[cabfpub] Draft SMIME Working Group Charter

[Ryan Sleevi]

On Fri, Jan 25, 2019 at 1:37 PM Wayne Thayer <wthayer at mozilla.com> wrote:

> I agree that we should exclude identity validation from the initial scope
> of this working group.
>
> On Fri, Jan 25, 2019 at 10:04 AM Ryan Sleevi via Public <
> public at cabforum.org> wrote:
>
>>
>> Finally, regarding membership criteria, I'm curious whether it's
>> necessary to consider WebTrust for CAs / ETSI at all. For work like this,
>> would it make sense to merely specify the requirements for a CA as one that
>> is trusted for and actively issues S/MIME certificates that are accepted by
>> a Certificate Consumer. This seems to be widely inclusive and can be
>> iterated upon if/when improved criteria are developed, if appropriate.
>>
>> This would allow a CA that is not eligible for full Forum membership to
> join this WG as a full member. How would that work? Would we require such
> an organization to join the Forum as an Interested Party? If the idea is
> that such an organization wouldn't be required to join the Forum, then I
> don't believe that was anticipated or intended in the design of the current
> structure. It's not clear to me that we should permit membership in a CWG
> without Forum membership. For instance, allowing this may create loopholes
> in the IPR obligations that are defined and administered at the Forum level.
>

Ah, drat, thanks for pointing that out, Wayne. You're right that the
changes would need to be accompanied by changes the Forum-level bylaws
membership, whether to be more explicit (e.g. government issuers w/ their
own audit frameworks, as an example, such as the FPKI) or more implicitly
inclusive as this proposed. Absent a Bylaw change, it sounds like the most
such folks could achieve would be Interested Party in the CWG. Does that
match your understanding?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20190125/2f984f67/attachment.html>