[cabfpub] [EXTERNAL]Re: Draft Bylaws 5.6 - Subcommittees of the CA/Browser Forum

Mon Oct 15 23:54:40 MST 2018

Again, I'm afraid you're misunderstanding, but I can hope that members on
the list and following the discussion will not be confused.

I attempted to speak to a concept that you'd relate to. While I personally
have not been in a car accident for the past 10 years, I'm not exempted
from needing car insurance. While I'm sure Entrust Datacard is confident it
has not misissued certificates, the BRs do not exempt CAs from certain
liability requirements. While I haven't had any major medical issues, I
still carry medical insurance.

It would be naieve to think past performance is a predictor of future
success, especially when the Forum has gone "off the rails" several times
in the past - most notably with respect to Code Signing activities.

Large organizations don't count on the goodwill assurances of outgoing
Chairs, as much as that would be so much more convenient. Organizations
take steps to reduce the risk, and much of the adoption and structure of
the new Governance effort was about reducing the risks for members from the
broader scope of activities.

While I might have not been in an accident, that doesn't mean I don't carry
insurance. While CAs may not have (ever) paid out on a liability claim, we
still seemingly require them to carry such insurance. Just because I've
never fallen off the Sydney Harbour Bridge doesn't mean I wouldn't wear a
safety harness. And in the case of large organizations, steps are taken to
reduce the potential of IP exposure, even if everyone pinky promises to be
nice.

On Tue, Oct 16, 2018 at 2:41 AM Kirk Hall <Kirk.Hall at entrustdatacard.com>
wrote:

> No, I have never made any such assumptions.  You seem to think that Forum
> subcommittees will go “wild” – but there’s nothing in the Forum’s last 13
> years to suggest that will happen.
>
>
>
> Remember this – if all governance changes are pushed to a new Chartered
> Working Group, the WG itself could go “crazy” just the same as a
> Subcommittee of the Forum could go “crazy” (extremely unlikely) – but the
> CWG actually can’t **do** anything.  It can’t draft and vote on its own
> WG ballots to change the Bylaws.  Instead, the WG can only forward draft
> ballots to change the Bylaws to the Forum itself, where the ballot votes
> would occur.
>
>
>
> So even if Google protected itself from “unsafe” things by choosing not to
> participate in a new Governance Working Group – you would be in the boat
> anyway just as soon as the Governance WG sends its draft ballot to the
> Forum for a vote – whether or not Google votes, Google is “participating”
> in the vote at the Forum level and so will be exposed to whatever IP risk
> exists (I think there is none – there has never been IP risk in the past to
> Forum members from Bylaws changes).  In other words, Google is no safer
> from an IP perspective if governance / Bylaw changes occur in a Working
> Group versus in a Subcommittee of the Forum.
>
>
>
> However, if you have specific examples or analysis that shows greater risk
> from Bylaws changes drafted in a Subcommittee versus drafted in a WG (where
> the actual ballot is voted on at the Forum level in both cases), I would be
> interested to hear them.
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Tuesday, October 16, 2018 2:01 PM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>
> *Cc:* CABFPub <public at cabforum.org>
> *Subject:* Re: [EXTERNAL]Re: [cabfpub] Draft Bylaws 5.6 - Subcommittees
> of the CA/Browser Forum
>
>
>
> I'm afraid this misunderstands part of the concern.
>
>
>
> I believe we've reasonably established that you believe that
> "Subcommittees of the Forum" will only talk about "safe" topics, and
> therefore, you're asking for specific examples of how talking about
> something "safe" would be problematic. You're failing to recognize,
> however, that there's nothing guaranteeing the discussions are "safe" -
> that's what I was referring to as "risk" in my prior message. It seems,
> based on my understanding of your replies, that you believe there to be no
> "risk" because you only imagine things to be talked about as being "safe".
> I'm highlighting, however, that there's no innate guarantee around that -
> which is why there exist more compelling alternatives to guarantee that,
> and reduce the risk of talking about something "not safe", through the
> structure of the WG.
>
>
>
> On Tue, Oct 16, 2018 at 1:47 AM Kirk Hall <Kirk.Hall at entrustdatacard.com>
> wrote:
>
> Can you give some specific examples of how changing the Forum’s Bylaws or
> putting up a new Forum website or wiki would raise IP issues, and require a
> Review Period by all Participants, etc.  These do not affect Guidelines,
> which is the only way that IP issues arise in the Forum.
>
>
>
> Can you provide one concrete example to help everyone understand what your
> concern is?  Maybe I will change my mind and come over to your position if
> you can provide examples.  Has Google itself done an assessment when it
> comes to Bylaws changes and the website and wiki and the IP problems that
> will result?  If so, can you share?
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Tuesday, October 16, 2018 1:23 PM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>
> *Cc:* CABFPub <public at cabforum.org>
> *Subject:* [EXTERNAL]Re: [cabfpub] Draft Bylaws 5.6 - Subcommittees of
> the CA/Browser Forum
>
>
>
> On Tue, Oct 16, 2018 at 1:12 AM Kirk Hall <Kirk.Hall at entrustdatacard.com>
> wrote:
>
> I think you are mistaken in your first point – there were several people
> who spoke in favor of keeping governance change issues at the Forum level
> in some way (e.g. an informal group Forum members working together, or a
> “Committee of the Whole” of the Forum working on these issues at the Forum
> level – like we did this morning.  So there are multiple opinions on the
> best way to move forward.
>
>
>
> I don’t understand your second question at all – what do you mean by
> “assessment” and “implications”?  It seems my draft language addresses your
> concern that this subcommittee could create IP and/or become implicated
> with the IPR Agreement – it can’t and it won’t.  As you know, when we have
> changed Bylaws in the past and updated our website and wiki, there have
> never been IP issues and never a need for IPR Agreement review.  Can you
> clarify with your own assessments and implications from simply allowing
> Subcommittees that don’t work on Guidelines?
>
>
>
> Thank you for confirming that Entrust Datacard has not evaluated or
> otherwise assessed your claim that there are no IP issues. I think it may
> have been clearer to simply state that, rather than to attempt to deflect
> it with a question.
>
>
>
> As you know, and as has been discussed, one of the ways to reduce the risk
> of potential IP issues is to limit the scope of broad Forum level
> discussions to as minimal amount as needed to function. Indeed, an ideal
> result for the Forum activities at large - to ensure there's limited risk -
> is that the only Forum activities are to vote. That is, to even limit the
> discussions involved as much as possible. Your path creates a significant
> risk for broader, Forum level discussions and brainstorming that can easily
> lead to members introducing new risks, just as members have introduced
> proposals that raise concerns about the Antitrust Statement.
>
>
>
> I can understand that some members have faith that these issues are purely
> hypothetical. Another name for pure hypotheticals is risk, and risks can be
> mitigated. It may be that you disagree on the degree of risk. That's
> perhaps not surprising, as your reply makes it clear you've not yet
> assessed that risk. Other solutions were offered that would minimize risk.
> If you don't believe there's risk, there's no harm. If you do believe
> there's risk, this can address. It seems like there are solutions that are
> win/win for everyone, and it does not seem like this is one. But then
> again, that may only be obvious once you take time to assess the risk.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20181016/6fd7061d/attachment.html>