[cabfpub] Bylaws: Update Membership Criteria (section 2.1)

Dean Coclin dean.coclin at digicert.com
Thu Jan 24 18:23:05 UTC 2019


In the past, what we used to check for “actively” issuing certs were some examples of recently issued certs from their roots that have public trust. This was in addition to the audit reqt.

 

From: Public <public-bounces at cabforum.org> On Behalf Of Wayne Thayer via Public
Sent: Thursday, January 24, 2019 1:16 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: [cabfpub] Bylaws: Update Membership Criteria (section 2.1)

 

On today's call we discussed a number of changes to the bylaws aimed at clarifying the rules for membership. The proposal for section 2.1(a)(1) resulting from today's discussion is:

 

Certificate Issuer: The member organization operates a certification authority that has a publicly-available audit report or attestation statement that meets the following requirements:
* Is based on the full, current version of the WebTrust for CAs, ETSI EN 319 411-1 , or ETSI EN 319 411-2 audit criteria
* Covers a period of at least 60 days
* Covers a period that ends within the past 15 months
* Was prepared by a properly-Qualified Auditor

In addition, the member organization is a member of a CWG, and actively issues certificates to end entities, such certificates being treated as valid by a Certificate Consumer Member. Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Sec. 3.1 for a period of time to be designated by the Forum.

 

Similar changes would be made to 2.1(a)(2) for Root Certificate Issuers.

 

The question of requiring period-of-time audits was left unresolved on today's call. I have included the requirement here because the results of a straw poll conducted earlier this year [1] indicated strong support for such a requirement.

 

Comments?

 

One additional question on this section that we didn't get to on the call is the vague requirement for "actively" issuing certificates. Should we remove the word "actively" and change the final sentence to allow Associate member status for organizations with a point-in-time audit?

 

Thanks,

 

Wayne

 

[1] https://cabforum.org/pipermail/public/2018-April/013259.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20190124/f06ac816/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20190124/f06ac816/attachment-0003.p7s>


More information about the Public mailing list