[cabfpub] Code Signing Working Group

Richard Wang richard at wosign.com
Fri May 6 15:13:54 UTC 2016

+100, Objection!

CAB Forum is not SSL/Browser Forum.



> On May 6, 2016, at 22:33, Jeremy Rowley <jeremy.rowley at digicert.com> wrote:
> Objection. 
> 1) The working group was created at the request of DigiCert, not Microsoft. 
> 2) Creation of the working group by ballot is merely permissive, not
> required. When creating the working group, I intentionally did not ballot
> the creation to ensure it wasn't required. Plus, it's a defacto working
> group now considering how long the working group has continued. 
> 3) I believe demanding early removal of the working group prior to its
> completion is a violation of the bylaws: "Members shall not use their
> participation in the Forum either to promote their own products and
> offerings or to restrict or impede the products and offerings of other
> Members." 
> 4) Enough CAs are interested in this that there should still be time
> dedicated to the working group. After all, "The Forum has no corporate or
> association status, but is simply a group of CAs and browsers which
> communicates or meets from time to time to discuss matters of common
> interest relevant to the Forum's purpose." Allowing one member to remove
> something from the agenda that is of interest to many CAs seems
> counter-intuitive. 
> 5) Mozilla is claiming the document is solely intended for the Microsoft.
> This is not the case. We have asked other interested parties to review the
> document and would like their participation. Mozilla itself is free to adopt
> the document if desired.  The document is a general document and not
> Microsoft specific. 
> 6) Even if Mozilla adopts to the code signing baseline requirements, there
> are still the EV code signing guideline topics that need to be discussed
> during the working group. If we don't discuss the BRs, we still need to meet
> and discuss the EV code signing guideline updates.
> 7) Procedurally, we've always permitted members to add their own interests
> to the agenda. Dean regularly calls for agenda updates. Although members
> have always been free to add agenda items, there isn't a precedent for
> members to remove agenda items of other members. The bylaws don't explicitly
> prohibit removing items from the agenda. However, unlike the working group,
> there isn't precedent for doing so. I object on a procedural basis to
> unilateral removal of the agenda item. 
> Jeremy
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
> Behalf Of Gervase Markham
> Sent: Friday, May 6, 2016 7:27 AM
> To: Dean Coclin <Dean_Coclin at symantec.com>
> Cc: CABFPub <public at cabforum.org>
> Subject: Re: [cabfpub] Code Signing Working Group
> Hi Dean,
>> On 06/05/16 14:15, Dean Coclin wrote:
>> That part of the meeting is currently scheduled for 11:30am and will 
>> meet for about 45-50 mins, if not less, followed by lunch. As I stated 
>> on the last call, this is the final meeting of this formal group. Any 
>> future meetings will not be part of the forum (until such time any 
>> governance change is implemented).
>> This session doesn't impinge on the times of other working groups.
> That's not the issue. The issue is that the group should not continue to
> work under CAB Forum auspices when it's not working on a document for the
> CAB Forum (which I think everyone agrees it's not). It needs to be removed
> from the agenda. Where you leave any gap which might result is up to you,
> and what people might do in that gap is up to them. If it's most convenient
> to adjourn very early for lunch, then let's do that.
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7208 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160506/0c8e0924/attachment-0001.p7s>

More information about the Public mailing list