[cabfpub] Membership Application of Sony

Mike Reilly (GRC) Mike.Reilly at microsoft.com
Thu Jun 28 15:05:18 UTC 2018


Thanks Kirk.  That helps clarify.  Sorry I missed your later mail.  Mike

From: Public <public-bounces at cabforum.org> On Behalf Of Kirk Hall via Public
Sent: Wednesday, June 27, 2018 5:21 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Membership Application of Sony

Mike – see my later message on this subject.  Under the new governance structure, any new member must “qualify” twice – once based on the Forum membership requirement (which for browsers is rather vague), and again for whatever Working Group(s) the applicant wants to participate in (there must be at least one).

Here the Forum level requirement for a browser is:

(3) Certificate Consumer: The member organization produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a CWG [Chartered Working Group, such as the new Server Certificate Working Group].

In this case, the requirements for being a browser member of the Server Certificate Working Group are much more specific than the requirements for being a browser member of the Forum itself.

(3) A Certificate Consumer can participate in this Working Group if it produces a software product intended for use by the general public for browsing the Web securely.

I think that pattern will be repeated as other new WGs are created.  In the end, it will be the WG requirements that will limit how many browsers (Certificate Consumers) get to join.

From: Mike Reilly (GRC) [mailto:Mike.Reilly at microsoft.com]
Sent: Wednesday, June 27, 2018 4:21 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com<mailto:Kirk.Hall at entrustdatacard.com>>; CA/Browser Forum Public Discussion List <public at cabforum.org<mailto:public at cabforum.org>>
Subject: RE: [cabfpub] [EXTERNAL]Re: Membership Application of Sony

It seems like we could eventually end up with a very large number of “Certificate Consumers” as members of the CABF in pretty short order based on the requirements to qualify for Forum membership.  Would every “Smart Device” manufacturer qualify?  Not sure what that would mean for the effectiveness of the forum and WGs going forward.  Talk to folks on the call tomorrow.  Thanks, Mike

From: Public <public-bounces at cabforum.org<mailto:public-bounces at cabforum.org>> On Behalf Of Kirk Hall via Public
Sent: Wednesday, June 27, 2018 10:08 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org<mailto:public at cabforum.org>>
Subject: Re: [cabfpub] [EXTERNAL]Re: Membership Application of Sony

That is my assumption.  First, they want to understand what our Bylaws require for participation as a Certificate Consumer, and whether they would qualify.  That’s what tomorrow’s discussion will be about.

From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Wednesday, June 27, 2018 10:05 AM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com<mailto:Kirk.Hall at entrustdatacard.com>>; CABFPub <public at cabforum.org<mailto:public at cabforum.org>>
Subject: [EXTERNAL]Re: [cabfpub] Membership Application of Sony

Kirk,

Can you clarify - are they applying for membership of a CWG as well?

On Wed, Jun 27, 2018 at 12:58 PM Kirk Hall via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:
Sony has contacted the Forum about joining as a browser member.  Sony has asked a question about the membership requirements for browsers in our Bylaws.  We will discuss on our call tomorrow.

To assist in our discussion tomorrow, I am sending out the relevant portions of our Bylaws on browser membership requirements along with the existing discussion with Sony.  (Browser is now called Certificate Consumer in our most recent update to the Bylaws.)

Bylaw 2.1 Qualifying for Forum Membership

(a) All Forum members must *** meet at least one of the following criteria: ***

(3) Certificate Consumer: The member organization produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a CWG [Chartered Working Group, such as the new Server Certificate Working Group].

(b) Applicants should supply the following information:
(1) Confirmation that the applicant satisfies at least one of the membership criteria (and if it satisfies more than one, indication of the single category under which the applicant wishes to apply).
(2) The organization name, as you wish it to appear on the Forum Web site and in official Forum documents.
(3) URL of the applicant's main Web site.
(4) Names and email addresses of employees who will participate in the Forum mail list.
(5) Emergency contact information for security issues related to certificate trust.


From: Questions [mailto:questions-bounces at cabforum.org<mailto:questions-bounces at cabforum.org>] On Behalf Of Adam.Goldberg at sony.com<mailto:Adam.Goldberg at sony.com>
Sent: Thursday, June 21, 2018 8:59 AM
To: dean.coclin at digicert.com<mailto:dean.coclin at digicert.com>
Cc: questions at cabforum.org<mailto:questions at cabforum.org>
Subject: [EXTERNAL]Re: [cabfquest] Membership Application of Sony

Hi Dean,

Thanks for the quick reply.  Limiting the discussion to televisions (the question at-hand), they’re based on Android TV then with Sony software on top.  So, “does Sony make the software” is yes and no.

But we *do* write the software that does the cryptographic signature validation.

I hope that answers your question.

Adam

Adam Goldberg
Director, Technical Standards
Technology Standards Office
Sony Electronics, Inc.
202-601-4130 (tel)
571-363-9778 (mobile)

From: Dean Coclin [mailto:dean.coclin at digicert.com]
Sent: Thursday, June 21, 2018 11:44 AM
To: Goldberg, Adam <Adam.Goldberg at sony.com<mailto:Adam.Goldberg at sony.com>>
Cc: questions at cabforum.org<mailto:questions at cabforum.org>
Subject: RE: Membership Application of Sony

Hello Adam,

Thank you for contacting the CA/B Forum. This question will have to be discussed by the members. I will ask the chair to put it on the agenda for the next meeting which is in 1 week.
Perhaps you can help clarify by stating whether or not Sony makes the underlying software that runs in the hardware device made by Sony?

Best regards,

Dean Coclin
for the CA/B Forum

From: Questions [mailto:questions-bounces at cabforum.org] On Behalf Of Adam.Goldberg at sony.com<mailto:Adam.Goldberg at sony.com>
Sent: Thursday, June 21, 2018 8:10 AM
To: questions at cabforum.org<mailto:questions at cabforum.org>
Subject: [cabfquest] Membership Application of Sony

Hi,

Can you please describe the bylaw requirement of “produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a CWG”?

If we produce a hardware product which includes software which relies upon (public root) certificates, does that meet the definition of “produces a software product”?

If our situation fits within the definition of a “Certificate Consumer organization”, I will follow-up with a complete application (following legal review of the IPR documents).

Thanks.



Adam Goldberg
Director, Technical Standards
Technology Standards Office
Sony Electronics, Inc.
202-601-4130 (tel)
571-363-9778 (mobile)

_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fpublic&data=02%7C01%7CMike.Reilly%40microsoft.com%7Cc571b88795bf4d007c7408d5dc50a06a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636657161216531661&sdata=jFTyJ8WHEUFX0CbeGbxVDHd2GwfurmMzp5Qv5jTvhaw%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180628/0269576c/attachment-0003.html>


More information about the Public mailing list