[cabfpub] Draft SMIME Working Group Charter
sleevi at google.com
Fri Jan 25 18:44:57 UTC 2019
On Fri, Jan 25, 2019 at 1:37 PM Wayne Thayer <wthayer at mozilla.com> wrote:
> I agree that we should exclude identity validation from the initial scope
> of this working group.
> On Fri, Jan 25, 2019 at 10:04 AM Ryan Sleevi via Public <
> public at cabforum.org> wrote:
>> Finally, regarding membership criteria, I'm curious whether it's
>> necessary to consider WebTrust for CAs / ETSI at all. For work like this,
>> would it make sense to merely specify the requirements for a CA as one that
>> is trusted for and actively issues S/MIME certificates that are accepted by
>> a Certificate Consumer. This seems to be widely inclusive and can be
>> iterated upon if/when improved criteria are developed, if appropriate.
>> This would allow a CA that is not eligible for full Forum membership to
> join this WG as a full member. How would that work? Would we require such
> an organization to join the Forum as an Interested Party? If the idea is
> that such an organization wouldn't be required to join the Forum, then I
> don't believe that was anticipated or intended in the design of the current
> structure. It's not clear to me that we should permit membership in a CWG
> without Forum membership. For instance, allowing this may create loopholes
> in the IPR obligations that are defined and administered at the Forum level.
Ah, drat, thanks for pointing that out, Wayne. You're right that the
changes would need to be accompanied by changes the Forum-level bylaws
membership, whether to be more explicit (e.g. government issuers w/ their
own audit frameworks, as an example, such as the FPKI) or more implicitly
inclusive as this proposed. Absent a Bylaw change, it sounds like the most
such folks could achieve would be Interested Party in the CWG. Does that
match your understanding?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public