[cabfpub] Bylaws: Update Membership Criteria (section 2.1)

[Wayne Thayer]

On today's call we discussed a number of changes to the bylaws aimed at
clarifying the rules for membership. The proposal for section 2.1(a)(1)
resulting from today's discussion is:

Certificate Issuer: The member organization operates a certification
> authority that has a publicly-available audit report or attestation
> statement that meets the following requirements:
> * Is based on the full, current version of the WebTrust for CAs, ETSI EN
> 319 411-1 , or ETSI EN 319 411-2 audit criteria
> * Covers a period of at least 60 days
> * Covers a period that ends within the past 15 months
> * Was prepared by a properly-Qualified Auditor
>
> In addition, the member organization is a member of a CWG, and actively
> issues certificates to end entities, such certificates being treated as
> valid by a Certificate Consumer Member. Applicants that are not actively
> issuing certificates but otherwise meet membership criteria may be granted
> Associate Member status under Bylaw Sec. 3.1 for a period of time to be
> designated by the Forum.
>

Similar changes would be made to 2.1(a)(2) for Root Certificate Issuers.

The question of requiring period-of-time audits was left unresolved on
today's call. I have included the requirement here because the results of a
straw poll conducted earlier this year [1] indicated strong support for
such a requirement.

Comments?

One additional question on this section that we didn't get to on the call
is the vague requirement for "actively" issuing certificates. Should we
remove the word "actively" and change the final sentence to allow Associate
member status for organizations with a point-in-time audit?

Thanks,

Wayne

[1] https://cabforum.org/pipermail/public/2018-April/013259.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20190124/c1b2ae07/attachment-0002.html>