[cabfpub] Code Signing Working Group

Dean Coclin Dean_Coclin at symantec.com
Mon May 9 22:48:37 UTC 2016


The Code Signing Ballot took place in December. The group has been meeting
continuously since then as well at the F2F in Scottsdale this past February.
I'm not sure why this has suddenly come up as an "urgent" item to wind down
ahead of the Bilbao meeting. Why didn't it come up in Scottsdale? As Rich
said, it's our intent to wrap it up at this final F2F meeting.

Look, if it would make this problem go away, I can change the agenda item
title to, "A group of people that want to talk about code signing"
11:30-1:00

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Rich Smith
Sent: Friday, May 06, 2016 4:00 PM
To: public at cabforum.org
Subject: Re: [cabfpub] Code Signing Working Group

Gerv,
No one is disagreeing with your point that the code signing document and
discussion needs to be moved out of the CA/B Forum, however given that many
members devoted a lot of time and energy into it and that the members who
created it are continuing to try to sort out how and where to move it
forward, the members have asked, quite respectfully, to allow them until
after the upcoming F2F to wind it down.  Personally I don't consider that an
unreasonable request and I cannot for the life of me see why, given the
assurances that you've been given that the WG will be wound down after
Bilbao, why you are so insistent that, 'no, it must end this very minute.'
-Rich

On 5/6/2016 2:17 PM, Gervase Markham wrote:
> Hi Jeremy,
>
> On 06/05/16 15:35, Jeremy Rowley wrote:
>> 2) Creation of the working group by ballot is merely permissive, not 
>> required. When creating the working group, I intentionally did not 
>> ballot the creation to ensure it wasn't required.
> Perhaps off-topic, but: how do you read the bylaws such that you think 
> that working groups can be created without a ballot?
>
>> Plus, it's a defacto working
>> group now considering how long the working group has continued.
> As noted before, I have no interest in arguing about the circumstances 
> of its creation. The question is: once the document was voted down, 
> what do we do now?
>
>> 3) I believe demanding early removal of the working group prior to 
>> its completion is a violation of the bylaws:
> However, I would note that the fact that it was not balloted means 
> that there is no definition of "its completion". That is one of the 
> reasons we require a ballot, with certain things as part of it, to create
WGs.
>
> When do you think the WG reaches "completion" of its work?
>
>> "Members shall not use their
>> participation in the Forum either to promote their own products and 
>> offerings or to restrict or impede the products and offerings of 
>> other Members."
> I am not attempting to impede or restrict anyone's product or offering.
> CAs are still free to issue code signing certificates, and (now that 
> we have freed the document) anyone is free to make it part of their 
> system requirements. Who is being restricted from doing anything, 
> other than putting the "CAB Forum" label on their activities or document?
>
>> 5) Mozilla is claiming the document is solely intended for the Microsoft.
>> This is not the case. We have asked other interested parties to 
>> review the document and would like their participation. Mozilla 
>> itself is free to adopt the document if desired.  The document is a 
>> general document and not Microsoft specific.
> The way the CAB Forum makes official documents is by voting on them. 
> We voted on this one, and declined to make it official. Until there is 
> some prospect of it becoming so, we should stop working on it as part 
> of the Forum.
>
> If that is not the case, and ballots are not required to form WGs, 
> what is to stop a group of members getting together, writing a 
> document, labelling it the "CAB Forum Client Certificate Guidelines" 
> (say) and promoting it as a CAB Forum work product without any votes at
all?
>
>> 7) Procedurally, we've always permitted members to add their own 
>> interests to the agenda. Dean regularly calls for agenda updates. 
>> Although members have always been free to add agenda items, there 
>> isn't a precedent for members to remove agenda items of other 
>> members. The bylaws don't explicitly prohibit removing items from the 
>> agenda. However, unlike the working group, there isn't precedent for 
>> doing so. I object on a procedural basis to unilateral removal of the
agenda item.
> I think that Code Signing is outside the scope of the Forum. However, 
> I can see we might want to have a discussion about Code Signing in 
> general, and would not object to the general topic being on the agenda.
> However, that's not what's happening here - an official Working Group 
> is working on a document with the CAB Forum name on it, and it's being 
> used outside the forum as such, even though there is no chance within 
> the current structure of that document becoming official. That needs 
> to change. The group working on it needs to become unofficial, and the 
> CAB Forum name needs to come off the document.
>
> Neither of these changes should have any effect on what people want to 
> put in the document or use it for. Or, for that matter, whether they 
> can talk about it in Bilbao.
>
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160509/98051f5e/attachment-0001.p7s>


More information about the Public mailing list