[cabfpub] Pre-Ballot 206 - Amendment to IPR Policy & Bylaws re Working Group Formation

Tim Hollebeek tim.hollebeek at digicert.com
Mon Jan 22 19:56:14 UTC 2018

I agree we can probably come to a solution on the subcommittee issue very quickly.  It may not even need to be resolved if everyone just agrees that WGs are obviously allowed to designate their own subcommittees as they see fit.


I think part of the problem is that various models have been discussed at various points, and the Governance Reform working group (understandably) settled on one model.  However that decision has subtle consequences that may not have been fully appreciated.


I agree that IP separation is one of the main concerns driving the governance reform effort.  I desperately want to have the Code Signing WG back, which was one of the main drivers of the IP separation.  The Code Signing WG and Server Certificate WGs really do need to be independent.  Any solution we come up really needs to preserve that.


So, I think subcommittees are clear, and WGs on disjoint certificate use cases are clear.  The question I still have is how to handle “cross functional” WGs, like the Network Security LWG or the hypothetical “Baseline Baseline” WG.


A possible solution is that when a WG wants to depend on the output of another WG, it simply requires its members to also be members of the WG that it wants to rely upon.  I think that would solve Wayne’s concern.  For example, both the Code Signing WG and Server Certificate WG could each require their members to be members of the Fundamental CA Security WG, while not requiring membership in each other.  That way anything created by the Fundamental CA Security WG has already been vetted for IPR concerns and can be relied upon by both the Code Signing WG and the Server Certificate WG (for example).


Another possible solution is that the Network Security WG comes up with it’s own document with its own members under its own IPR process, and publishes it.  The Server Certificate WG can then have a ballot to adopt the Network Security WG’s work product, and members of the Server Certificate WG would review the work product for IPR concerns as part of the Server Certificate WG ballot review process.  I suspect this is probably how members of the governance reform working group expected it to work, though I’m speculating (I was unfortunately busy with other things over the last six months and haven’t been able to participate as much as I would have liked to).


There are probably other solutions.  I don’t think there are an major landmines here, but it’s something we should carefully consider.





From: vfournier at apple.com [mailto:vfournier at apple.com] 
Sent: Monday, January 22, 2018 12:38 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>
Cc: Gervase Markham <gerv at mozilla.org>; CA/Browser Forum Public Discussion List <public at cabforum.org>; Wayne Thayer <wthayer at mozilla.com>
Subject: Pre-Ballot 206 - Amendment to IPR Policy & Bylaws re Working Group Formation


We can add the subcommittee language to the Bylaws for clarity - that is not a problem.  As the Governance WG was drafting the documents, we didn’t think subcommittees would be needed with the new multi-WG structure - but if they are needed we can restore the language. 


How do you want to be able to introduce one WGs work product to another WG?  One of the principle goals of this new model was to keep IPR commitments within the WG that a member is participating in.  Are you now saying that you want IPR commitments to apply across all WGs so you can share all work across all WGs?  That would essentially be the IP model the Forum has now, where members have IP commitments across the entire Forum.  


I’m surprised these concerns are coming up now, even though we’ve been discussing these documents for over a year. I wonder if perhaps we’re not all converged on the same model?


Best regards,


Virginia Fournier

Senior Standards Counsel

 Apple Inc.

☏ 669-227-9595

✉︎ vmf at apple.com <mailto:vmf at apple.com> 






On Jan 22, 2018, at 10:16 AM, Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> > wrote:


Yes. We definitely don't want multiple WGs covering server certificates.
The existing WGs in that category need to either go away, or become
subcommittees of the Server Certificate WG.

The problem is this isn't entirely true.

The Validation LWG probably should be a subcommittee of the Server
Certificate WG.  Can it be less formal than it is today (e.g. no charter)?  
Perhaps.  Probably the same for the Policy LWG.

OTOH, the Network Security LWG is addressing issues that are more
likely to apply across multiple different WGs, since they are generic
issues about how to securely run a certificate authority.  Whether the
certificates are for Web PKI or Email or Code Signing doesn't really

We have also discussed at previous F2Fs a "Baseline Baseline" WG 
that would handle things like EKUs and general compliance issues with 
RFC 5280.  Those would also apply to multiple working groups.

I was originally of the opinion that we could probably work that all
out after governance reform, but now I'm very concerned about
Wayne's concern that such generally applicable working groups
might have trouble introducing their work product into other WGs
due to IPR issues.

That would be a very unfortunate result of the governance reform
effort if it turned out to be true.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180122/b7a8f80a/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180122/b7a8f80a/attachment-0003.p7s>

More information about the Public mailing list