[cabfpub] Membership Application of Sony

Kirk Hall Kirk.Hall at entrustdatacard.com
Wed Jun 27 18:59:03 UTC 2018


I would phrase the question for discussion tomorrow in a more simple fashion:

Based on the information provided by Sony, does Sony “produce[] a software product *** intended for use by the general public for relying upon certificates”.

That’s the requirement for a new browser member in our Bylaws.  I don’t think the issue of which Chartered Working Group Sony would apply for is relevant to this narrow question.  I assume it will be the Server Certificate Working Group, as that’s the only CWG we have right now.  We can see what any actual application from Sony says after we consider its threshold question tomorrow.

To Adam Goldberg at Sony:  Ryan Sleevi has posed the following additional questions – if you have additional information to provide, please do it today as early as possible so we can consider any additional information on our call tomorrow morning.

1. What CWGs [Chartered Working Groups] would Sony be interested in applying for?

2. Where are details about the Software Product (since updates to those products are part of our Bylaws)?

3. Is the Software Product itself intended for use by the general public for relying upon certificates?  An example of how it could not be intended for use by the general public is a system that is intended to only connect to a single host or a limited set of hosts

I think Ryan’s reference about updates in Question 2 is based on the following additional section of our Bylaws:

Bylaw 2.2 Ending Forum Membership ***

(a) Browser: A Browser member's membership will automatically cease if any of the following become true:
1. It stops providing updates for its membership-qualifying software product; or
2. Six months have elapsed since the last such published update.


From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Wednesday, June 27, 2018 10:36 AM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>; CABFPub <public at cabforum.org>
Subject: [EXTERNAL]Re: [cabfpub] Membership Application of Sony

So, to make sure we have a clearly defined question and goal, which ensures a productive use of our time (rather than ad-hoc discussions), is this a correct summary of the exact topic to discuss:

"Does Sony, which distributes Android TV with additional Sony software installed, produce a software product, such as a browser, intended for use by the general public for relying upon certificates, based on the information currently provided"

With possible outcomes being:
"Yes"
"No"
"Here are additional questions that may need to be answered before-hand"?

Similarly, one presumably repeats that process for all further definitions - such as CWG membership groups.

I can see there are a number of questions that would need to be answered:
- What CWGs would Sony be interested in applying for
- Where are details about the Software Product (since updates to those products are part of our Bylaws)
- Is the Software Product itself intended for use by the general public for relying upon certificates?
  - An example of how it could not be intended for use by the general public is a system that is intended to only connect to a single host or a limited set of hosts

If the discussion is focused on gathering further questions or additional information to gather, that can be a productive conversation to have.


On Wed, Jun 27, 2018 at 1:21 PM Kirk Hall via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:
Summary based on quotes from my original email to the list:

Original Sony question: “Can you please describe the bylaw requirement of “produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a CWG”?  If we produce a hardware product which includes software which relies upon (public root) certificates, does that meet the definition of “produces a software product”?”

Dean Coclin response: “Perhaps you can help clarify by stating whether or not Sony makes the underlying software that runs in the hardware device made by Sony?”

Sony response: “Limiting the discussion to televisions (the question at-hand), they’re based on Android TV then with Sony software on top.  So, “does Sony make the software” is yes and no.  But we *do* write the software that does the cryptographic signature validation.”


Bylaws provide as follows:

(a) All Forum members must *** meet at least one of the following criteria: ***

(3) Certificate Consumer: The member organization produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a CWG [Chartered Working Group, such as the new Server Certificate Working Group].

From: Ryan Sleevi [mailto:sleevi at google.com<mailto:sleevi at google.com>]
Sent: Wednesday, June 27, 2018 10:13 AM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com<mailto:Kirk.Hall at entrustdatacard.com>>; CABFPub <public at cabforum.org<mailto:public at cabforum.org>>
Subject: Re: [cabfpub] [EXTERNAL]Re: Membership Application of Sony

I'm having trouble finding a clear summary of the question from the message forwarded.

Could you helpfully re-state it?

It sounds like the question is "Can we join the Forum without joining a CWG" - but that may not be a correct understanding.
_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180627/4c7a20a7/attachment-0003.html>


More information about the Public mailing list