[cabfpub] Draft SMIME Working Group Charter

Wayne Thayer wthayer at mozilla.com
Fri Jan 25 12:05:30 MST 2019 

On Fri, Jan 25, 2019 at 11:45 AM Ryan Sleevi <sleevi at google.com> wrote:

>
> On Fri, Jan 25, 2019 at 1:37 PM Wayne Thayer <wthayer at mozilla.com> wrote:
>
>> I agree that we should exclude identity validation from the initial scope
>> of this working group.
>>
>> On Fri, Jan 25, 2019 at 10:04 AM Ryan Sleevi via Public <
>> public at cabforum.org> wrote:
>>
>>>
>>> Finally, regarding membership criteria, I'm curious whether it's
>>> necessary to consider WebTrust for CAs / ETSI at all. For work like this,
>>> would it make sense to merely specify the requirements for a CA as one that
>>> is trusted for and actively issues S/MIME certificates that are accepted by
>>> a Certificate Consumer. This seems to be widely inclusive and can be
>>> iterated upon if/when improved criteria are developed, if appropriate.
>>>
>>> This would allow a CA that is not eligible for full Forum membership to
>> join this WG as a full member. How would that work? Would we require such
>> an organization to join the Forum as an Interested Party? If the idea is
>> that such an organization wouldn't be required to join the Forum, then I
>> don't believe that was anticipated or intended in the design of the current
>> structure. It's not clear to me that we should permit membership in a CWG
>> without Forum membership. For instance, allowing this may create loopholes
>> in the IPR obligations that are defined and administered at the Forum level.
>>
>
> Ah, drat, thanks for pointing that out, Wayne. You're right that the
> changes would need to be accompanied by changes the Forum-level bylaws
> membership, whether to be more explicit (e.g. government issuers w/ their
> own audit frameworks, as an example, such as the FPKI) or more implicitly
> inclusive as this proposed. Absent a Bylaw change, it sounds like the most
> such folks could achieve would be Interested Party in the CWG. Does that
> match your understanding?
>

I'm not aware of anything that requires membership in a CWG to be at a
level equivalent to that of the Forum, but I do think that is the intent of
the bylaws. There may be no harm in having an Interested Party at the Forum
level be a full member of a CWG, but I think it would be best for that to
be clarified in the bylaws before creating a CWG with looser membership
criteria than the Forum.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20190125/0bbf7696/attachment.html>

More information about the Public mailing list