[cabfpub] Code Signing Working Group

Dean Coclin Dean_Coclin at symantec.com
Wed Apr 27 17:49:13 UTC 2016

Although Gerv is correct that a formal ballot to form the working group was
never completed, I noted previously that it was chartered during the Mozilla
F2F in Feb 2013. (See: https://www.cabforum.org/wiki/7%20March%202013 item
14 for a summary)  Now recall at this time we had NEW bylaws and a NEW chair
(in fact it may have been Ben's first F2F meeting as chair) and I don't
think it's a stretch to say that all members weren't as familiar with the
bylaws as they are today. That's not blaming anyone and the good news is
that we have come a long way in adhering to our bylaws and publishing more
detailed minutes. But yes, we should have read the bylaws more closely then
and proposed a ballot but we can't go back in time now. 

As everyone knows, the Forum rejected the ballot to approve the BRs for Code
Signing and so the group decided to petition Application Software Suppliers
for interest. Microsoft decided to adopt them in their root program and
perhaps others will as well. 

The draft published in November, although perfectly fine as is, will
continue to evolve based on public input and further scrutiny by CAs and
software suppliers. We have accumulated a set of minor corrections which we
would like to review and put into the next version of the document. After
that, our work is complete until the Governance change working group makes
recommendations which we believe will support further work in code signing. 

I see no reason to stop this minor work which will likely be completed at
the next F2F. After that, we can remove the regular meeting agenda item,
"CSWG Update" and disband the CA/B Forum working group. If the group sees
fit to continue working on the document before Governance Reform kicks in,
then that work could continue outside of the Forum (perhaps as part of the
CA Security Council, as an example). 


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Gervase Markham
Sent: Wednesday, April 27, 2016 11:14 AM
To: CABFPub <public at cabforum.org>
Subject: [cabfpub] Code Signing Working Group

Hi everyone,

I am told that the Code Signing Working Group is not only working with its
members to provide the necessary open licensing for its work product to
allow it to be used outside the forum (an activity I entirely
support) but is also continuing to work on the document itself, which was
rejected by the Forum in ballot 158.

Given the reasons which were given for the rejection, it seems unlikely that
the group is working on the document because it reasonably expects to
present it for a re-vote in the near future. This raises the question of why
work continues at all.

At this point, we would look at the ballot which formed the Code Signing
Working Group to see what its terms of reference were and when the Working
Group expires; however, this Working Group was not properly formed using a
ballot, and so no such document exists.

If organizations or companies outside the Forum want to take the work
product under the new license and use it, perhaps with further
modifications, then those modifications are the responsibility of those
companies, and not of the Forum. (And neither the original nor any resulting
document should be labelled in a way which suggests that it is an official
Forum document.)

We do now have a Governance Reform working group which (I hope) may one day
result in a reform of the CAB Forum governance to allow sub-parts of the
Forum to work on Code Signing, Email, etc., with some hope that their
documents might be accepted by the full Forum. At that point, it may make
sense to have a Code Signing Working Group, even continuing the work started
by this one on the Code Signing BRs. However, we are nowhere near that yet.

Given the lack of formal status or of a clear mission which is within the
scope of the Forum, I am minded to put forward a ballot to disband the Code
Signing Working Group, and I want to bring this idea to the list for
discussion. If we later need such a group again, we can constitute one in
accordance with the Bylaws.

Public mailing list
Public at cabforum.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160427/b40c50be/attachment-0001.p7s>

More information about the Public mailing list