[cabfpub] Final Minutes for CA/Browser Forum Teleconference - November 14, 2019

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Dec 12 15:25:26 MST 2019


These are the final Minutes of the Teleconference described in the 
subject of this message.


    Attendees (in alphabetical order)

Adam Clark (Visa), Ben Wilson (Digicert), Chris Kemmerer (SSL.com), 
Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos 
(HARICA), Dustin Hollenback (Microsoft), Eva Vansteenberge (GlobalSign), 
Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), Janet 
Hines (SecureTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), 
Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Mads 
Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), 
Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter 
Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan 
Sleevi (Google), Scott Rea (Dark Matter), Shelley Brewer (Digicert), Tim 
Hollebeek (Digicert), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera 
Software AS), Trevoli Ponds-White (Amazon), Vincent Lynch (Digicert), 
Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).


    Minutes


      1. Roll Call

The Chair took attendance.


      2. Read Antitrust Statement

The Antitrust Statement was read.


      3. Review Agenda

No changes to the agenda.


      4. Discuss Action Items from the recent F2F 48 meeting

Infrastructure Subcommittee

  * Jos and Ryan will continue to work on a ballot to make the BRs
    "pandoc friendly"
      o As discussed in the SCWG meeting, this is work in progress, Jos
        is waiting for SC23 and SC24 to be merged in the master branch
        of GitHub, rebase and update the proposed changes.
  * Trev to investigate about allowing incoming/outgoing SMTP traffic to
    new VMs
      o Trev confirmed the action item.
  * Someone (?) to plan for Etherpad installation for next F2F
      o Jos volunteered to work on this task

S/MIME WG

  * Someone (?) to draft and send the charter based on the F2F
    discussion. Unfortunately the minutes are missing and the recording
    is not available yet.
      o Tim mentioned that a couple of people are working on a charter
        and he hopes to be able to send a draft out today.

Photo Policy

  * Dimitris to finalize the draft proposal and describe the red/dark
    blue lanyard colors to indicate
    additional-privacy/no-additional-privacy request.
  * Ryan to propose language improvements for the "attribution" to IETF.

Issues with Bylaws

  * Dimitris to propose text for Bylaws so that each Member
    participating in a Working Group to designate voting
    representatives. If a Member wants to designate different
    representatives for the Forum level compared to the Working Group
    level, they can do so. Only votes from official representatives will
    count. Each voting representative may extend or restrict the set of
    voting members. Voting representatives can also be introduced or
    removed by a Member's legal (or properly delegated) representative.
      o Dimitris to prepare some draft language in the following weeks.
      o Tim mentioned that Digicert is not necessarily opposed to this
        language but during the F2F discussion there were some members
        who expressed the opinion that this is more of a problem with an
        organization that may be having trouble controlling who votes
        for their organization. This seems to be more of a Member-type
        of problem rather than a CA/B Forum problem. Ryan asked if
        Digicert could share some information about the change of
        opinion on this subject and Tim replied that there are concerns
        that this process of introducing this language and clarifying
        will take time. If this can get quickly resolved, that's worth
        doing. But there are concerns that it might take more than it's
        worth. This is trying to solve a problem that the Forum has not
        experienced before.
      o Dimitris responded that different opinions were heard at the F2F
        and hopefully have been captured in the minutes, we may not
        reach a full agreement on this topic but he will make an effort
        to write a proposal and send it out to see if it works for
        everyone. He also added that this problem will become more
        important as the Forum grows.

Who signs the IPR Agreement

  * Dimitris (and Ryan?) to describe the scenario where the CA/B Forum
    receives an application from a CA, which is the "Owner", but that CA
    uses a different Legal Entity as the CA "Operator". The "Operator"
    is the one likely to participate in CA/B Forum activities and likely
    to "Contribute". The safe approach is to require both Legal Entities
    to sign the IPR Agreement.
      o Draft language in the Bylaws to give guidance for this
        particular scenario because we had it more than once. It
        shouldn't be too hard to describe this. Ryan agreed it should be
        trivial to describe what happens when a Member delegates
        participation or the operations of their CA and also voting. We
        could imagine a scenario where the Policy Management Authority
        controls the voting rights and delegates the other operations
        and participation. We could allow this flexibility if this is
        combined with the previous discussion about voting representatives.
      o Dimitris and Ryan can continue this offline and work on this
        language.
      o There was some additional discussion about current Forum
        examples of Members with delegated partners (Network Solutions -
        Sectigo, FPKI - delegated contractors, etc).

Concept of member

  * Ryan to work with counsel to identify inconsistencies.
  * Ben recommended to go through the Bylaws/IPR Policy and flag
    instances that contain inconsistencies. Actions?
      o Ryan mentioned that this is a similar problem as the problem
        with the legal representatives.
      o Ben was not sure if it was the same thing but he noticed that we
        don't have a "member agreement" but just an "IPR agreement"
        which may not bind a Member to the Bylaws. Ryan replied that
        this should probably not lead in creating a new membership
        agreement document. Tim mentioned that this could be an
        "interesting" area because the IPR Policy is mentioned in the
        Bylaws and if there is no legally-binding process for the
        Members to follow the Bylaws it would lead into "interesting"
        situations. Ryan replied that by binding a Member to the IPR
        Policy, automatically binds them with the Bylaws. It might be a
        lot to unpack on this call and suggested we either discuss at
        the next call or on the list. Dimitris recommended that we hold
        off on opening this topic and work with other action items with
        more priority. This won't go away from the list of issues.

Time requirements for CAs as Associate Members

  * Dimitris to describe a process to evaluate CAs that are Associate
    Members once a year. There is no need to change the Bylaws but we
    should try to have a clear process to implement the policy
    requirement to review CAs that are in the Associate Member category.
      o There were some good suggestions from Jos.


      5. Any Other Business


Dean reminded Members and Associate Members to vote on Doug's Doodle 
poll for the Fall 2020 F2F meeting. Dimitris also reminded people to 
register for the Bratislava meeting.

Finally, Jos mentioned that the Infrastructure Subcommittee meeting 
invitate was just sent out to 6-7 participants that were active in 
previous meetings. If anyone is interested in attending the 
subcommittee's activities, he will post the meeting information on the wiki.


      6. Next call

December 12, 2019 at 11:00 am Eastern Time.


      Adjourned


      *F2F Meeting Schedule: *

  * 2020: Feb18-20 Bratislava (Disig), June – Minneapolis (OATI),
    October – Tokyo (GlobalSign)
  * 2021: Feb-March Dubai (DarkMatter), May 25-27 Poland
    (Asseco-Certum), October - San Jose, CA or RTP, NC (Cisco)
  * 2022: Mar-April New Delhi / Bengaluru (e-Mudhra), June - [Open],
    October [Open]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20191213/d81d0ba2/attachment.html>


More information about the Public mailing list