[cabfpub] Bylaws: Update Membership Criteria (section 2.1)
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Fri Feb 8 17:42:45 UTC 2019
On 8/2/2019 6:34 μ.μ., Ryan Sleevi wrote:
>
>
> On Fri, Feb 8, 2019 at 3:19 AM Dimitris Zacharopoulos (HARICA) via
> Public <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>
>
> I made the following updates in addition to Wayne's:
>
> * Added a process for Interested Party application to CWGs as it
> seemed to be missing from the Bylaws. The only reference we
> currently have is on the web site
> (https://cabforum.org/email-lists/).
> * For the Server Certificate Working Group membership criteria,
> I tried to align with section 8.4 of the BRs.
>
> I'm hoping this is unintentional, but this is not a good change. This
> has been discussed repeatedly in the Forum, and moving to a more
> restrictive policy for membership in the charter has been regularly
> rejected.
I don't recall Members being against it for membership criteria, because
it was discussed in the past without objections. This was for
consistency with ETSI because ETSI EN 319 411-1 includes the baseline
requirements and network security guidelines where WebTrust for CAs does
not. This change better aligns the two schemes and was discussed in
ballot 223
<https://cabforum.org/2018/05/16/ballot-223-update-br-section-8-4-for-caaudit-criteria/>.
Do other Members have similar concerns with this issue? I would
appreciate it if others can also state their objection and concerns with
this change.
>
> My hope is that, as proposer of those changes on the doc, you can go
> through and reject them or update them to ensure that our current
> approach for the SCWG remains as is.
Can you explain why there should be a difference between the Baseline
Requirements section 8.4 and the server certificate working group
membership criteria? Since these are accepted in the BRs, it makes sense
to me to also be updated in the Membership criteria for the Server
Certificate Working Group.
>
> * On the last call, we also agreed to add sample Membership
> criteria to the new Working Group Charter section. I added a
> simplified version of criteria based on section 8.4 of the
> BRs, including Government internal audit schemes that might
> also be acceptable for the S/MIME Working Group.
>
> The problem with lifting this text, as is, is that it relies on
> definitions from the BRs not present within charters. For example, the
> interchangability of "Government CA" / "Government Certificate Issuer"
> are in no way defined.
The same applies to Qualified Auditor but it has not been a problem.
Would you like to propose an improvement that addresses this issue?
Would the use of "Government CA" be clearer for people to understand
what we mean? I left it because it could be useful for the S/MIME
charter discussion. It certainly looks better to me than the current
language that only accepts ETSI and WebTrust.
> * Following the example of moving the membership criteria to the
> CWG Charters, I moved the "end membership" section to the
> Server Certificate Working Group Charter AND the template for
> new WG Charters. I believe that there was agreement that each
> Working Group should determine their own rules for ending
> Working Group membership, similar to determining the criteria
> for joining a working group.
>
> Similarly, the prospects of ending membership are not well-aligned
> with a generic charter.
It's a proposed language, members that draft charters can use this
particular template language or not. The same applies for Membership
criteria. Improvements are always welcome.
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20190208/f3766f83/attachment-0003.html>
More information about the Public
mailing list