[cabfpub] Governance Reform Discussion

Gervase Markham gerv at mozilla.org
Mon Aug 29 15:53:24 UTC 2016

On 16/08/16 19:59, Ben Wilson wrote:
> 5. Voting rules would be uniform at the Working Group and Forum level,
> and would be essentially the same as today.  At the Working Group level,
> guidelines would be adopted upon approval of 2/3 of CA members and a
> majority of non-CA members (e.g. browsers, software application
> suppliers – see 2 above).  At the Forum level, most actions such as
> amendment of the Bylaws (including creation of new Working Groups) would
> require approval of 2/3 of CA members and a majority of non-CA members
> (browsers, software application suppliers, and other non-CA voting
> members, in the aggregate).

The second part of this (Forum-level voting) is potentially problematic.
Could I ask what other models were discussed by the WG, if any?

The issue I see is that if there are 5 non-CA members (browsers) in the
Web/Server Working Group, but 20 non-CA members in the Code Signing
Working Group and 30 in the S/MIME WG (or some other disproportionate
distribution of non-CA members across the WGs) then we might run into
some problems.

Firstly, we might have a quorum problem if we were setting up a new WG
for some other browser-related type of certificate that was not of
interest to S/MIME or Code Signing people (say, client certs). Even if
all 5 browser members voted Yes, if the other members didn't bother to
vote, the motion could fail.

Secondly, a company which is a member of all 3 WGs could be argued to
have more skin in the game than a company which is a member of just one
- but they only get one vote. Conversely, one could argue that if the
Web WG was responsible for the majority of the forum's activity, non-CA
members there should have more clout. Or you could say companies which
actively participate should have more say. There are several ways one
could argue that some companies are more important than others; do we
just throw up our hands and say "one member, one vote" or is there a
better way?

I realise this is a hard problem to solve; perhaps before we propose
concrete solutions, we need to step back and say: what level of
consensus do we think is appropriate among the disparate non-browser
members for forming new working groups, many of which might be entirely
irrelevant to them, or even that they may wish not to exist for
competitive reasons?


More information about the Public mailing list