[cabfpub] Code Signing Working Group

Rich Smith richard.smith at comodo.com
Fri May 6 20:00:21 UTC 2016 

Gerv,
No one is disagreeing with your point that the code signing document and 
discussion needs to be moved out of the CA/B Forum, however given that 
many members devoted a lot of time and energy into it and that the 
members who created it are continuing to try to sort out how and where 
to move it forward, the members have asked, quite respectfully, to allow 
them until after the upcoming F2F to wind it down.  Personally I don't 
consider that an unreasonable request and I cannot for the life of me 
see why, given the assurances that you've been given that the WG will be 
wound down after Bilbao, why you are so insistent that, 'no, it must end 
this very minute.'
-Rich

On 5/6/2016 2:17 PM, Gervase Markham wrote:
> Hi Jeremy,
>
> On 06/05/16 15:35, Jeremy Rowley wrote:
>> 2) Creation of the working group by ballot is merely permissive, not
>> required. When creating the working group, I intentionally did not ballot
>> the creation to ensure it wasn't required.
> Perhaps off-topic, but: how do you read the bylaws such that you think
> that working groups can be created without a ballot?
>
>> Plus, it's a defacto working
>> group now considering how long the working group has continued.
> As noted before, I have no interest in arguing about the circumstances
> of its creation. The question is: once the document was voted down, what
> do we do now?
>
>> 3) I believe demanding early removal of the working group prior to its
>> completion is a violation of the bylaws:
> However, I would note that the fact that it was not balloted means that
> there is no definition of "its completion". That is one of the reasons
> we require a ballot, with certain things as part of it, to create WGs.
>
> When do you think the WG reaches "completion" of its work?
>
>> "Members shall not use their
>> participation in the Forum either to promote their own products and
>> offerings or to restrict or impede the products and offerings of other
>> Members."
> I am not attempting to impede or restrict anyone's product or offering.
> CAs are still free to issue code signing certificates, and (now that we
> have freed the document) anyone is free to make it part of their system
> requirements. Who is being restricted from doing anything, other than
> putting the "CAB Forum" label on their activities or document?
>
>> 5) Mozilla is claiming the document is solely intended for the Microsoft.
>> This is not the case. We have asked other interested parties to review the
>> document and would like their participation. Mozilla itself is free to adopt
>> the document if desired.  The document is a general document and not
>> Microsoft specific.
> The way the CAB Forum makes official documents is by voting on them. We
> voted on this one, and declined to make it official. Until there is some
> prospect of it becoming so, we should stop working on it as part of the
> Forum.
>
> If that is not the case, and ballots are not required to form WGs, what
> is to stop a group of members getting together, writing a document,
> labelling it the "CAB Forum Client Certificate Guidelines" (say) and
> promoting it as a CAB Forum work product without any votes at all?
>
>> 7) Procedurally, we've always permitted members to add their own interests
>> to the agenda. Dean regularly calls for agenda updates. Although members
>> have always been free to add agenda items, there isn't a precedent for
>> members to remove agenda items of other members. The bylaws don't explicitly
>> prohibit removing items from the agenda. However, unlike the working group,
>> there isn't precedent for doing so. I object on a procedural basis to
>> unilateral removal of the agenda item.
> I think that Code Signing is outside the scope of the Forum. However, I
> can see we might want to have a discussion about Code Signing in
> general, and would not object to the general topic being on the agenda.
> However, that's not what's happening here - an official Working Group is
> working on a document with the CAB Forum name on it, and it's being used
> outside the forum as such, even though there is no chance within the
> current structure of that document becoming official. That needs to
> change. The group working on it needs to become unofficial, and the CAB
> Forum name needs to come off the document.
>
> Neither of these changes should have any effect on what people want to
> put in the document or use it for. Or, for that matter, whether they can
> talk about it in Bilbao.
>
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

More information about the Public mailing list