[cabfpub] IPR Exclusion notices
pzb at amzn.com
Thu May 5 03:08:24 UTC 2016
I agree that we should try to give auditors clear standards that don’t result in varying interpretations based on which auditor one chooses. I also agree that there are sometimes variations required in specific jurisdictions, especially when issuing a certificate designed for multiple purposes.
However that is not what is being discussed here. This is about the CA/Browser Forum IPR Agreement which is something outside scope of any audit.
These are two different topics and need different handling.
> On May 4, 2016, at 8:00 PM, Moudrick M. Dadashov <md at ssc.lt> wrote:
> I understand what you are saying and actually suggesting how to support it. :-)
> I'm not sure if leaving potential controversies to resolve on case by case basis is the best we can do here. Again, this is not about IPR or any other specific aspect.
> By clarifying general interpretation of our own standards we'd help our auditors to properly manage various jurisdiction specific realities - exclusions. Take into account the fact that our standards are defacto becoming indirectly binding requirements.
> Even for eIDAS sending a carefully selected Forum's message (that doesn't cross the red line as you explained below) IMO would contribute to harmonized implementation of Forum's documents.
> Sent from my Samsung device
> -------- Original message --------
> From: Ryan Sleevi <sleevi at google.com>
> Date: 5/5/2016 02:18 (GMT+02:00)
> To: "Moudrick M. Dadashov" <md at ssc.lt>
> Cc: Dean Coclin <Dean_Coclin at symantec.com>, CABFPub <public at cabforum.org>
> Subject: Re: [cabfpub] IPR Exclusion notices
> On Wed, May 4, 2016 at 4:09 PM, Moudrick M. Dadashov <md at ssc.lt> wrote:
> If not a legal opinion, maybe "common understanding" would still be useful.
> As a simple rule I'd suggest to respect any legally binding exclusions of a given jurisdiction (to apply to all CAs that do business in that jurisdiction). Does that make sense?
> I'm not sure who you suggest respects them. The Forum, as a non-legal entity, cannot declare these as valid or not, nor can Symantec challenge that ruling (because of the non-legal entity). What we have is a IPR policy that is an agreement made collectively between the members of the Forum. As such, it's the necessary role of each member to independently evaluate whether or not Symantec's exclusion was meeting the obligation of the agreement. If Symantec were to bring enforcement action on the basis that they believe their exclusions are valid and conforming with the policy, the question about whether that is legally accurate is, in effect, a contract dispute, and alternative legal interpretations may be met. One such interpretation is that it was not conforming, and as such, any such claim would, if essential, be subject to the Forum's IPR policy. Another interpretation is that it was conforming. How this matter gets settled is not something the Forum can declare, but rather one that would necessarily need to be adjudicated.
> Public mailing list
> Public at cabforum.org
More information about the Public