[cabfpub] Final Minutes for CA/Browser Forum Teleconference - November 14, 2019

Jos Purvis (jopurvis) jopurvis at cisco.com
Mon Dec 16 15:14:25 UTC 2019 

Published!


--
Jos Purvis (jopurvis at cisco.com<mailto:jopurvis at cisco.com>)
.:|:.:|:. cisco systems  | Cryptographic Services
PGP: 0xFD802FEE07D19105  | +1 919.991.9114 (desk)


From: Public <public-bounces at cabforum.org> on behalf of CA/B Forum Public List <public at cabforum.org>
Reply-To: "Dimitris Zacharopoulos (HARICA)" <dzacharo at harica.gr>, CA/B Forum Public List <public at cabforum.org>
Date: Thursday, December 12, 2019 at 5:25 PM
To: CA/B Forum Public List <public at cabforum.org>
Subject: [cabfpub] Final Minutes for CA/Browser Forum Teleconference - November 14, 2019


These are the final Minutes of the Teleconference described in the subject of this message.
Attendees (in alphabetical order)
Adam Clark (Visa), Ben Wilson (Digicert), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Microsoft), Eva Vansteenberge (GlobalSign), Huo Haitao (Halton) (360 Browser), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kirk Hall (Entrust Datacard), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Shelley Brewer (Digicert), Tim Hollebeek (Digicert), Timo Schmitt (SwissSign), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Vincent Lynch (Digicert), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
Minutes
1. Roll Call
The Chair took attendance.
2. Read Antitrust Statement
The Antitrust Statement was read.
3. Review Agenda
No changes to the agenda.
4. Discuss Action Items from the recent F2F 48 meeting
Infrastructure Subcommittee

  *   Jos and Ryan will continue to work on a ballot to make the BRs "pandoc friendly"

     *   As discussed in the SCWG meeting, this is work in progress, Jos is waiting for SC23 and SC24 to be merged in the master branch of GitHub, rebase and update the proposed changes.

  *   Trev to investigate about allowing incoming/outgoing SMTP traffic to new VMs

     *   Trev confirmed the action item.

  *   Someone (?) to plan for Etherpad installation for next F2F

     *   Jos volunteered to work on this task
S/MIME WG

  *   Someone (?) to draft and send the charter based on the F2F discussion. Unfortunately the minutes are missing and the recording is not available yet.

     *   Tim mentioned that a couple of people are working on a charter and he hopes to be able to send a draft out today.
Photo Policy

  *   Dimitris to finalize the draft proposal and describe the red/dark blue lanyard colors to indicate additional-privacy/no-additional-privacy request.
  *   Ryan to propose language improvements for the "attribution" to IETF.
Issues with Bylaws

  *   Dimitris to propose text for Bylaws so that each Member participating in a Working Group to designate voting representatives. If a Member wants to designate different representatives for the Forum level compared to the Working Group level, they can do so. Only votes from official representatives will count. Each voting representative may extend or restrict the set of voting members. Voting representatives can also be introduced or removed by a Member's legal (or properly delegated) representative.

     *   Dimitris to prepare some draft language in the following weeks.
     *   Tim mentioned that Digicert is not necessarily opposed to this language but during the F2F discussion there were some members who expressed the opinion that this is more of a problem with an organization that may be having trouble controlling who votes for their organization. This seems to be more of a Member-type of problem rather than a CA/B Forum problem. Ryan asked if Digicert could share some information about the change of opinion on this subject and Tim replied that there are concerns that this process of introducing this language and clarifying will take time. If this can get quickly resolved, that's worth doing. But there are concerns that it might take more than it's worth. This is trying to solve a problem that the Forum has not experienced before.
     *   Dimitris responded that different opinions were heard at the F2F and hopefully have been captured in the minutes, we may not reach a full agreement on this topic but he will make an effort to write a proposal and send it out to see if it works for everyone. He also added that this problem will become more important as the Forum grows.
Who signs the IPR Agreement

  *   Dimitris (and Ryan?) to describe the scenario where the CA/B Forum receives an application from a CA, which is the "Owner", but that CA uses a different Legal Entity as the CA "Operator". The "Operator" is the one likely to participate in CA/B Forum activities and likely to "Contribute". The safe approach is to require both Legal Entities to sign the IPR Agreement.

     *   Draft language in the Bylaws to give guidance for this particular scenario because we had it more than once. It shouldn't be too hard to describe this. Ryan agreed it should be trivial to describe what happens when a Member delegates participation or the operations of their CA and also voting. We could imagine a scenario where the Policy Management Authority controls the voting rights and delegates the other operations and participation. We could allow this flexibility if this is combined with the previous discussion about voting representatives.
     *   Dimitris and Ryan can continue this offline and work on this language.
     *   There was some additional discussion about current Forum examples of Members with delegated partners (Network Solutions - Sectigo, FPKI - delegated contractors, etc).
Concept of member

  *   Ryan to work with counsel to identify inconsistencies.
  *   Ben recommended to go through the Bylaws/IPR Policy and flag instances that contain inconsistencies. Actions?

     *   Ryan mentioned that this is a similar problem as the problem with the legal representatives.
     *   Ben was not sure if it was the same thing but he noticed that we don't have a "member agreement" but just an "IPR agreement" which may not bind a Member to the Bylaws. Ryan replied that this should probably not lead in creating a new membership agreement document. Tim mentioned that this could be an "interesting" area because the IPR Policy is mentioned in the Bylaws and if there is no legally-binding process for the Members to follow the Bylaws it would lead into "interesting" situations. Ryan replied that by binding a Member to the IPR Policy, automatically binds them with the Bylaws. It might be a lot to unpack on this call and suggested we either discuss at the next call or on the list. Dimitris recommended that we hold off on opening this topic and work with other action items with more priority. This won't go away from the list of issues.
Time requirements for CAs as Associate Members

  *   Dimitris to describe a process to evaluate CAs that are Associate Members once a year. There is no need to change the Bylaws but we should try to have a clear process to implement the policy requirement to review CAs that are in the Associate Member category.

     *   There were some good suggestions from Jos.

5. Any Other Business

Dean reminded Members and Associate Members to vote on Doug's Doodle poll for the Fall 2020 F2F meeting. Dimitris also reminded people to register for the Bratislava meeting.

Finally, Jos mentioned that the Infrastructure Subcommittee meeting invitate was just sent out to 6-7 participants that were active in previous meetings. If anyone is interested in attending the subcommittee's activities, he will post the meeting information on the wiki.
6. Next call
December 12, 2019 at 11:00 am Eastern Time.
Adjourned
F2F Meeting Schedule:

  *   2020: Feb 18-20 Bratislava (Disig), June – Minneapolis (OATI), October – Tokyo (GlobalSign)
  *   2021: Feb-March Dubai (DarkMatter), May 25-27 Poland (Asseco-Certum), October - San Jose, CA or RTP, NC (Cisco)
  *   2022: Mar-April New Delhi / Bengaluru (e-Mudhra), June - [Open], October [Open]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20191216/b87c211e/attachment-0003.html>

More information about the Public mailing list