[cabfpub] For Discussion: S/MIME Working Group Charter

Fri May 18 01:06:25 UTC 2018

One of the companies that disagrees with you is Google.

-Tim

From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Thursday, May 17, 2018 8:53 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] For Discussion: S/MIME Working Group Charter

On Thu, May 17, 2018 at 8:12 PM, Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> > wrote:

I agree that “web-based mail” may be problematic.  That’s why I went with S/MIME.  I was just throwing it out there, because of the popularity of things like, say, GMail :)

While this doesn't really answer the question in a way that helps further the discussion, it sounds like we're in agreement that the answer is no, "web-based mail" has no place in the charter because it's a concept without any defined relation to any of the rest of the proposed charter. These were the sort of things I was raising as concerns in rushed proposals of charters - and is exactly why these sorts of thing take time.

Also, the S/MIME EV Guidelines may be identical to the Web EV guidelines.  Or they may be better.  Or they may be worse.  It’s up to the WG.

The same is true of the NCSSRs.  It will be up to the WG what version of the NCSSRs they want to enforce, and if they want to add or subtract requirements.  I think there will probably be a NCSSR WG that hasn’t been chartered yet.  Various CA/Wildcard WGs can adopt and/or modify the NCSSRs as they see fit.

As mentioned, then, I think this is problematic as a starting point for a charter.

A good charter - and a good WG - starts with a narrow and defined scope for a problem that can build momentum, interest, and most importantly, results. It can then look for improvements and ways to explore. Importantly, this also helps keep the scope of IP risk - which we know a number of members are sensitive to. A narrowly defined charter is mindful of folks' time and effort - it ensures that discussions don't rathole on side-topics when there's meaningful work to be done.

Obviously, I have concerns with the very fundamental idea of EVG for S/MIME, but I think those concerns are orthogonal to a more reasonable goal that seeks to bring stakeholders to the table. I can understand that CAs may prefer broad scopes, but I again implore you to focus on the narrowly-defined, widely-agreed problem of the need for S/MIME BRs, to ensure that any such chair actually keeps discussion focused on that topic, and to demonstrate that CAs can bring valuable contributions to the table by focusing on solving real and immediate pressing problems, as the BRs could, without promoting pet projects.

I can say that these are real challenges to consider in supporting, in that an overly broad charter - as proposed - suggests that the actual production and discussion of a meaningful first effort at BRs can and will be derailed by unrelated and unnecessary side topics.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180518/a9f7c34c/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180518/a9f7c34c/attachment-0003.p7s>