[cabfpub] Proposed Shanghai Agenda covering audit issues

Ryan Sleevi sleevi at google.com
Sun Sep 23 18:26:06 UTC 2018

On Sun, Sep 23, 2018 at 1:59 PM Kirk Hall <Kirk.Hall at entrustdatacard.com>

> I believe topic #3 as I have listed it below fairly presents your request
> on the Sept. 20  teleconference call, as it covers what you said you wanted
> to discuss – “Problems faced by root programs from existing WebTrust/ETSI
> reports and terminology.”  You didn’t request #1 or #2 because I was the
> one who thought of adding those segments when drafting the Agenda – this is
> intended as an introduction to existing audit/report types from the people
> who actually run WebTrust and ETSI to help educate the Members in the room
> so they can then fully understand the remaining topics #3 - #5.

Kirk, I do not believe it to be fairly presented. If there is any
confusion, it's no doubt because you were interjecting during my
description of the session to indicate you did not believe it would be
necessary, as you felt it would take "60 seconds, at best".

I felt there was a clear request for a session, of 60 to 90 minutes length,
by Google, to cover these topics. Do you believe that request - the first
thing that was asked for - was unclear? At several times during the call,
you attempted to suggest different topics of discussion, or why you felt
they were not necessary, and again, the request was made.

> You didn’t request #4 – Wayne did that at the WebTrust meeting in San Jose
> on Sept. 11, and I made a note at that time.  So I think it’s appropriate
> to let Wayne present his ideas.
> Finally, while you did raise a different interpretation of our membership
> rules on our Sept. 6 teleconference than we have followed in the past (you
> said you thought a Point in Time audit is enough for a CA applicant to
> qualify for full membership under the current Bylaws, which is not what we
> have done in the past or what the members said they wanted in the Doodle
> poll) I was actually the person who raised the question of what form of
> audit is required for membership during that call.  Because Dimitris will
> be taking over new membership requests in November, it makes sense for him
> to present that issue.

While perhaps that's the case, if you also recall, on our previous call, I
indicated that I have been working with both ETSI and WebTrust to address
the issues arising from your misunderstanding and misrepresentation - of
the Doodle poll and of the respective audits. Happy to revisit that with
you, if you felt it was unclear that this was a topic that Google was
actively working on

> But I will remove Dimitris as a Moderator for the five issues – each
> presenter can be the moderator of his own topic.  And I will remove Wayne
> as a co-presenter with you on #3 and make you sole presenter – but I know
> Wayne also said he was having problems with some forms of audit reports, so
> I hope you will let him add his input during #3.
> If you want to suggest different wording for your #3 below, please let me
> know and I will include it on the Agenda.   How much time would you like
> for this segment?

I again reiterate the request that was made on the call, for 60 - 90
minutes for a session, prior to the discussion about future expectations,
to include both a presentation based on discussions Google has been having
with browser representatives and auditor members, to bring clarity to these

Can you ensure that such a thing is scheduled? Or do you believe your
schedule is the only way to get this on the agenda?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180923/7516ecd6/attachment-0003.html>

More information about the Public mailing list