[cabfpub] Final Minutes for CA/Browser Forum Teleconference - November 14, 2019
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Thu Dec 12 22:25:26 UTC 2019
These are the final Minutes of the Teleconference described in the
subject of this message.
Attendees (in alphabetical order)
Adam Clark (Visa), Ben Wilson (Digicert), Chris Kemmerer (SSL.com),
Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos
(HARICA), Dustin Hollenback (Microsoft), Eva Vansteenberge (GlobalSign),
Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), Janet
Hines (SecureTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems),
Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Mads
Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft),
Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter
Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan
Sleevi (Google), Scott Rea (Dark Matter), Shelley Brewer (Digicert), Tim
Hollebeek (Digicert), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera
Software AS), Trevoli Ponds-White (Amazon), Vincent Lynch (Digicert),
Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
Minutes
1. Roll Call
The Chair took attendance.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
No changes to the agenda.
4. Discuss Action Items from the recent F2F 48 meeting
Infrastructure Subcommittee
* Jos and Ryan will continue to work on a ballot to make the BRs
"pandoc friendly"
o As discussed in the SCWG meeting, this is work in progress, Jos
is waiting for SC23 and SC24 to be merged in the master branch
of GitHub, rebase and update the proposed changes.
* Trev to investigate about allowing incoming/outgoing SMTP traffic to
new VMs
o Trev confirmed the action item.
* Someone (?) to plan for Etherpad installation for next F2F
o Jos volunteered to work on this task
S/MIME WG
* Someone (?) to draft and send the charter based on the F2F
discussion. Unfortunately the minutes are missing and the recording
is not available yet.
o Tim mentioned that a couple of people are working on a charter
and he hopes to be able to send a draft out today.
Photo Policy
* Dimitris to finalize the draft proposal and describe the red/dark
blue lanyard colors to indicate
additional-privacy/no-additional-privacy request.
* Ryan to propose language improvements for the "attribution" to IETF.
Issues with Bylaws
* Dimitris to propose text for Bylaws so that each Member
participating in a Working Group to designate voting
representatives. If a Member wants to designate different
representatives for the Forum level compared to the Working Group
level, they can do so. Only votes from official representatives will
count. Each voting representative may extend or restrict the set of
voting members. Voting representatives can also be introduced or
removed by a Member's legal (or properly delegated) representative.
o Dimitris to prepare some draft language in the following weeks.
o Tim mentioned that Digicert is not necessarily opposed to this
language but during the F2F discussion there were some members
who expressed the opinion that this is more of a problem with an
organization that may be having trouble controlling who votes
for their organization. This seems to be more of a Member-type
of problem rather than a CA/B Forum problem. Ryan asked if
Digicert could share some information about the change of
opinion on this subject and Tim replied that there are concerns
that this process of introducing this language and clarifying
will take time. If this can get quickly resolved, that's worth
doing. But there are concerns that it might take more than it's
worth. This is trying to solve a problem that the Forum has not
experienced before.
o Dimitris responded that different opinions were heard at the F2F
and hopefully have been captured in the minutes, we may not
reach a full agreement on this topic but he will make an effort
to write a proposal and send it out to see if it works for
everyone. He also added that this problem will become more
important as the Forum grows.
Who signs the IPR Agreement
* Dimitris (and Ryan?) to describe the scenario where the CA/B Forum
receives an application from a CA, which is the "Owner", but that CA
uses a different Legal Entity as the CA "Operator". The "Operator"
is the one likely to participate in CA/B Forum activities and likely
to "Contribute". The safe approach is to require both Legal Entities
to sign the IPR Agreement.
o Draft language in the Bylaws to give guidance for this
particular scenario because we had it more than once. It
shouldn't be too hard to describe this. Ryan agreed it should be
trivial to describe what happens when a Member delegates
participation or the operations of their CA and also voting. We
could imagine a scenario where the Policy Management Authority
controls the voting rights and delegates the other operations
and participation. We could allow this flexibility if this is
combined with the previous discussion about voting representatives.
o Dimitris and Ryan can continue this offline and work on this
language.
o There was some additional discussion about current Forum
examples of Members with delegated partners (Network Solutions -
Sectigo, FPKI - delegated contractors, etc).
Concept of member
* Ryan to work with counsel to identify inconsistencies.
* Ben recommended to go through the Bylaws/IPR Policy and flag
instances that contain inconsistencies. Actions?
o Ryan mentioned that this is a similar problem as the problem
with the legal representatives.
o Ben was not sure if it was the same thing but he noticed that we
don't have a "member agreement" but just an "IPR agreement"
which may not bind a Member to the Bylaws. Ryan replied that
this should probably not lead in creating a new membership
agreement document. Tim mentioned that this could be an
"interesting" area because the IPR Policy is mentioned in the
Bylaws and if there is no legally-binding process for the
Members to follow the Bylaws it would lead into "interesting"
situations. Ryan replied that by binding a Member to the IPR
Policy, automatically binds them with the Bylaws. It might be a
lot to unpack on this call and suggested we either discuss at
the next call or on the list. Dimitris recommended that we hold
off on opening this topic and work with other action items with
more priority. This won't go away from the list of issues.
Time requirements for CAs as Associate Members
* Dimitris to describe a process to evaluate CAs that are Associate
Members once a year. There is no need to change the Bylaws but we
should try to have a clear process to implement the policy
requirement to review CAs that are in the Associate Member category.
o There were some good suggestions from Jos.
5. Any Other Business
Dean reminded Members and Associate Members to vote on Doug's Doodle
poll for the Fall 2020 F2F meeting. Dimitris also reminded people to
register for the Bratislava meeting.
Finally, Jos mentioned that the Infrastructure Subcommittee meeting
invitate was just sent out to 6-7 participants that were active in
previous meetings. If anyone is interested in attending the
subcommittee's activities, he will post the meeting information on the wiki.
6. Next call
December 12, 2019 at 11:00 am Eastern Time.
Adjourned
*F2F Meeting Schedule: *
* 2020: Feb18-20 Bratislava (Disig), June – Minneapolis (OATI),
October – Tokyo (GlobalSign)
* 2021: Feb-March Dubai (DarkMatter), May 25-27 Poland
(Asseco-Certum), October - San Jose, CA or RTP, NC (Cisco)
* 2022: Mar-April New Delhi / Bengaluru (e-Mudhra), June - [Open],
October [Open]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20191213/d81d0ba2/attachment-0002.html>
More information about the Public
mailing list