list? Is there added or differential value from that participation?

Given that the list is Public, and both Interested Parties and Associate Members can participate, this seems an entirely appropriate venue. If there are items being discussed on our calls or meetings that aren't reflected completely to the list (as I expressed concern about), isn't that symptomatic of a broader issue that won't be solved by adding associate members?

See comments above.  Associate Members will also participate with comments on the Public List just as Members do, so presumably their views will be widely distributed there.  But in many cases the greatest value can come from someone in the room saying on the spot “Wait a moment, have you thought of this?” and giving us all immediate feedback.  I think that can be lost in email strings.

Perhaps we also could benefit from one Associate Member who can represent all the independent hosting and registrar companies out there (not associated with a CA or browser).  But to keep meetings and calls to manageable size, in my opinion we should only add a very limited number of Associate Members.

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160411/041ce7dc/attachment-0003.html>

More information about the Public mailing list