[cabfpub] Public Digest, Vol 77, Issue 81
Ryan Sleevi
sleevi at google.com
Fri Sep 14 21:04:30 UTC 2018
Please review section 8 of the IPR policy with your legal counsel, Tim,
particularly around what constitutes a "Contribution"
On Fri, Sep 14, 2018 at 4:52 PM Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:
> We have the protections in the IPR policy, because we have the IPR
> policy. To be clear, the existence or absence of minutes does not in any
> way affect the IPR policy, and there’s no text in the Bylaws or IPR policy
> that suggests that it does.
>
>
>
> -Tim
>
>
>
> *From:* Public <public-bounces at cabforum.org> *On Behalf Of *Ryan Sleevi
> via Public
> *Sent:* Friday, September 14, 2018 4:41 PM
> *To:* Virginia Fournier <vfournier at apple.com>; CABFPub <
> public at cabforum.org>
> *Subject:* Re: [cabfpub] Public Digest, Vol 77, Issue 81
>
>
>
> Virginia,
>
>
>
> I do not understand how that position is at all consistent with our bylaws
> with respect to IP risk. If we have Subcommittees without the requirement
> to maintain or produce minutes, how could we possibly hope to have the IP
> protections afforded by our policy?
>
>
>
> On Fri, Sep 14, 2018 at 4:32 PM Virginia Fournier via Public <
> public at cabforum.org> wrote:
>
> It would be great if the people who continually complain that the Bylaws
> don’t contain x, or took away y, would actively participate in the process
> to create new versions of the Bylaws. The version of the Bylaws creating
> CWGs and their Subcommittees was developed over more than a year, with
> ample time for review, comment, revision, rinse and repeat.
>
>
>
> The Bylaws say that "each CWG may establish any number of subcommittees
> within its own Working Group to address any of such CWG’s business.”
> However, there's nothing in the Bylaws that prohibits Subcommittees from
> having their own mailing lists, minutes, chairs, etc. It looks like
> Subcommittees have the flexibility to determine how to conduct their own
> business within the CWG.
>
>
>
> If a CWG wants a Subcommittee to do something specific (like keep
> minutes), they can specify that in the CWG charter.
>
>
>
> Best regards,
>
>
>
> Virginia Fournier
>
> Senior Standards Counsel
>
> Apple Inc.
>
> ☏ 669-227-9595
>
> ✉︎ vmf at apple.com
>
>
>
>
>
>
>
> On Sep 14, 2018, at 9:29 AM, public-request at cabforum.org wrote:
>
>
>
> Send Public mailing list submissions to
> public at cabforum.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://cabforum.org/mailman/listinfo/public
> or, via email, send a message with subject or body 'help' to
> public-request at cabforum.org
>
> You can reach the person managing the list at
> public-owner at cabforum.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Public digest..."
>
>
> Today's Topics:
>
> 1. Re: Ballot SC10 ? Establishing the Network Security
> Subcommittee of the SCWG (Ryan Sleevi)
> 2. Re: Ballot SC10 ? Establishing the Network Security
> Subcommittee of the SCWG (Tim Hollebeek)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 14 Sep 2018 12:19:24 -0400
> From: Ryan Sleevi <sleevi at google.com>
> To: Tim Hollebeek <tim.hollebeek at digicert.com>
> Cc: CABFPub <public at cabforum.org>
> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
> Subcommittee of the SCWG
> Message-ID:
> <CACvaWvboDx1ec0bVXRnx7Eik3tgB8efxeQv06J_qYZKt7Czpzg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Subcommittees don't have requirements for minutes or publicly-available
> notes.
>
> That's the point. All this thinking about subcommittees working "just like"
> LWGs is not the case. All of that was lost from the Bylaws. A subcommittee
> can just be two people having a chat, at least as written in the Bylaws
> today.
>
> There's nothing stating subcommittees work with their own mailing lists,
> for example, in the way our old bylaws did. There's nothing establishing
> chairs or charters or deliverables. It's a one-off note.
>
> That's the point.
>
> On Fri, Sep 14, 2018 at 12:13 PM Tim Hollebeek <tim.hollebeek at digicert.com
> >
> wrote:
>
>
> Collaborating outside of a subcommittee has a bunch of drawbacks,
> including a complete lack of public transparency and much weaker IPR
> protections.
>
>
>
> In my opinion, there?s already way, way too much going on in private that
> would be better handled in subcommittees where everyone can participate and
> there are publicly available notes.
>
>
>
> -Tim
>
>
>
> *From:* Public <public-bounces at cabforum.org> *On Behalf Of *Wayne Thayer
> via Public
> *Sent:* Thursday, September 13, 2018 7:11 PM
> *To:* Ryan Sleevi <sleevi at google.com>; CA/Browser Forum Public Discussion
> List <public at cabforum.org>
> *Subject:* Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
> Subcommittee of the SCWG
>
>
>
> Would it be helpful to take a step back and propose an amendment to the
> Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I
> would be willing to work on that. Meanwhile, if the Network Security WG
> left some urgent work unfinished, nothing prevents SCWG members from
> collaborating outside of the Subcommittee structure.
>
>
>
> On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <
> public at cabforum.org> wrote:
>
> I think that, without incorporating or responding to feedback, we will be
> opposed to this ballot. I agree that it's unfortunate we have gotten
> nowhere - but it's equally unfortunate to have spent two months without
> responding to any of the substance of the issues. It's great to see
> progress, but making small steps doesn't excuse leaving glaring issues.
> It's better to let these fall down than to support them with fundamental
> flaws.
>
>
>
> Concrete feedback is:
>
> Delete: "These renewed NCSSR documents will serve CAs, auditors and
> browsers in giving a state of the art set of rules for the deployment and
> operation of CAs computing infrastructures."
>
> Rationale: That presumes this output will be valid/valuable.
>
>
>
> Delete: "The Subcommittee may choose its own initial Chair."
>
> Rationale: Subcommittees don't have Chairs and votes. They're just
> meetings of the CWG with focus.
>
>
>
> Delete: "The Network Security Subcommittee shall produce one or more
> documents offering options to the Forum for establishing minimal security
> standards within the scope defined above, which may be used to modify the
> existing NCSSRs."
>
> Rationale: This is a pretty much a non-scope as worded, but worse,
> precludes some of the very activities you want to do. For example,
> reforming existing requirements doesn't establish minimums, so is out of
> scope.
>
>
>
> Obviously, that leaves you with nothing left. Hopefully there's something
> concrete you think should remain, and you can suggest improvements there.
>
>
>
>
>
>
>
> On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <Kirk.Hall at entrustdatacard.com>
> wrote:
>
> On this ballot and Ballot SC10, I?m only going to consider comments and
> criticisms that propose specific alternate language that you will support.
> We have spent two months on creation of Subcommittees that simply continue
> the work we have been doing., and getting nowhere. Time to finish up!
>
>
>
> Do you have specific alternate ballot language you want the Members to
> consider? If so, please post.
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Thursday, September 13, 2018 2:55 PM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CABFPub <
> public at cabforum.org>
> *Subject:* [EXTERNAL]Re: [cabfpub] Ballot SC10 ? Establishing the Network
> Security Subcommittee of the SCWG
>
>
>
> On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <public at cabforum.org>
> wrote:
>
> *Scope: *Revising and improving the Network and Certificate Systems
> Security Requirements (NCSSRs).
>
>
> *Out of Scope: *No provision.
>
> *Deliverables: *The Network Security Subcommittee shall produce one or
> more documents offering options to the Forum for establishing minimal
> security standards within the scope defined above, which may be used to
> modify the existing NCSSRs. These renewed NCSSR documents will serve CAs,
> auditors and browsers in giving a state of the art set of rules for the
> deployment and operation of CAs computing infrastructures. The
> Subcommittee may choose its own initial Chair.
>
>
>
> Is this Deliverable correct? Is that scope correct? The previous WG
> produced (only after significant prodding) a statement about 'options' -
> which was to modifying the existing NCSSRs. It seems like we're talking now
> about concrete recommendations for changes, and it seems more relevant to
> note what is in scope or out of scope.
>
>
>
> I disagree that the deliverable affirmatively stating "will serve CA,
> auditors, and browsers".
>
>
>
> However, there's other, more fundamental problems. Most notable is that
> Subcommittees aren't established to have Chairs - the point of the rework
> of the Bylaws was to make it clearer what activities are done and how they
> fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The
> other is that the SCWG does not yet have a defined process for the
> establishment of subcommittees.
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cabforum.org/pipermail/public/attachments/20180914/7203cd81/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Fri, 14 Sep 2018 16:29:38 +0000
> From: Tim Hollebeek <tim.hollebeek at digicert.com>
> To: Ryan Sleevi <sleevi at google.com>
> Cc: CABFPub <public at cabforum.org>
> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
> Subcommittee of the SCWG
> Message-ID:
> <
> BN6PR14MB11066D38B44B3BF97D0857D883190 at BN6PR14MB1106.namprd14.prod.outlook.com
> >
>
> Content-Type: text/plain; charset="utf-8"
>
> My ballot that I didn?t get around to writing would have had something
> like:
>
>
>
> ?The current Bylaws lack clarity and precision about the functioning of
> subcommittees. Until such a time as that is corrected, subcommittees
> created from LWGs shall operate in the same manner as pre-governance reform
> working groups.?
>
>
>
> Would that help?
>
>
>
> -Tim
>
>
>
> P.S. I asked the Validation WG chair if the Validation Subcommittee would
> continue using the validation mailing list, and continue to produce agendas
> and minutes, and he said yes.
>
>
>
> From: Ryan Sleevi <sleevi at google.com>
> Sent: Friday, September 14, 2018 12:19 PM
> To: Tim Hollebeek <tim.hollebeek at digicert.com>
> Cc: Wayne Thayer <wthayer at mozilla.com>; CABFPub <public at cabforum.org>
> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
> Subcommittee of the SCWG
>
>
>
> Subcommittees don't have requirements for minutes or publicly-available
> notes.
>
>
>
> That's the point. All this thinking about subcommittees working "just
> like" LWGs is not the case. All of that was lost from the Bylaws. A
> subcommittee can just be two people having a chat, at least as written in
> the Bylaws today.
>
>
>
> There's nothing stating subcommittees work with their own mailing lists,
> for example, in the way our old bylaws did. There's nothing establishing
> chairs or charters or deliverables. It's a one-off note.
>
>
>
> That's the point.
>
>
>
> On Fri, Sep 14, 2018 at 12:13 PM Tim Hollebeek <tim.hollebeek at digicert.com
> <mailto:tim.hollebeek at digicert.com> > wrote:
>
> Collaborating outside of a subcommittee has a bunch of drawbacks,
> including a complete lack of public transparency and much weaker IPR
> protections.
>
>
>
> In my opinion, there?s already way, way too much going on in private that
> would be better handled in subcommittees where everyone can participate and
> there are publicly available notes.
>
>
>
> -Tim
>
>
>
> From: Public <public-bounces at cabforum.org <mailto:
> public-bounces at cabforum.org> > On Behalf Of Wayne Thayer via Public
> Sent: Thursday, September 13, 2018 7:11 PM
> To: Ryan Sleevi <sleevi at google.com <mailto:sleevi at google.com> >;
> CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:
> public at cabforum.org> >
> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
> Subcommittee of the SCWG
>
>
>
> Would it be helpful to take a step back and propose an amendment to the
> Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I
> would be willing to work on that. Meanwhile, if the Network Security WG
> left some urgent work unfinished, nothing prevents SCWG members from
> collaborating outside of the Subcommittee structure.
>
>
>
> On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <
> public at cabforum.org <mailto:public at cabforum.org> > wrote:
>
> I think that, without incorporating or responding to feedback, we will be
> opposed to this ballot. I agree that it's unfortunate we have gotten
> nowhere - but it's equally unfortunate to have spent two months without
> responding to any of the substance of the issues. It's great to see
> progress, but making small steps doesn't excuse leaving glaring issues.
> It's better to let these fall down than to support them with fundamental
> flaws.
>
>
>
> Concrete feedback is:
>
> Delete: "These renewed NCSSR documents will serve CAs, auditors and
> browsers in giving a state of the art set of rules for the deployment and
> operation of CAs computing infrastructures."
>
> Rationale: That presumes this output will be valid/valuable.
>
>
>
> Delete: "The Subcommittee may choose its own initial Chair."
>
> Rationale: Subcommittees don't have Chairs and votes. They're just
> meetings of the CWG with focus.
>
>
>
> Delete: "The Network Security Subcommittee shall produce one or more
> documents offering options to the Forum for establishing minimal security
> standards within the scope defined above, which may be used to modify the
> existing NCSSRs."
>
> Rationale: This is a pretty much a non-scope as worded, but worse,
> precludes some of the very activities you want to do. For example,
> reforming existing requirements doesn't establish minimums, so is out of
> scope.
>
>
>
> Obviously, that leaves you with nothing left. Hopefully there's something
> concrete you think should remain, and you can suggest improvements there.
>
>
>
>
>
>
>
> On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <Kirk.Hall at entrustdatacard.com
> <mailto:Kirk.Hall at entrustdatacard.com> > wrote:
>
> On this ballot and Ballot SC10, I?m only going to consider comments and
> criticisms that propose specific alternate language that you will support.
> We have spent two months on creation of Subcommittees that simply continue
> the work we have been doing., and getting nowhere. Time to finish up!
>
>
>
> Do you have specific alternate ballot language you want the Members to
> consider? If so, please post.
>
>
>
> From: Ryan Sleevi [mailto:sleevi at google.com <mailto:sleevi at google.com> ]
> Sent: Thursday, September 13, 2018 2:55 PM
> To: Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:
> Kirk.Hall at entrustdatacard.com> >; CABFPub <public at cabforum.org <mailto:
> public at cabforum.org> >
> Subject: [EXTERNAL]Re: [cabfpub] Ballot SC10 ? Establishing the Network
> Security Subcommittee of the SCWG
>
>
>
> On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <public at cabforum.org
> <mailto:public at cabforum.org> > wrote:
>
> Scope: Revising and improving the Network and Certificate Systems Security
> Requirements (NCSSRs).
>
>
> Out of Scope: No provision.
>
> Deliverables: The Network Security Subcommittee shall produce one or more
> documents offering options to the Forum for establishing minimal security
> standards within the scope defined above, which may be used to modify the
> existing NCSSRs. These renewed NCSSR documents will serve CAs, auditors and
> browsers in giving a state of the art set of rules for the deployment and
> operation of CAs computing infrastructures. The Subcommittee may choose
> its own initial Chair.
>
>
>
> Is this Deliverable correct? Is that scope correct? The previous WG
> produced (only after significant prodding) a statement about 'options' -
> which was to modifying the existing NCSSRs. It seems like we're talking now
> about concrete recommendations for changes, and it seems more relevant to
> note what is in scope or out of scope.
>
>
>
> I disagree that the deliverable affirmatively stating "will serve CA,
> auditors, and browsers".
>
>
>
> However, there's other, more fundamental problems. Most notable is that
> Subcommittees aren't established to have Chairs - the point of the rework
> of the Bylaws was to make it clearer what activities are done and how they
> fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The
> other is that the SCWG does not yet have a defined process for the
> establishment of subcommittees.
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org <mailto:Public at cabforum.org>
> https://cabforum.org/mailman/listinfo/public
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.html
> >
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/pkcs7-signature
> Size: 4940 bytes
> Desc: not available
> URL: <
> http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.p7s
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
> ------------------------------
>
> End of Public Digest, Vol 77, Issue 81
> **************************************
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180914/1ad4deb5/attachment-0003.html>
More information about the Public
mailing list