[cabfpub] Public Digest, Vol 74, Issue 53

Virginia Fournier vfournier at apple.com
Thu Jun 28 17:58:26 UTC 2018


It’s important to apply the requirements objectively.  We can’t apply the rules one way for one applicant because we want X result, and then apply the rules a different way for another applicant because we want Y result.  People who care about antitrust issues and competition law might be concerned about the inequitable and inconsistent application of rules to achieve a certain result.

Best regards,

Virginia Fournier
Senior Standards Counsel
 Apple Inc.
☏ 669-227-9595
✉︎ vmf at apple.com <mailto:vmf at apple.com>



On Jun 28, 2018, at 8:50 AM, public-request at cabforum.org wrote:

Send Public mailing list submissions to
	public at cabforum.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://cabforum.org/mailman/listinfo/public
or, via email, send a message with subject or body 'help' to
	public-request at cabforum.org

You can reach the person managing the list at
	public-owner at cabforum.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Public digest..."


Today's Topics:

  1. Re: Membership Application of Sony (Phillip)


----------------------------------------------------------------------

Message: 1
Date: Thu, 28 Jun 2018 11:50:13 -0400
From: "Phillip" <philliph at comodo.com>
To: "'Tim Hollebeek'" <tim.hollebeek at digicert.com>, "'CA/Browser Forum
	Public Discussion List'" <public at cabforum.org>, "'Kirk Hall'"
	<Kirk.Hall at entrustdatacard.com>
Subject: Re: [cabfpub] Membership Application of Sony
Message-ID: <016901d40ef7$b4af10f0$1e0d32d0$@comodo.com>
Content-Type: text/plain; charset="utf-8"

Given that this is the first outing for this set of rules, I think it is important to bear in mind the ultimate objective rather than the rules we only just created. That does not mean breaking the rules but we should be prepared to change them if needed. So rather than asking if Sony?s application meets the requirements, I look for how they can meet those requirements. 



That does of course leave open the question of what the ultimate objective is and this will of course differ from member to member. But whatever your objective might happen to be, I suggest that you consider the fact that Sony controls a vast number of devices that are used by consumers every day. Sony was Apple before Apple was Apple and Microsoft before Microsoft was Microsoft.



One objective CABForum has set itself to meet is to encourage use of best practices in management of Trust stores. The ability to update code stores is clearly critical to that objective.  But what if people come to CABForum having decided they want to update their trust stores and are looking for best practices on how to do that?







From: Public <public-bounces at cabforum.org> On Behalf Of Tim Hollebeek via Public
Sent: Thursday, June 28, 2018 8:14 AM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Membership Application of Sony



Right, this was the original intent.



The CABF membership is the union of all CWG memberships.  You can?t just join CABF.



Since there?s only one CWG right now, the SCWG, the membership rules are basically the same as they are now.  But as we add WGs, the membership rules expand by exactly the marginal scope of the new WG.



-Tim



From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Kirk Hall via Public
Sent: Wednesday, June 27, 2018 8:21 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: Re: [cabfpub] Membership Application of Sony



Mike ? see my later message on this subject.  Under the new governance structure, any new member must ?qualify? twice ? once based on the Forum membership requirement (which for browsers is rather vague), and again for whatever Working Group(s) the applicant wants to participate in (there must be at least one).



Here the Forum level requirement for a browser is:



(3) Certificate Consumer: The member organization produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a CWG [Chartered Working Group, such as the new Server Certificate Working Group].



In this case, the requirements for being a browser member of the Server Certificate Working Group are much more specific than the requirements for being a browser member of the Forum itself.  



(3) A Certificate Consumer can participate in this Working Group if it produces a software product intended for use by the general public for browsing the Web securely.



I think that pattern will be repeated as other new WGs are created.  In the end, it will be the WG requirements that will limit how many browsers (Certificate Consumers) get to join.



From: Mike Reilly (GRC) [mailto:Mike.Reilly at microsoft.com] 
Sent: Wednesday, June 27, 2018 4:21 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >; CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: RE: [cabfpub] [EXTERNAL]Re: Membership Application of Sony



It seems like we could eventually end up with a very large number of ?Certificate Consumers? as members of the CABF in pretty short order based on the requirements to qualify for Forum membership.  Would every ?Smart Device? manufacturer qualify?  Not sure what that would mean for the effectiveness of the forum and WGs going forward.  Talk to folks on the call tomorrow.  Thanks, Mike



From: Public <public-bounces at cabforum.org <mailto:public-bounces at cabforum.org> > On Behalf Of Kirk Hall via Public
Sent: Wednesday, June 27, 2018 10:08 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: Re: [cabfpub] [EXTERNAL]Re: Membership Application of Sony



That is my assumption.  First, they want to understand what our Bylaws require for participation as a Certificate Consumer, and whether they would qualify.  That?s what tomorrow?s discussion will be about.



From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Wednesday, June 27, 2018 10:05 AM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >; CABFPub <public at cabforum.org <mailto:public at cabforum.org> >
Subject: [EXTERNAL]Re: [cabfpub] Membership Application of Sony



Kirk,



Can you clarify - are they applying for membership of a CWG as well?



On Wed, Jun 27, 2018 at 12:58 PM Kirk Hall via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:

Sony has contacted the Forum about joining as a browser member.  Sony has asked a question about the membership requirements for browsers in our Bylaws.  We will discuss on our call tomorrow.



To assist in our discussion tomorrow, I am sending out the relevant portions of our Bylaws on browser membership requirements along with the existing discussion with Sony.  (Browser is now called Certificate Consumer in our most recent update to the Bylaws.)



Bylaw 2.1 Qualifying for Forum Membership



(a) All Forum members must *** meet at least one of the following criteria: ***



(3) Certificate Consumer: The member organization produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a CWG [Chartered Working Group, such as the new Server Certificate Working Group].



(b) Applicants should supply the following information:

(1) Confirmation that the applicant satisfies at least one of the membership criteria (and if it satisfies more than one, indication of the single category under which the applicant wishes to apply).

(2) The organization name, as you wish it to appear on the Forum Web site and in official Forum documents.

(3) URL of the applicant's main Web site.

(4) Names and email addresses of employees who will participate in the Forum mail list.

(5) Emergency contact information for security issues related to certificate trust.





From: Questions [mailto:questions-bounces at cabforum.org <mailto:questions-bounces at cabforum.org> ] On Behalf Of Adam.Goldberg at sony.com <mailto:Adam.Goldberg at sony.com> 
Sent: Thursday, June 21, 2018 8:59 AM
To: dean.coclin at digicert.com <mailto:dean.coclin at digicert.com> 
Cc: questions at cabforum.org <mailto:questions at cabforum.org> 
Subject: [EXTERNAL]Re: [cabfquest] Membership Application of Sony



Hi Dean,



Thanks for the quick reply.  Limiting the discussion to televisions (the question at-hand), they?re based on Android TV then with Sony software on top.  So, ?does Sony make the software? is yes and no.



But we *do* write the software that does the cryptographic signature validation.



I hope that answers your question.



Adam



Adam Goldberg

Director, Technical Standards

Technology Standards Office

Sony Electronics, Inc.

202-601-4130 (tel)

571-363-9778 (mobile)



From: Dean Coclin [mailto:dean.coclin at digicert.com] 
Sent: Thursday, June 21, 2018 11:44 AM
To: Goldberg, Adam <Adam.Goldberg at sony.com <mailto:Adam.Goldberg at sony.com> >
Cc: questions at cabforum.org <mailto:questions at cabforum.org> 
Subject: RE: Membership Application of Sony



Hello Adam,



Thank you for contacting the CA/B Forum. This question will have to be discussed by the members. I will ask the chair to put it on the agenda for the next meeting which is in 1 week.

Perhaps you can help clarify by stating whether or not Sony makes the underlying software that runs in the hardware device made by Sony?



Best regards,



Dean Coclin

for the CA/B Forum



From: Questions [mailto:questions-bounces at cabforum.org] On Behalf Of Adam.Goldberg at sony.com <mailto:Adam.Goldberg at sony.com> 
Sent: Thursday, June 21, 2018 8:10 AM
To: questions at cabforum.org <mailto:questions at cabforum.org> 
Subject: [cabfquest] Membership Application of Sony



Hi,



Can you please describe the bylaw requirement of ?produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a CWG??



If we produce a hardware product which includes software which relies upon (public root) certificates, does that meet the definition of ?produces a software product??



If our situation fits within the definition of a ?Certificate Consumer organization?, I will follow-up with a complete application (following legal review of the IPR documents).



Thanks.







Adam Goldberg

Director, Technical Standards

Technology Standards Office

Sony Electronics, Inc.

202-601-4130 (tel)

571-363-9778 (mobile)



_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org> 
https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180628/3cba688a/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public


------------------------------

End of Public Digest, Vol 74, Issue 53
**************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180628/5d61cd7a/attachment-0002.html>


More information about the Public mailing list