[cabfpub] For Discussion: S/MIME Working Group Charter

Ryan Sleevi sleevi at google.com
Fri May 18 00:52:43 UTC 2018


On Thu, May 17, 2018 at 8:12 PM, Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:

> I agree that “web-based mail” may be problematic.  That’s why I went with
> S/MIME.  I was just throwing it out there, because of the popularity of
> things like, say, GMail :)
>

While this doesn't really answer the question in a way that helps further
the discussion, it sounds like we're in agreement that the answer is no,
"web-based mail" has no place in the charter because it's a concept without
any defined relation to any of the rest of the proposed charter. These were
the sort of things I was raising as concerns in rushed proposals of
charters - and is exactly why these sorts of thing take time.


> Also, the S/MIME EV Guidelines may be identical to the Web EV guidelines.
> Or they may be better.  Or they may be worse.  It’s up to the WG.
>
>
>
> The same is true of the NCSSRs.  It will be up to the WG what version of
> the NCSSRs they want to enforce, and if they want to add or subtract
> requirements.  I think there will probably be a NCSSR WG that hasn’t been
> chartered yet.  Various CA/Wildcard WGs can adopt and/or modify the NCSSRs
> as they see fit.
>

As mentioned, then, I think this is problematic as a starting point for a
charter.

A good charter - and a good WG - starts with a narrow and defined scope for
a problem that can build momentum, interest, and most importantly, results.
It can then look for improvements and ways to explore. Importantly, this
also helps keep the scope of IP risk - which we know a number of members
are sensitive to. A narrowly defined charter is mindful of folks' time and
effort - it ensures that discussions don't rathole on side-topics when
there's meaningful work to be done.

Obviously, I have concerns with the very fundamental idea of EVG for
S/MIME, but I think those concerns are orthogonal to a more reasonable goal
that seeks to bring stakeholders to the table. I can understand that CAs
may prefer broad scopes, but I again implore you to focus on the
narrowly-defined, widely-agreed problem of the need for S/MIME BRs, to
ensure that any such chair actually keeps discussion focused on that topic,
and to demonstrate that CAs can bring valuable contributions to the table
by focusing on solving real and immediate pressing problems, as the BRs
could, without promoting pet projects.

I can say that these are real challenges to consider in supporting, in that
an overly broad charter - as proposed - suggests that the actual production
and discussion of a meaningful first effort at BRs can and will be derailed
by unrelated and unnecessary side topics.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180517/5b771dba/attachment-0002.html>


More information about the Public mailing list