[cabfpub] Code Signing Working Group

Gervase Markham gerv at mozilla.org
Fri May 6 12:17:46 MST 2016


Hi Jeremy,

On 06/05/16 15:35, Jeremy Rowley wrote:
> 2) Creation of the working group by ballot is merely permissive, not
> required. When creating the working group, I intentionally did not ballot
> the creation to ensure it wasn't required. 

Perhaps off-topic, but: how do you read the bylaws such that you think
that working groups can be created without a ballot?

> Plus, it's a defacto working
> group now considering how long the working group has continued. 

As noted before, I have no interest in arguing about the circumstances
of its creation. The question is: once the document was voted down, what
do we do now?

> 3) I believe demanding early removal of the working group prior to its
> completion is a violation of the bylaws:

However, I would note that the fact that it was not balloted means that
there is no definition of "its completion". That is one of the reasons
we require a ballot, with certain things as part of it, to create WGs.

When do you think the WG reaches "completion" of its work?

> "Members shall not use their
> participation in the Forum either to promote their own products and
> offerings or to restrict or impede the products and offerings of other
> Members." 

I am not attempting to impede or restrict anyone's product or offering.
CAs are still free to issue code signing certificates, and (now that we
have freed the document) anyone is free to make it part of their system
requirements. Who is being restricted from doing anything, other than
putting the "CAB Forum" label on their activities or document?

> 5) Mozilla is claiming the document is solely intended for the Microsoft.
> This is not the case. We have asked other interested parties to review the
> document and would like their participation. Mozilla itself is free to adopt
> the document if desired.  The document is a general document and not
> Microsoft specific. 

The way the CAB Forum makes official documents is by voting on them. We
voted on this one, and declined to make it official. Until there is some
prospect of it becoming so, we should stop working on it as part of the
Forum.

If that is not the case, and ballots are not required to form WGs, what
is to stop a group of members getting together, writing a document,
labelling it the "CAB Forum Client Certificate Guidelines" (say) and
promoting it as a CAB Forum work product without any votes at all?

> 7) Procedurally, we've always permitted members to add their own interests
> to the agenda. Dean regularly calls for agenda updates. Although members
> have always been free to add agenda items, there isn't a precedent for
> members to remove agenda items of other members. The bylaws don't explicitly
> prohibit removing items from the agenda. However, unlike the working group,
> there isn't precedent for doing so. I object on a procedural basis to
> unilateral removal of the agenda item. 

I think that Code Signing is outside the scope of the Forum. However, I
can see we might want to have a discussion about Code Signing in
general, and would not object to the general topic being on the agenda.
However, that's not what's happening here - an official Working Group is
working on a document with the CAB Forum name on it, and it's being used
outside the forum as such, even though there is no chance within the
current structure of that document becoming official. That needs to
change. The group working on it needs to become unofficial, and the CAB
Forum name needs to come off the document.

Neither of these changes should have any effect on what people want to
put in the document or use it for. Or, for that matter, whether they can
talk about it in Bilbao.

Gerv


More information about the Public mailing list