[cabfpub] Is DigiCert a member of the Server Certificate Working Group?

Tim Hollebeek tim.hollebeek at digicert.com
Tue Jul 3 19:21:01 UTC 2018

Yup, I agree that after this experience, we should “upgrade” the charter(s) and/or Bylaws to make this procedure clear.  Will be happy to support any effort to do so.




From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Tuesday, July 3, 2018 3:14 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; CABFPub <public at cabforum.org>
Cc: Kirk Hall <Kirk.Hall at entrustdatacard.com>
Subject: Re: [cabfpub] Is DigiCert a member of the Server Certificate Working Group?


It seems Tim is rightfully pointing out a problem with Kirk's interpretation and planned procedures.


If you apply Kirk's planned procedure, then no member is a member of the SCWG (presumably, including Entrust and DigiCert), and further, by virtue of not being a member of a WG, is further no longer eligible as a member in the Forum.

We also cannot simply grandfather members in - the participation within a WG brings with it certain obligations re: IPR policy.


A proposal has been put forth that, procedurally, resolves these issues, by virtue of allowing recognizing the self-declared interest and automatic recognition.

It does not, however, resolve the lack of clarity regarding the WG procedures.

It seems that Tim's plan resolves the issue to the least ambiguity, allowing a further resolution of the SCWG charter.


On Tue, Jul 3, 2018 at 3:07 PM Tim Hollebeek via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:

The problem with that interpretation is that as of tomorrow, all members are not members of the Server Certificate Working Group, and by the Bylaws, their membership in the Forum immediately ceases.  If I have to, I will dispute Entrust’s membership under the bylaws if that’s what it is going to take in order to get clarity on working group membership, and to get the Bylaws enforced as written, without additional ad hoc unwritten criteria.  The chair will then have five working days to investigate his employer’s membership, and hopefully will come to the conclusion that Entrust is in fact a member of the SCWG, and their membership will not immediately cease.  I’m optimistic that the same courtesy will also be extended to all other similarly situated members after that experience.


I would strongly prefer to see the process implemented the way the Governance Reform Working Group intended for it to be implemented.  This arbitrary and unnecessary delay serves no purpose other than to obstruct the functioning of the working group.  I have a ballot one of the browsers has asked us to post for the group’s consideration, and the Bylaws make it very clear that we have the right to post it.




From: Kirk Hall [mailto:Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> ] 
Sent: Tuesday, July 3, 2018 2:32 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> >; CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: [cabfpub] Is DigiCert a member of the Server Certificate Working Group?


Tim, you have explained your position very well, and it’s clearly one reasonable interpretation of Ballot 206 and the new Bylaws as to how we establish the initial membership of the new Server Certificate Working Group.


As the initial Chair of the SCWG under Ballot 206, I plan to take a slightly different approach, but I don’t think it interferes with what you want to do.  Various people have noted in the past couple of weeks that Ballot 206 didn’t really provide a clear process for establishing who were initial SCWG members – maybe we should add language to new WG Charters in the future to solve that issue.


We do have a process in our Bylaws for how we admit new Members to the Forum itself at Bylaw 2.1(c), which provides: 


“An Applicant shall become a Member once the Forum has determined by consensus among the Members during a Forum Meeting or Forum Teleconference that the Applicant meets all of the requirements of subsection (a) or, upon the request of any Member, by a Ballot among the Members. Acceptance by consensus shall be determined or a Ballot of the Members shall be held as soon as the Applicant indicates that it has presented all information required under subsection (b) and has responded to all follow-up questions from the Forum and the Member has complied with the requirements of Section 5.5.”  


So I plan to mimic that procedure on our July 12 organizational teleconference for the SCWG by listing the Forum members who have signed the IPRA and indicated an intent to participate on the SCWG, saying these companies appear to qualify for SCWG membership under the SCWG Charter, and asking if the anyone believes that any of the Forum members on the list do not qualify for serving as members on the SCWG.  I expect there will be no objections, and therefore we will have established by consensus on a teleconference that all the Forum members who signed the IPRA and indicated interest in participation are initial members of the SCWG. (That’s kind of like the purpose of your email below, but more efficient as it covers all members at once.)  This will take maybe 30 seconds, then we will get to work.


From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Tim Hollebeek via Public
Sent: Tuesday, July 3, 2018 10:23 AM
To: CABFPub <public at cabforum.org <mailto:public at cabforum.org> >
Subject: [EXTERNAL][cabfpub] Is DigiCert a member of the Server Certificate Working Group?



The Server Certificate Working Group has existed for a long time.  Ballot 206 approved its charter (item 3), effective immediately.  The 90 day waiting period only affects the Bylaws and IPR policy.


As stated on the governance reform working group, the intent was to mirror the functioning of the existing forum whenever possible.  As such, it cannot be the case that the charter refers to Ben Wilson and Kirk Hall in their personal capacity.  This argument was never made during the development of the ballot, and was not the intent.  Indeed, neither has signed the IPR policy in their personal capacity, and are ineligible to serve as chair or vice chair of the forum in their personal capacity (“The offices of Chair and Vice Chair may only be filled by Forum Member representatives”).  If it was intended that officers of the SCWG were to serve in their personal capacity, unlike the main forum, the charter would have certainly pointed out that important difference.


I think it’s quite clear that both persons are serving in their professional capacity as representatives of their member companies.  I stated on several occasions that my reading was that DigiCert and Entrust would be the first two new members of the SCWG, and no one disagreed with me.  I even brought up the exotic side case of “what happens if DigiCert or Entrust doesn’t sign the IPR policy?” and was rightly accused of being paranoid and was assured that wouldn’t happen.  Both companies have expressed interest in joining the SCWG, and both have signed the new IPR policy, so I think it’s clear at least that those two companies are members.


Even if that argument doesn’t hold, they are also members for the same reason I believe the SCWG currently has a bunch of other members as well, since all they have to do is sign the new IPR policy and declare their intent to participate.  


The Vice Chair suggested three methods of declaring intent to participate:


1.	email the public list, and formally declare their participation in the Server Certificate Working Group


In case previous declarations have not sufficed, I hereby formally declare that DigiCert is participating in the Server Certificate Working Group.  I am willing to repeat this declaration at any time and using any reasonable method.


2.	subscribe to the mailing list -


Yup, I’m on it.


3.	list self on wiki page


We’re on it.  By my count, the number of members already exceeds the quorum of ten.


So the Server Certificate Working Group exists and has members.  YAY!  Anyone else disagree, and more importantly, can you justify your beliefs using the bylaws?





Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180703/e7b4849a/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180703/e7b4849a/attachment-0003.p7s>

More information about the Public mailing list