[cabfpub] Membership Application of Sony

Wed Jun 27 19:04:01 UTC 2018

Based on the information provided, it is not possible to answer that
question.

The relevance of the CWG is to ensure efficient and productive use of
Sony's time, and members time, by being able to provide a comprehensive set
of questions that can attempt to answer the eligibility, rather than
requiring multiple rounds of iteration and review. It is not essential to
the question you posed, but is essential to a question of Sony performing a
membership application, and thus seems useful to acknowledge and resolve
while collecting questions.

On Wed, Jun 27, 2018 at 2:59 PM Kirk Hall via Public <public at cabforum.org>
wrote:

> I would phrase the question for discussion tomorrow in a more simple
> fashion:
>
>
>
> Based on the information provided by Sony, does Sony “produce[] a
> software product *** intended for use by the general public for relying
> upon certificates”.
>
>
>
> That’s the requirement for a new browser member in our Bylaws.  I don’t
> think the issue of which Chartered Working Group Sony would apply for is
> relevant to this narrow question.  I assume it will be the Server
> Certificate Working Group, as that’s the only CWG we have right now.  We
> can see what any actual application from Sony says after we consider its
> threshold question tomorrow.
>
>
>
> *To Adam Goldberg at Sony**:*  Ryan Sleevi has posed the following
> additional questions – if you have additional information to provide,
> please do it *today* as early as possible so we can consider any
> additional information on our call tomorrow morning.
>
>
>
> 1. What CWGs [Chartered Working Groups] would Sony be interested in
> applying for?
>
>
>
> 2. Where are details about the Software Product (since updates to those
> products are part of our Bylaws)?
>
>
>
> 3. Is the Software Product itself intended for use by the general public
> for relying upon certificates?  An example of how it could not be intended
> for use by the general public is a system that is intended to only connect
> to a single host or a limited set of hosts
>
>
>
> I think Ryan’s reference about updates in Question 2 is based on the
> following additional section of our Bylaws:
>
>
>
> *Bylaw 2.2 Ending Forum Membership ****
>
>
>
> (a) Browser: A Browser member's membership will automatically cease if any
> of the following become true:
>
> 1. It stops providing updates for its membership-qualifying software
> product; or
>
> 2. Six months have elapsed since the last such published update.
>
>
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Wednesday, June 27, 2018 10:36 AM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CABFPub <
> public at cabforum.org>
> *Subject:* [EXTERNAL]Re: [cabfpub] Membership Application of Sony
>
>
>
> So, to make sure we have a clearly defined question and goal, which
> ensures a productive use of our time (rather than ad-hoc discussions), is
> this a correct summary of the exact topic to discuss:
>
>
>
> "Does Sony, which distributes Android TV with additional Sony software
> installed, produce a software product, such as a browser, intended for use
> by the general public for relying upon certificates, based on the
> information currently provided"
>
>
>
> With possible outcomes being:
>
> "Yes"
>
> "No"
> "Here are additional questions that may need to be answered before-hand"?
>
>
>
> Similarly, one presumably repeats that process for all further definitions
> - such as CWG membership groups.
>
>
>
> I can see there are a number of questions that would need to be answered:
>
> - What CWGs would Sony be interested in applying for
>
> - Where are details about the Software Product (since updates to those
> products are part of our Bylaws)
>
> - Is the Software Product itself intended for use by the general public
> for relying upon certificates?
>
>   - An example of how it could not be intended for use by the general
> public is a system that is intended to only connect to a single host or a
> limited set of hosts
>
>
>
> If the discussion is focused on gathering further questions or additional
> information to gather, that can be a productive conversation to have.
>
>
>
>
>
> On Wed, Jun 27, 2018 at 1:21 PM Kirk Hall via Public <public at cabforum.org>
> wrote:
>
> Summary based on quotes from my original email to the list:
>
>
>
> *Original Sony question*: “Can you please describe the bylaw requirement
> of “produces a software product, such as a browser, intended for use by the
> general public for relying upon certificates and is a member of a CWG”?  If
> we produce a hardware product which includes software which relies upon
> (public root) certificates, does that meet the definition of “produces a
> software product”?”
>
>
>
> *Dean Coclin response*: “Perhaps you can help clarify by stating whether
> or not Sony makes the underlying software that runs in the hardware device
> made by Sony?”
>
>
>
> *Sony response*: “Limiting the discussion to televisions (the question
> at-hand), they’re based on Android TV then with Sony software on top.  So,
> “does Sony make the software” is yes and no.  But we **do** write the
> software that does the cryptographic signature validation.”
>
>
>
>
>
> Bylaws provide as follows:
>
>
>
> (a) All Forum members must *** meet at least one of the following
> criteria: ***
>
>
>
> (*3) Certificate Consumer: The member organization produces a software
> product, such as a browser, intended for use by the general public for
> relying upon certificates* and is a member of a CWG [Chartered Working
> Group, such as the new Server Certificate Working Group]*.*
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Wednesday, June 27, 2018 10:13 AM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CABFPub <
> public at cabforum.org>
> *Subject:* Re: [cabfpub] [EXTERNAL]Re: Membership Application of Sony
>
>
>
> I'm having trouble finding a clear summary of the question from the
> message forwarded.
>
>
>
> Could you helpfully re-state it?
>
>
>
> It sounds like the question is "Can we join the Forum without joining a
> CWG" - but that may not be a correct understanding.
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180627/05f168d3/attachment-0003.html>