[cabfpub] Governance Reform Discussion
ben.wilson at digicert.com
Tue Aug 16 18:59:48 UTC 2016
The following was discussed during last week’s and today’s Governance
Reform Working Group meetings:
DRAFT - FOR DISCUSSION ONLY
1. The Forum would amend the Bylaws to create three working groups
(including detailed statement of scope, deliverables, and expiration date,
● Web Working Group (basically the work of the Forum today - TLS
certificates on the Web and the Chair of the Forum would be chair of the Web
Working Group--open for discussion)
● Code Signing Working Group
● S/MIME Working Group
All substantive work of the Forum would occur in these Working Groups, and
not at the Forum level. (See Item 3 below for an explanation of how we
would move to a working-group-membership model for the IPR policy.)
At this time, we would not include any specific process in the Bylaws for
creating additional working groups in the future. Instead, new working
groups in the future would be created by ballot amending the Bylaws. And if
a working group is not behaving according to its charter, an amendment to
the bylaws would be used to disband or recharter the working group.
Subcommittees could be created to work on miscellaneous tasks and items not
appropriate for Working Groups.
Working Groups would have the authority to draft and finally adopt by
Working Group ballot all guidelines within the Working Group scope, and
Working Group guidelines would not have to be re-adopted or approved at the
Forum level. [Note for further discussion: All Working Groups will have to
comply with applicable law, e.g. antitrust, etc., but do we want to set
forth guidelines or parts of the guidelines/requirements that are applicable
to all working groups? Long-term, maybe yes, but maybe not in this round of
2. The Bylaws would define for each Working Group who could participate as a
Working Group Member. This would include all CAs and other parties with (to
be defined) “skin in the game” as either producers or consumers of the
product (or that use certificates of the type) that is the subject of the
Working Group’s work. For example, for the Code Signing Working Group,
Adobe and Oracle could join as members, and for the S/MIME Working Group,
RedHat/Linux, Blackberry, Evolution, and Federal PKI could join as voting
members of the working group.
For the time being, we would make no change in the Bylaws concerning
Interested Parties, which means that anyone in the world willing to sign the
IPR agreement could participate on a Working Group (whether or not the
person has skin in the game). However, while Interested Parties could post
to the Working Group list-serv and participate on conference calls, they
could not vote or participate at the Forum level (see 4. below).
3. We would amend our current IPR policy so it applies only to participation
in a particular Working Group and its product, and does not apply to a
member who does not participate on a particular Working Group.
We would need to define “participation” clearly, but it would start with
those members (and Interested Parties) who sign up for a particular Working
Group. There will be a master membership sign-up list, and roll will be
taken at the beginning of (and updated during) each call. We will not
permit input from Forum members who have not signed up for a particular
Working Group - meaning that the member could not submit ideas or comments
to a Working Group until the member signs up as a participant of the Working
Group and becomes subject to the IPR for that Working Group.
So, for example, a member of the Web Working Group would be subject to the
current IPR obligations for Essential Claims related to any Final Guidelines
or Final Maintenance Guidelines generated by the Web Working Group, but
would not be subject to any IPR obligations for Essential Claims related to
any Final Guidelines or Final Maintenance Guidelines generated by the Code
Signing Working Group if the member did not participate in that Working
Group by signing up to that group.
[Discussion Notes: Could members in one WG (Web/TLS) sue members in another
WG (Code Signing) for patent infringement? W3C has an across-the-board RF
patent license for essential claims, in addition to the WG
participation-based patent license. How can we make this part of the IPR
policy more protective against infringement suits by non-participants.
Would section 5.1g. of the IPR Policy need to be amended? Virginia will
draft some language to review.]
All Working Groups would have the same IPR policy, which would be maintained
by the Forum itself and continue with its current a royalty-free policy.
4. The Forum itself (the “parent” organization, which is where adoption of
all Final Guidelines occurs today) would take on a smaller role, limiting
its work to the following:
● Amending the Bylaws (including amendments to create new Working
Groups as needed)
● Resolving any conflicts among the Working Groups
● Adoption and maintenance of a common IPR policy, and maintaining
records of participation (i.e., tracking members who have joined particular
Working Groups), sending and tracking IP exclusion notices, etc. for the
● Handling logistics of face-to-face meetings
● Implementing Working Group membership rules and deciding on
acceptance of new members based on specific criteria
● Election of officers
However, the Forum itself would not adopt any guidelines or requirements,
and no work at the Forum level would ever come under the IPR policy. All
members at the Working Group level (CAs, browsers, and other members, but
not Interested Parties) would automatically be voting members at the Forum
level as well.
5. Voting rules would be uniform at the Working Group and Forum level, and
would be essentially the same as today. At the Working Group level,
guidelines would be adopted upon approval of 2/3 of CA members and a
majority of non-CA members (e.g. browsers, software application suppliers -
see 2 above). At the Forum level, most actions such as amendment of the
Bylaws (including creation of new Working Groups) would require approval of
2/3 of CA members and a majority of non-CA members (browsers, software
application suppliers, and other non-CA voting members, in the aggregate).
6. We discussed whether to create a new channel for input by the public
(those who do not want to sign the IPR agreement and become Interested
Parties), such as a new list-serv with a click-through agreement that all IP
included in a posting is being contributed to the public domain, similar to
the W3C model. However, at this point the consensus was that a new channel
is not needed, and those who want to participate should sign the IPR
agreement and become Interested Parties.
DRAFT - FOR DISCUSSION ONLY
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4954 bytes
Desc: not available
More information about the Public