[cabfpub] Public Digest, Vol 77, Issue 81
Ryan Sleevi
sleevi at google.com
Fri Sep 14 15:52:17 MST 2018
You are correct that it's deeply concerning if there can be a Subcommittee
that *doesn't* take minutes. A good ballot for such a subcommittee would
affirm its commitment to running in such a way that reduces that risk, so
that it's easy to support.
On Fri, Sep 14, 2018 at 6:34 PM Geoff Keating <geoffk at apple.com> wrote:
> I think we’re in agreement as to the effect of not having minutes on the
> IPR policy.
>
> I don’t believe anyone is proposing a subcommittee charter which
> *prevents* it from having minutes. So, perhaps if you’re concerned that a
> subcommittee might not have the standard of minute-taking that you would
> like, you could offer to take minutes for that subcommittee? My experience
> is that such an offer is usually received with gratitude!
>
> On Sep 14, 2018, at 2:04 PM, Ryan Sleevi via Public <public at cabforum.org>
> wrote:
>
> Please review section 8 of the IPR policy with your legal counsel, Tim,
> particularly around what constitutes a "Contribution"
>
> On Fri, Sep 14, 2018 at 4:52 PM Tim Hollebeek <tim.hollebeek at digicert.com>
> wrote:
>
>> We have the protections in the IPR policy, because we have the IPR
>> policy. To be clear, the existence or absence of minutes does not in any
>> way affect the IPR policy, and there’s no text in the Bylaws or IPR policy
>> that suggests that it does.
>>
>>
>>
>> -Tim
>>
>>
>>
>> *From:* Public <public-bounces at cabforum.org> *On Behalf Of *Ryan Sleevi
>> via Public
>> *Sent:* Friday, September 14, 2018 4:41 PM
>> *To:* Virginia Fournier <vfournier at apple.com>; CABFPub <
>> public at cabforum.org>
>> *Subject:* Re: [cabfpub] Public Digest, Vol 77, Issue 81
>>
>>
>>
>> Virginia,
>>
>>
>>
>> I do not understand how that position is at all consistent with our
>> bylaws with respect to IP risk. If we have Subcommittees without the
>> requirement to maintain or produce minutes, how could we possibly hope to
>> have the IP protections afforded by our policy?
>>
>>
>>
>> On Fri, Sep 14, 2018 at 4:32 PM Virginia Fournier via Public <
>> public at cabforum.org> wrote:
>>
>> It would be great if the people who continually complain that the Bylaws
>> don’t contain x, or took away y, would actively participate in the process
>> to create new versions of the Bylaws. The version of the Bylaws creating
>> CWGs and their Subcommittees was developed over more than a year, with
>> ample time for review, comment, revision, rinse and repeat.
>>
>>
>>
>> The Bylaws say that "each CWG may establish any number of subcommittees
>> within its own Working Group to address any of such CWG’s business.”
>> However, there's nothing in the Bylaws that prohibits Subcommittees from
>> having their own mailing lists, minutes, chairs, etc. It looks like
>> Subcommittees have the flexibility to determine how to conduct their own
>> business within the CWG.
>>
>>
>>
>> If a CWG wants a Subcommittee to do something specific (like keep
>> minutes), they can specify that in the CWG charter.
>>
>>
>>
>> Best regards,
>>
>>
>>
>> Virginia Fournier
>>
>> Senior Standards Counsel
>>
>> Apple Inc.
>>
>> ☏ 669-227-9595
>>
>> ✉︎ vmf at apple.com
>>
>>
>>
>>
>>
>>
>>
>> On Sep 14, 2018, at 9:29 AM, public-request at cabforum.org wrote:
>>
>>
>>
>> Send Public mailing list submissions to
>> public at cabforum.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> https://cabforum.org/mailman/listinfo/public
>> or, via email, send a message with subject or body 'help' to
>> public-request at cabforum.org
>>
>> You can reach the person managing the list at
>> public-owner at cabforum.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Public digest..."
>>
>>
>> Today's Topics:
>>
>> 1. Re: Ballot SC10 ? Establishing the Network Security
>> Subcommittee of the SCWG (Ryan Sleevi)
>> 2. Re: Ballot SC10 ? Establishing the Network Security
>> Subcommittee of the SCWG (Tim Hollebeek)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Fri, 14 Sep 2018 12:19:24 -0400
>> From: Ryan Sleevi <sleevi at google.com>
>> To: Tim Hollebeek <tim.hollebeek at digicert.com>
>> Cc: CABFPub <public at cabforum.org>
>> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
>> Subcommittee of the SCWG
>> Message-ID:
>> <CACvaWvboDx1ec0bVXRnx7Eik3tgB8efxeQv06J_qYZKt7Czpzg at mail.gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Subcommittees don't have requirements for minutes or publicly-available
>> notes.
>>
>> That's the point. All this thinking about subcommittees working "just
>> like"
>> LWGs is not the case. All of that was lost from the Bylaws. A subcommittee
>> can just be two people having a chat, at least as written in the Bylaws
>> today.
>>
>> There's nothing stating subcommittees work with their own mailing lists,
>> for example, in the way our old bylaws did. There's nothing establishing
>> chairs or charters or deliverables. It's a one-off note.
>>
>> That's the point.
>>
>> On Fri, Sep 14, 2018 at 12:13 PM Tim Hollebeek <
>> tim.hollebeek at digicert.com>
>> wrote:
>>
>>
>> Collaborating outside of a subcommittee has a bunch of drawbacks,
>> including a complete lack of public transparency and much weaker IPR
>> protections.
>>
>>
>>
>> In my opinion, there?s already way, way too much going on in private that
>> would be better handled in subcommittees where everyone can participate
>> and
>> there are publicly available notes.
>>
>>
>>
>> -Tim
>>
>>
>>
>> *From:* Public <public-bounces at cabforum.org> *On Behalf Of *Wayne Thayer
>> via Public
>> *Sent:* Thursday, September 13, 2018 7:11 PM
>> *To:* Ryan Sleevi <sleevi at google.com>; CA/Browser Forum Public Discussion
>> List <public at cabforum.org>
>> *Subject:* Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
>> Subcommittee of the SCWG
>>
>>
>>
>> Would it be helpful to take a step back and propose an amendment to the
>> Bylaws or SCWG charter that addresses Subcommittees in sufficient detail?
>> I
>> would be willing to work on that. Meanwhile, if the Network Security WG
>> left some urgent work unfinished, nothing prevents SCWG members from
>> collaborating outside of the Subcommittee structure.
>>
>>
>>
>> On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <
>> public at cabforum.org> wrote:
>>
>> I think that, without incorporating or responding to feedback, we will be
>> opposed to this ballot. I agree that it's unfortunate we have gotten
>> nowhere - but it's equally unfortunate to have spent two months without
>> responding to any of the substance of the issues. It's great to see
>> progress, but making small steps doesn't excuse leaving glaring issues.
>> It's better to let these fall down than to support them with fundamental
>> flaws.
>>
>>
>>
>> Concrete feedback is:
>>
>> Delete: "These renewed NCSSR documents will serve CAs, auditors and
>> browsers in giving a state of the art set of rules for the deployment and
>> operation of CAs computing infrastructures."
>>
>> Rationale: That presumes this output will be valid/valuable.
>>
>>
>>
>> Delete: "The Subcommittee may choose its own initial Chair."
>>
>> Rationale: Subcommittees don't have Chairs and votes. They're just
>> meetings of the CWG with focus.
>>
>>
>>
>> Delete: "The Network Security Subcommittee shall produce one or more
>> documents offering options to the Forum for establishing minimal security
>> standards within the scope defined above, which may be used to modify the
>> existing NCSSRs."
>>
>> Rationale: This is a pretty much a non-scope as worded, but worse,
>> precludes some of the very activities you want to do. For example,
>> reforming existing requirements doesn't establish minimums, so is out of
>> scope.
>>
>>
>>
>> Obviously, that leaves you with nothing left. Hopefully there's something
>> concrete you think should remain, and you can suggest improvements there.
>>
>>
>>
>>
>>
>>
>>
>> On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <Kirk.Hall at entrustdatacard.com>
>> wrote:
>>
>> On this ballot and Ballot SC10, I?m only going to consider comments and
>> criticisms that propose specific alternate language that you will support.
>> We have spent two months on creation of Subcommittees that simply continue
>> the work we have been doing., and getting nowhere. Time to finish up!
>>
>>
>>
>> Do you have specific alternate ballot language you want the Members to
>> consider? If so, please post.
>>
>>
>>
>> *From:* Ryan Sleevi [mailto:sleevi at google.com]
>> *Sent:* Thursday, September 13, 2018 2:55 PM
>> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CABFPub <
>> public at cabforum.org>
>> *Subject:* [EXTERNAL]Re: [cabfpub] Ballot SC10 ? Establishing the Network
>> Security Subcommittee of the SCWG
>>
>>
>>
>> On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <public at cabforum.org
>> >
>> wrote:
>>
>> *Scope: *Revising and improving the Network and Certificate Systems
>> Security Requirements (NCSSRs).
>>
>>
>> *Out of Scope: *No provision.
>>
>> *Deliverables: *The Network Security Subcommittee shall produce one or
>> more documents offering options to the Forum for establishing minimal
>> security standards within the scope defined above, which may be used to
>> modify the existing NCSSRs. These renewed NCSSR documents will serve CAs,
>> auditors and browsers in giving a state of the art set of rules for the
>> deployment and operation of CAs computing infrastructures. The
>> Subcommittee may choose its own initial Chair.
>>
>>
>>
>> Is this Deliverable correct? Is that scope correct? The previous WG
>> produced (only after significant prodding) a statement about 'options' -
>> which was to modifying the existing NCSSRs. It seems like we're talking
>> now
>> about concrete recommendations for changes, and it seems more relevant to
>> note what is in scope or out of scope.
>>
>>
>>
>> I disagree that the deliverable affirmatively stating "will serve CA,
>> auditors, and browsers".
>>
>>
>>
>> However, there's other, more fundamental problems. Most notable is that
>> Subcommittees aren't established to have Chairs - the point of the rework
>> of the Bylaws was to make it clearer what activities are done and how they
>> fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The
>> other is that the SCWG does not yet have a defined process for the
>> establishment of subcommittees.
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://cabforum.org/pipermail/public/attachments/20180914/7203cd81/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Fri, 14 Sep 2018 16:29:38 +0000
>> From: Tim Hollebeek <tim.hollebeek at digicert.com>
>> To: Ryan Sleevi <sleevi at google.com>
>> Cc: CABFPub <public at cabforum.org>
>> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
>> Subcommittee of the SCWG
>> Message-ID:
>> <
>> BN6PR14MB11066D38B44B3BF97D0857D883190 at BN6PR14MB1106.namprd14.prod.outlook.com
>> >
>>
>> Content-Type: text/plain; charset="utf-8"
>>
>> My ballot that I didn?t get around to writing would have had something
>> like:
>>
>>
>>
>> ?The current Bylaws lack clarity and precision about the functioning of
>> subcommittees. Until such a time as that is corrected, subcommittees
>> created from LWGs shall operate in the same manner as pre-governance reform
>> working groups.?
>>
>>
>>
>> Would that help?
>>
>>
>>
>> -Tim
>>
>>
>>
>> P.S. I asked the Validation WG chair if the Validation Subcommittee would
>> continue using the validation mailing list, and continue to produce agendas
>> and minutes, and he said yes.
>>
>>
>>
>> From: Ryan Sleevi <sleevi at google.com>
>> Sent: Friday, September 14, 2018 12:19 PM
>> To: Tim Hollebeek <tim.hollebeek at digicert.com>
>> Cc: Wayne Thayer <wthayer at mozilla.com>; CABFPub <public at cabforum.org>
>> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
>> Subcommittee of the SCWG
>>
>>
>>
>> Subcommittees don't have requirements for minutes or publicly-available
>> notes.
>>
>>
>>
>> That's the point. All this thinking about subcommittees working "just
>> like" LWGs is not the case. All of that was lost from the Bylaws. A
>> subcommittee can just be two people having a chat, at least as written in
>> the Bylaws today.
>>
>>
>>
>> There's nothing stating subcommittees work with their own mailing lists,
>> for example, in the way our old bylaws did. There's nothing establishing
>> chairs or charters or deliverables. It's a one-off note.
>>
>>
>>
>> That's the point.
>>
>>
>>
>> On Fri, Sep 14, 2018 at 12:13 PM Tim Hollebeek <
>> tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> > wrote:
>>
>> Collaborating outside of a subcommittee has a bunch of drawbacks,
>> including a complete lack of public transparency and much weaker IPR
>> protections.
>>
>>
>>
>> In my opinion, there?s already way, way too much going on in private that
>> would be better handled in subcommittees where everyone can participate and
>> there are publicly available notes.
>>
>>
>>
>> -Tim
>>
>>
>>
>> From: Public <public-bounces at cabforum.org <mailto:
>> public-bounces at cabforum.org> > On Behalf Of Wayne Thayer via Public
>> Sent: Thursday, September 13, 2018 7:11 PM
>> To: Ryan Sleevi <sleevi at google.com <mailto:sleevi at google.com> >;
>> CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:
>> public at cabforum.org> >
>> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
>> Subcommittee of the SCWG
>>
>>
>>
>> Would it be helpful to take a step back and propose an amendment to the
>> Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I
>> would be willing to work on that. Meanwhile, if the Network Security WG
>> left some urgent work unfinished, nothing prevents SCWG members from
>> collaborating outside of the Subcommittee structure.
>>
>>
>>
>> On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <
>> public at cabforum.org <mailto:public at cabforum.org> > wrote:
>>
>> I think that, without incorporating or responding to feedback, we will be
>> opposed to this ballot. I agree that it's unfortunate we have gotten
>> nowhere - but it's equally unfortunate to have spent two months without
>> responding to any of the substance of the issues. It's great to see
>> progress, but making small steps doesn't excuse leaving glaring issues.
>> It's better to let these fall down than to support them with fundamental
>> flaws.
>>
>>
>>
>> Concrete feedback is:
>>
>> Delete: "These renewed NCSSR documents will serve CAs, auditors and
>> browsers in giving a state of the art set of rules for the deployment and
>> operation of CAs computing infrastructures."
>>
>> Rationale: That presumes this output will be valid/valuable.
>>
>>
>>
>> Delete: "The Subcommittee may choose its own initial Chair."
>>
>> Rationale: Subcommittees don't have Chairs and votes. They're just
>> meetings of the CWG with focus.
>>
>>
>>
>> Delete: "The Network Security Subcommittee shall produce one or more
>> documents offering options to the Forum for establishing minimal security
>> standards within the scope defined above, which may be used to modify the
>> existing NCSSRs."
>>
>> Rationale: This is a pretty much a non-scope as worded, but worse,
>> precludes some of the very activities you want to do. For example,
>> reforming existing requirements doesn't establish minimums, so is out of
>> scope.
>>
>>
>>
>> Obviously, that leaves you with nothing left. Hopefully there's something
>> concrete you think should remain, and you can suggest improvements there.
>>
>>
>>
>>
>>
>>
>>
>> On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <Kirk.Hall at entrustdatacard.com
>> <mailto:Kirk.Hall at entrustdatacard.com> > wrote:
>>
>> On this ballot and Ballot SC10, I?m only going to consider comments and
>> criticisms that propose specific alternate language that you will support.
>> We have spent two months on creation of Subcommittees that simply continue
>> the work we have been doing., and getting nowhere. Time to finish up!
>>
>>
>>
>> Do you have specific alternate ballot language you want the Members to
>> consider? If so, please post.
>>
>>
>>
>> From: Ryan Sleevi [mailto:sleevi at google.com <mailto:sleevi at google.com> ]
>> Sent: Thursday, September 13, 2018 2:55 PM
>> To: Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:
>> Kirk.Hall at entrustdatacard.com> >; CABFPub <public at cabforum.org <mailto:
>> public at cabforum.org> >
>> Subject: [EXTERNAL]Re: [cabfpub] Ballot SC10 ? Establishing the Network
>> Security Subcommittee of the SCWG
>>
>>
>>
>> On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <public at cabforum.org
>> <mailto:public at cabforum.org> > wrote:
>>
>> Scope: Revising and improving the Network and Certificate Systems
>> Security Requirements (NCSSRs).
>>
>>
>> Out of Scope: No provision.
>>
>> Deliverables: The Network Security Subcommittee shall produce one or more
>> documents offering options to the Forum for establishing minimal security
>> standards within the scope defined above, which may be used to modify the
>> existing NCSSRs. These renewed NCSSR documents will serve CAs, auditors and
>> browsers in giving a state of the art set of rules for the deployment and
>> operation of CAs computing infrastructures. The Subcommittee may choose
>> its own initial Chair.
>>
>>
>>
>> Is this Deliverable correct? Is that scope correct? The previous WG
>> produced (only after significant prodding) a statement about 'options' -
>> which was to modifying the existing NCSSRs. It seems like we're talking now
>> about concrete recommendations for changes, and it seems more relevant to
>> note what is in scope or out of scope.
>>
>>
>>
>> I disagree that the deliverable affirmatively stating "will serve CA,
>> auditors, and browsers".
>>
>>
>>
>> However, there's other, more fundamental problems. Most notable is that
>> Subcommittees aren't established to have Chairs - the point of the rework
>> of the Bylaws was to make it clearer what activities are done and how they
>> fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The
>> other is that the SCWG does not yet have a defined process for the
>> establishment of subcommittees.
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org <mailto:Public at cabforum.org>
>> https://cabforum.org/mailman/listinfo/public
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.html
>> >
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: smime.p7s
>> Type: application/pkcs7-signature
>> Size: 4940 bytes
>> Desc: not available
>> URL: <
>> http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.p7s
>> >
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>>
>>
>> ------------------------------
>>
>> End of Public Digest, Vol 77, Issue 81
>> **************************************
>>
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>>
>> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180914/909b9db3/attachment-0001.html>
More information about the Public
mailing list