[cabfpub] [EXTERNAL]Re: CA/Browser Face to Face Meeting 41 Agenda – Berlin

Ryan Sleevi sleevi at google.com
Fri Jun 16 08:57:31 MST 2017 

Rich,

I'm sorry I wasn't clearer, but it appears you've misunderstood what I was
suggesting. I was suggesting that we should not limit it simply to "large
enterprises" - as has been suggested - since if our goal is to obtain
valuable feedback from the ecosystem, we should value all feedback.

It sounds like you have a particular objective or agenda in mind, which so
far hasn't been communicated, and certainly not as part of a public
invitation for comment, so I'm hoping we can use this time to make such a
proper invitation. I do think it may be an undesirable result if the Chair
exclusively invited participants to further a particular agenda, since the
Chair is supposed to be a neutral party, so I'm sure you can understand the
desire for greater transparency.

However, even to your specific point - which, to be clear, was not a
position I was advocating and not representative of what I was suggesting -
if our goal is to understand the impact of Forum Timetables, then surely
you would agree that it would be valuable to hear from those who view our
timetables as too slow as much as it would be to hear from those who
believe our timetables are too fast. Certainly, it would not be difficult
to find a number of organizations and contributors - both small and large -
who would share their concerns that the Forum is particularly slow in
enacting necessary and valuable security changes.

On Thu, Jun 15, 2017 at 12:03 PM, Rich Smith <richard.smith at comodo.com>
wrote:

> Ryan,
>
> I’m not sure I see the point of hearing from those who have had no
> difficulty with our past timetables.  If they had no difficulties, then it
> seems, for them, our processes and timetables were perfectly acceptable, so
> what is it that we might learn from them, at least at this stage?  I think
> their feedback might be far more useful once we are all better informed as
> to the specific issues those who have had problems have faced.  At that
> point those who did not have a problem meeting our timetables might be able
> to look at the details and say, “Yes, we had a similar issue, but here’s
> how we solved it,” which would certainly be of benefit.  I just don’t see a
> lot of benefit of having someone come in at this point to say, “Everything
> is great for us, carry on.”
>
>
>
> Regards,
>
> Rich
>
>
>
> *From:* Public [mailto:public-bounces at cabforum.org] *On Behalf Of *Ryan
> Sleevi via Public
> *Sent:* Wednesday, June 14, 2017 2:50 PM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>
> *Cc:* Ryan Sleevi <sleevi at google.com>; CA/Browser Forum Public Discussion
> List <public at cabforum.org>
>
> *Subject:* Re: [cabfpub] [EXTERNAL]Re: CA/Browser Face to Face Meeting 41
> Agenda – Berlin
>
>
>
> Kirk,
>
>
>
> While as you know, we are thrilled to see a proposal for greater
> participation of the public, a point that Google has supported for a number
> of years, but which TrendMicro and several other members of the Forum at
> the time opposed, it does bear highlighting that there's a selection bias
> being exercised. My hope is that by correcting for that selection bias, we
> might receive more useful, earnest, and valuable feedback for the Forum, if
> we are admitting that the Forum benefits from participation of more than
> just the CAs and browsers.
>
>
>
> For example, you've proposed "major website users of certificates with
> complex infrastructures". We've previously heard from organizations who had
> difficulty replacing their SHA-1 certificates with SHA-256 certificates,
> but we did not afford much time for the many millions of users - and
> certificate holders - who either did not have such difficulty or who were
> put at risk from such difficulties.
>
>
>
> My hope is that by being open in a way that is truly meaningful, we might
> have a more robust picture of the ecosystem. While I realize that major
> website users may represent CAs largest customers, either by volume or by
> cost, and thus there is a predisposition to those opinions, considering
> that we collectively are managing a global shared resource whose security
> is critical for the Internet, we should take into consideration a fullness
> of views.
>
>
>
> As much as I appreciate your suggestion of a separate section, might I
> suggest that it might be more useful to focus on a single section, with
> open participation? That is, preselecting ontologies would only serve to
> alienate users, but it would seem your goal is a more robust participatory
> model.
>
>
>
> On Wed, Jun 14, 2017 at 9:53 AM, Kirk Hall <Kirk.Hall at entrustdatacard.com>
> wrote:
>
> My intent is to allow major website users of certificates with complex
> infrastructures to tell us about their experiences with and comments on
> rule changes, and how they are implemented.  Right now, I’m not sure
> whether or not the enterprises will be available during our meeting, but if
> not we can schedule during a late teleconference call.
>
>
>
> You can certainly approach this from another angle as well, and bring in
> users in general who have interesting and useful things to say to the
> Forum.  I think we still have some time slots available if you want to
> organize that as a separate session.  Let me know if you want to do that,
> and how much time you would like.
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Wednesday, June 14, 2017 3:04 AM
> *To:* CA/Browser Forum Public Discussion List <public at cabforum.org>
> *Cc:* Kirk Hall <Kirk.Hall at entrustdatacard.com>
>
>
> *Subject:* Re: [cabfpub] [EXTERNAL]Re: CA/Browser Face to Face Meeting 41
> Agenda – Berlin
>
>
>
> Kirk,
>
>
>
> Could you clarify your intent? You mentioned "any other enterprise users"
> - but I believe the goal is certificate users in general (i.e. more broadly
> than just enterprise).
>
>
>
> Is that correct?
>
>
>
> On Tue, Jun 13, 2017 at 6:03 PM, Kirk Hall via Public <public at cabforum.org>
> wrote:
>
> I will present names and companies once their participation is confirmed.
> Yes, at the Chair’s invitation, but I will additionally “invite” any other
> enterprise users others may propose to tell their stories.
>
>
>
> I’d point out that over the years we have heard from many people and
> organizations at our meetings.  It’s been very useful.
>
>
>
> *From:* Public [mailto:public-bounces at cabforum.org] *On Behalf Of *Peter
> Bowen via Public
> *Sent:* Tuesday, June 13, 2017 2:35 PM
> *To:* CA/Browser Forum Public Discussion List <public at cabforum.org>
> *Cc:* Peter Bowen <pzb at amzn.com>
> *Subject:* Re: [cabfpub] [EXTERNAL]Re: CA/Browser Face to Face Meeting 41
> Agenda – Berlin
>
>
>
>
>
> On Jun 13, 2017, at 2:28 PM, Ryan Sleevi via Public <public at cabforum.org>
> wrote:
>
>
>
>
>
>
>
> On Tue, Jun 13, 2017 at 5:00 PM, Kirk Hall via Public <public at cabforum.org>
> wrote:
>
> On your first question - some major enterprise users would like to present
> their ideas and concerns about SSL certificate rules, changes, etc. from
> their perspective, which I know the browsers have wanted (rather than
> hearing it reported by the CAs who provide the certs to enterprise
> customers).
>
>
>
> To be clear: Several browsers have wanted open participation. I would
> suggest that having CA-selected participants, without explanation (as Gerv
> had to seek) is perhaps detrimental to the productive dialog, in as much as
> it allows the Chair - and CA members - to favour particular viewpoints to
> the detriment of the overall ecosystem.
>
>
>
> Might I suggest that it might not be appropriate?
>
>
>
> I think we should welcome hearing from certificate users directly.
>
>
>
> Kirk: Can you provide a list of certificate users who will be presenting,
> including their affiliation?  I’m assuming they are attending the F2F at
> the invitation of the Chair.
>
>
>
> Thanks,
>
> Peter
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170616/04cc9658/attachment-0001.html>

More information about the Public mailing list