[cabfpub] Ballot Forum-11: Creation of S/MIME Certificates Working Group

Ryan Sleevi sleevi at google.com
Wed Feb 5 23:34:26 UTC 2020


Just to make sure the timing is accurate:

2018-05 - Tim Hollebeek circulates a draft charter, largely modeled after
the code signing charter [1].
2018-06 - F2F 44 provides significant discussion on this issue and the
potential concerns. [2]
2018-07 - Ballot 208 [3] is finalized, which sets forth the requirements
for creating new CWG charters.
2018-10 - F2F 45 reiterates the concerns previously raised [4], with the
conclusion being


>    - Ben – It sounds like the initial charter should focus on three
>    aspects: profile, identity validation of email and identity (host and local
>    part), and private key protection.
>    - Kirk Hall, Entrust – Is that enough to start drafting a charter?
>    - Ben – Yes, I can start a charter based on those three principles.
>
> 2019-01 - Ben Wilson circulates an updated draft for feedback [5]. This
draft is substantially more expansive, due to the changes in Ballot 206.
2019-03 - F2F 46 is held in Cupertino. While the minutes show [6] there is
still scope issue, a clear and viable path forward, previously raised, is
reiterated.

Dean – We have a blank slate here and it seems the reluctance was to make
> it a narrow scope and then focus on either one aspect of SMIME. First task
> might be how to validate an email, and then focus on identity validation.
> Some comments were to make the chart narrow to focus on one task while
> others say to include all proposed tasks to not have to recharter which has
> caused issues in the past.
>

2019-06 - F2F 47 is held in Thessaloniki [7], where again we discuss the
same topic.
2019-12 - Tim circulates the first draft version [8], the week before
Christmas. This is the first version that has been circulated since Ben
Wilson's 2019-01 version. Feedback is provided by Wayne [9] to be addressed.
2019-01 - Tim starts the discussion period for this ballot [10]

I highlight this timeline, because it does seem somewhat concerning that
after significant good faith effort to discuss the issues, these are
seemingly intentionally ignored in forcing a vote that intentionally
ignores feedback during the discussion period [11]. For example, [10]
represents the first time of seeing any draft on how the concerns were
raised. Given the significant beneficial edits proposed by Apple, for
example, Google did not submit its many procedural and practical concerns
with the draft language, on the hope that there would be a good faith
effort to engage with and discuss these issues.

It's equally concerning that the effort and time spent in communicating on
the previous draft, in [5], was entirely ignored in [8], which entirely
precipitated the issues in [9]. Substantive issues, such as those raised in
[12], were entirely ignored, and are largely orthogonal to the debate about
identity but to the very core of the charter.

I can understand that, if the view is we are at an impasse, then rough
consensus is a path forward. However, it remains deeply disappointing that
it seems that virtually all feedback, from a variety of participants, has
been ignored, as shown through the minutes and the past proposed changes.
That does not seem to be in the spirit of what you've suggested the intent
is.

[1] https://cabforum.org/pipermail/public/2018-May/013400.html
[2]
https://cabforum.org/2018/06/06/minutes-for-ca-browser-forum-f2f-meeting-44-london-6-7-june-2018/
[3]
https://cabforum.org/2018/04/03/ballot-206-amendment-to-ipr-policy-bylaws-re-working-group-formation/

[4]
https://cabforum.org/2018/10/18/minutes-for-ca-browser-forum-f2f-meeting-45-shanghai-17-18-october-2018/#6-Creation-of-additional-Working-Groups---Secure-Mail-Other
[5] https://cabforum.org/pipermail/public/2019-January/014517.html
[6]
https://cabforum.org/2019/05/03/minutes-for-ca-browser-forum-f2f-meeting-46-cupertino-12-14-march-2019/#Creation-of-additional-Working-Groups---Secure-Mail
[7]
https://cabforum.org/2019/08/16/minutes-for-ca-browser-forum-f2f-meeting-47-thessaloniki-12-13-june-2019/#Creation-of-Additional-Groups---Secure-Mail
[8] https://cabforum.org/pipermail/public/2019-December/014838.html
[9] https://cabforum.org/pipermail/public/2019-December/014839.html
[10] https://cabforum.org/pipermail/public/2020-January/014852.html
[11] https://cabforum.org/pipermail/public/2020-February/014865.html
[12] https://cabforum.org/pipermail/public/2019-January/014521.html

On Wed, Feb 5, 2020 at 5:45 PM Wayne Thayer <wthayer at gmail.com> wrote:

> Based on my recollection of the Guangzhou discussion, and supported by the
> minutes, the "path forward agreed to in Guangzhou" was that we would take
> this charter to a ballot without further attempts to resolve the issue of
> including identity in the charter's scope. There does not appear to be a
> path to consensus on this issue, despite the considerable amount of time
> spent discussing it. I'm unhappy with this approach, but as one of the
> endorsers, I don't see an alternative other than "take it to a vote" that
> gets this much-needed WG formed any time soon.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20200205/f15a51e7/attachment-0003.html>


More information about the Public mailing list