[cabfpub] Is DigiCert a member of the Server Certificate Working Group?

Tim Hollebeek tim.hollebeek at digicert.com
Tue Jul 3 21:04:31 UTC 2018

I agree to your proposal.




From: Kirk Hall [mailto:Kirk.Hall at entrustdatacard.com] 
Sent: Tuesday, July 3, 2018 4:33 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; CA/Browser Forum Public
Discussion List <public at cabforum.org>
Subject: RE: [cabfpub] Is DigiCert a member of the Server Certificate
Working Group?


Tim, if I recall correctly, you were the one a few days ago that suggested
we give CAs and browsers who have signed the IPRA v1.3 but have not
indicated an intent to participate in the SCWG an additional 60 days to
declare their intent to participate, right?  And I agreed with your
suggestion.  So I don't think anyone who has signed the IPRA loses their
current membership status for the next 60 days, thanks to your suggestion.


Man, who knew this could be so complicated?  If I understand your position
correctly, a CA or browser can immediately claim SCWG membership simply by
submitting the IPRA, saying it meets the WG membership requirements,
declaring interest in participating in the WG, and saying "therefore I'm a
WG member", correct?  All self-assertion.  But what if Freedonia CA (or
Freedonia Browser), whom we've never hear of, does that?  Is Freedonia CA
automatically a member of the WG as of today?  (I don't think so.)


To finish this up, let's just both be right - you can assert your
interpretation of what it takes to be a WG member (basically returning the
IPRA, showing interest in participation, and automatically becoming a WG
member with no review from other Forum members) - that's fine, and it will
do no harm so long as no difficult questions arise before July 12 like who
can vote, etc.  I will then proceed on the July 12 initial teleconference
meeting of the SCWG as I have indicated, listing who has effectively applied
for membership of the SCWG, indicating they appear to qualify, and ask if
anyone has an objection.  That way we have it covered.


I'm taking some time off for the holiday, so may not be able to respond to
further discussion on this topic.


From: Tim Hollebeek [mailto:tim.hollebeek at digicert.com] 
Sent: Tuesday, July 3, 2018 12:07 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com
<mailto:Kirk.Hall at entrustdatacard.com> >; CA/Browser Forum Public Discussion
List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: [EXTERNAL]RE: [cabfpub] Is DigiCert a member of the Server
Certificate Working Group?


The problem with that interpretation is that as of tomorrow, all members are
not members of the Server Certificate Working Group, and by the Bylaws,
their membership in the Forum immediately ceases.  If I have to, I will
dispute Entrust's membership under the bylaws if that's what it is going to
take in order to get clarity on working group membership, and to get the
Bylaws enforced as written, without additional ad hoc unwritten criteria.
The chair will then have five working days to investigate his employer's
membership, and hopefully will come to the conclusion that Entrust is in
fact a member of the SCWG, and their membership will not immediately cease.
I'm optimistic that the same courtesy will also be extended to all other
similarly situated members after that experience.


I would strongly prefer to see the process implemented the way the
Governance Reform Working Group intended for it to be implemented.  This
arbitrary and unnecessary delay serves no purpose other than to obstruct the
functioning of the working group.  I have a ballot one of the browsers has
asked us to post for the group's consideration, and the Bylaws make it very
clear that we have the right to post it.




From: Kirk Hall [mailto:Kirk.Hall at entrustdatacard.com] 
Sent: Tuesday, July 3, 2018 2:32 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com
<mailto:tim.hollebeek at digicert.com> >; CA/Browser Forum Public Discussion
List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: [cabfpub] Is DigiCert a member of the Server Certificate Working


Tim, you have explained your position very well, and it's clearly one
reasonable interpretation of Ballot 206 and the new Bylaws as to how we
establish the initial membership of the new Server Certificate Working


As the initial Chair of the SCWG under Ballot 206, I plan to take a slightly
different approach, but I don't think it interferes with what you want to
do.  Various people have noted in the past couple of weeks that Ballot 206
didn't really provide a clear process for establishing who were initial SCWG
members - maybe we should add language to new WG Charters in the future to
solve that issue.


We do have a process in our Bylaws for how we admit new Members to the Forum
itself at Bylaw 2.1(c), which provides: 


"An Applicant shall become a Member once the Forum has determined by
consensus among the Members during a Forum Meeting or Forum Teleconference
that the Applicant meets all of the requirements of subsection (a) or, upon
the request of any Member, by a Ballot among the Members. Acceptance by
consensus shall be determined or a Ballot of the Members shall be held as
soon as the Applicant indicates that it has presented all information
required under subsection (b) and has responded to all follow-up questions
from the Forum and the Member has complied with the requirements of Section


So I plan to mimic that procedure on our July 12 organizational
teleconference for the SCWG by listing the Forum members who have signed the
IPRA and indicated an intent to participate on the SCWG, saying these
companies appear to qualify for SCWG membership under the SCWG Charter, and
asking if the anyone believes that any of the Forum members on the list do
not qualify for serving as members on the SCWG.  I expect there will be no
objections, and therefore we will have established by consensus on a
teleconference that all the Forum members who signed the IPRA and indicated
interest in participation are initial members of the SCWG. (That's kind of
like the purpose of your email below, but more efficient as it covers all
members at once.)  This will take maybe 30 seconds, then we will get to


From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Tim Hollebeek
via Public
Sent: Tuesday, July 3, 2018 10:23 AM
To: CABFPub <public at cabforum.org <mailto:public at cabforum.org> >
Subject: [EXTERNAL][cabfpub] Is DigiCert a member of the Server Certificate
Working Group?



The Server Certificate Working Group has existed for a long time.  Ballot
206 approved its charter (item 3), effective immediately.  The 90 day
waiting period only affects the Bylaws and IPR policy.


As stated on the governance reform working group, the intent was to mirror
the functioning of the existing forum whenever possible.  As such, it cannot
be the case that the charter refers to Ben Wilson and Kirk Hall in their
personal capacity.  This argument was never made during the development of
the ballot, and was not the intent.  Indeed, neither has signed the IPR
policy in their personal capacity, and are ineligible to serve as chair or
vice chair of the forum in their personal capacity ("The offices of Chair
and Vice Chair may only be filled by Forum Member representatives").  If it
was intended that officers of the SCWG were to serve in their personal
capacity, unlike the main forum, the charter would have certainly pointed
out that important difference.


I think it's quite clear that both persons are serving in their professional
capacity as representatives of their member companies.  I stated on several
occasions that my reading was that DigiCert and Entrust would be the first
two new members of the SCWG, and no one disagreed with me.  I even brought
up the exotic side case of "what happens if DigiCert or Entrust doesn't sign
the IPR policy?" and was rightly accused of being paranoid and was assured
that wouldn't happen.  Both companies have expressed interest in joining the
SCWG, and both have signed the new IPR policy, so I think it's clear at
least that those two companies are members.


Even if that argument doesn't hold, they are also members for the same
reason I believe the SCWG currently has a bunch of other members as well,
since all they have to do is sign the new IPR policy and declare their
intent to participate.  


The Vice Chair suggested three methods of declaring intent to participate:


1.	email the public list, and formally declare their participation in
the Server Certificate Working Group


In case previous declarations have not sufficed, I hereby formally declare
that DigiCert is participating in the Server Certificate Working Group.  I
am willing to repeat this declaration at any time and using any reasonable


2.	subscribe to the mailing list -


Yup, I'm on it.


3.	list self on wiki page


We're on it.  By my count, the number of members already exceeds the quorum
of ten.


So the Server Certificate Working Group exists and has members.  YAY!
Anyone else disagree, and more importantly, can you justify your beliefs
using the bylaws?





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180703/cd09612e/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180703/cd09612e/attachment-0003.p7s>

More information about the Public mailing list