[cabfpub] Code Signing Working Group

Jeremy Rowley jeremy.rowley at digicert.com
Fri May 6 14:35:06 UTC 2016


1) The working group was created at the request of DigiCert, not Microsoft. 
2) Creation of the working group by ballot is merely permissive, not
required. When creating the working group, I intentionally did not ballot
the creation to ensure it wasn't required. Plus, it's a defacto working
group now considering how long the working group has continued. 
3) I believe demanding early removal of the working group prior to its
completion is a violation of the bylaws: "Members shall not use their
participation in the Forum either to promote their own products and
offerings or to restrict or impede the products and offerings of other
4) Enough CAs are interested in this that there should still be time
dedicated to the working group. After all, "The Forum has no corporate or
association status, but is simply a group of CAs and browsers which
communicates or meets from time to time to discuss matters of common
interest relevant to the Forum's purpose." Allowing one member to remove
something from the agenda that is of interest to many CAs seems
5) Mozilla is claiming the document is solely intended for the Microsoft.
This is not the case. We have asked other interested parties to review the
document and would like their participation. Mozilla itself is free to adopt
the document if desired.  The document is a general document and not
Microsoft specific. 
6) Even if Mozilla adopts to the code signing baseline requirements, there
are still the EV code signing guideline topics that need to be discussed
during the working group. If we don't discuss the BRs, we still need to meet
and discuss the EV code signing guideline updates.
7) Procedurally, we've always permitted members to add their own interests
to the agenda. Dean regularly calls for agenda updates. Although members
have always been free to add agenda items, there isn't a precedent for
members to remove agenda items of other members. The bylaws don't explicitly
prohibit removing items from the agenda. However, unlike the working group,
there isn't precedent for doing so. I object on a procedural basis to
unilateral removal of the agenda item. 


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Gervase Markham
Sent: Friday, May 6, 2016 7:27 AM
To: Dean Coclin <Dean_Coclin at symantec.com>
Cc: CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Code Signing Working Group

Hi Dean,

On 06/05/16 14:15, Dean Coclin wrote:
> That part of the meeting is currently scheduled for 11:30am and will 
> meet for about 45-50 mins, if not less, followed by lunch. As I stated 
> on the last call, this is the final meeting of this formal group. Any 
> future meetings will not be part of the forum (until such time any 
> governance change is implemented).
> This session doesn't impinge on the times of other working groups.

That's not the issue. The issue is that the group should not continue to
work under CAB Forum auspices when it's not working on a document for the
CAB Forum (which I think everyone agrees it's not). It needs to be removed
from the agenda. Where you leave any gap which might result is up to you,
and what people might do in that gap is up to them. If it's most convenient
to adjourn very early for lunch, then let's do that.

Public mailing list
Public at cabforum.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160506/39f7f02e/attachment-0001.p7s>

More information about the Public mailing list