[cabfpub] Proposed Shanghai Agenda covering audit issues

Sat Sep 22 20:11:48 MST 2018

Kirk,

I appreciate this attempt, but this wasn't what I was requesting. Could you
clarify that you're not willing to schedule the sessions as I'd requested /
and/or appointing other facilitators for those discussions?

I specifically was requesting to present on #1, #2, #3, and #5. I believe
the recordings will show that.

This is a critically important area for Google, and while we welcome
participation, the request for the sessions, as made on the call, stands,
with Google facilitating the discussion.

On Sat, Sep 22, 2018 at 3:19 PM Kirk Hall via Public <public at cabforum.org>
wrote:

> On our SCWG call this week, Ryan, Wayne, and others suggested we take time
> in Shanghai to talk about the audit programs, their different forms of
> audits and reports, their terminology, and problems that browsers are
> encountering.  Wayne also indicated he wanted to discuss an “ideal audit
> life cycle” for a new trusted root from birth to death.  This seems like a
> great topic for us.
>
>
>
> We can also talk about how we want to interpret our current Bylaws Section
> 2.1 on Forum membership requirements – what type of audit reports are
> required, and whether we need to clarify Bylaws clarifications.
>
>
>
> I’ve asked Dimitris to be the Moderator on these topics to make sure we
> stay on schedule and following a logical progression.
>
>
>
> We would still have the regular auditor updates before this discussion –
> that’s just the place where WebTrust and ETSI can give us the most recent
> program news.
>
>
>
> Here is my proposed Agenda breakdown.  Comments are welcome.
>
>
>
> *****
>
>
>
> 1. Types of audits/reports under *WebTrust* and their terminology,
> including new CAs and new audit/report types (Jeff, Don).  A summary
> reference table would be welcome.
>
>
>
> 2. Types of audits/reports under *ETSI* and their terminology, including
> new CAs and new audit/report types (Arno, Clemens).  A summary reference
> table would be welcome.
>
>
>
> [Jeff/Don/Arno/Clemens – do you think you can also prepare a
> summary comparison table of the different WebTrust and ETSI audits and
> reports, showing which are roughly “equivalent”, which are not, and the
> main differences?]
>
>
>
> 3. Problems faced by root programs from existing WebTrust/ETSI reports and
> terminology, including for new CAs (Ryan, Wayne)
>
> ·       Oddball report types received
>
> ·       Common issues/misunderstandings by new CAs
>
> ·       Recommendations on standard terminology to be used (if any)
>
> ·       Recommendation for clarification on audit requirements in
> *current* BRs, root programs to eliminate misunderstandings, adopt common
> terminology
>
>
>
> 4. Ideal audit life cycle – birth to death of a new CA (Wayne – also Ryan,
> or Mike, or Geoff)
>
> ·       Description of ideal cycle (with timelines, multiple use cases) –
> not necessarily what is required today by BRs, WT/ETSI, root programs, but
> what browsers would like to see
>
> ·       Once there is consensus on ideal life cycle, how do we get
> there?  Via BRs or via root programs (or both)?
>
> ·       Proposals for BR amendments to reach ideal life cycle
>
> ·       Do we need to better align BRs and root program rules?
>
>
>
> 5.  Forum membership rules Bylaws Sec. 2.1 (Dimitris)
>
> ·       What does the Forum **want** the audit requirements to be based
> on different level of membership (Associate Member, Member).  See
> https://cabforum.org/pipermail/public/2018-April/013259.html
>
> ·       Potential amendments to Bylaws to clarify audit requirements for
> Associate Member, full Member status.
>
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180922/dc4af71e/attachment-0001.html>