[cabfpub] Draft Charter for Server Certificate Working Group

Gervase Markham gerv at mozilla.org
Wed Oct 25 09:35:17 UTC 2017

Hi Ben,

On 24/10/17 19:06, Ben Wilson via Public wrote:
> For everyone’s review, here is a draft charter from the Governance
> Reform Committee.

This looks generally good. I have one small concern, and then a larger
question regarding the framing around "membership":

> The Server Certificate Working Group will not address certificates
> intended to be used solely for code signing, S/MIME, time-stamping,
> VoIP, IM, or Web services.

What is a "Web service" in this context? Why would such a thing not use
a server certificate?

> *Members eligible to participate*:  

This reads as if there's a pool of "members" and that some of them are
eligible to participate. However, I believe we have decided that the
membership model is that people are members of the Forum only insofar as
they are members of a Working Group. Therefore, I suggest we need to
tweak the way we talk about this and say something like:

*Participant Eligibility*

The Working Group shall consist of two classes of voting members, the CA
Class and the Browser Class.

CAs meeting one of the following two criteria may be admitted to the CA

(1) Issuing CA: The organization operates a certification authority that
has a current and successful WebTrust for CAs audit, or ETSI TS 102042,
ETSI 101456, or ETSI EN 319 411-1 audit report prepared by a
properly-qualified auditor, and that actively issues certificates to Web
servers that are openly accessible from the Internet, such certificates
being treated as valid when using a browser created by at least one
current member of the Browser Class. Organizations that are not actively
issuing certificates but otherwise meet membership criteria may be
granted Associate Member status under Bylaw Sec. 3.1 for a period of
time to be designated by the Forum.

... <similar rephrasing for (2)>

Non-CAs meeting the following criterion may be admitted to the Browser

The Browser Class is open to organizations that produce a software
product intended for use by the general public for browsing the Web

How will associate membership work? I assume one becomes an associate
member of a particular WG, just as one is a member of a particular WG?


More information about the Public mailing list