[cabfpub] Creation of S/MIME Certificates Working Group
Clint Wilson
clintw at apple.com
Thu Mar 12 02:30:26 UTC 2020
Hello all,
I’ve attached below an updated draft charter which addresses the concerns I raised previously, especially with regards to section 4.2.3. There are additionally changes seeking to address Tim and Ryan’s comments/responses below and a few minor updates that seemed warranted as I went through another comprehensive review of the document. For each area changed, there is a corresponding comment; if anything is unclear, please let me know and I’d be happy to address.
Thank you for your patience and understanding in getting this back to the group. Have a great evening!
-Clint
> On Feb 18, 2020, at 1:57 PM, Ryan Sleevi via Public <public at cabforum.org> wrote:
>
>
>
> On Tue, Feb 18, 2020 at 1:57 PM Tim Hollebeek via Public <public at cabforum.org <mailto:public at cabforum.org>> wrote:
> Automatic cessation of membership
> The balloted wording around software update cadences introduces some precision/definition issues that would likely prove troublesome in and of themselves.
> While some of those issues could be addressed through wordsmithing, the entire precept that membership may be automatically removed based on various conditions (both for Certificate Consumers and Issuers) is itself problematic and I think an area rife for improvement (both here and in other charters).
> REJECT: The language is consistent with the language in the other working group charters. Introducing new inconsistencies in this charter would be confusing for all involved. If Apple believes these provisions are problematic, potential improvements should be discussed an applied across all chartered working groups.
>
>
> I'm not quite sure I understand this rationale, could you explain more.
>
> Why does this charter need to follow the SCWG/CSWG charter? Who is "all involved" that would be confused?
>
> It seems very valuable to learn from mistakes and concerns and address them, but perhaps I'm overlooking something?
>
> Invalid membership requirements/processes
> I think Ryan Sleevi has explained most of this better than I could, so I’ll refer to his message instead: https://cabforum.org/pipermail/public/2020-February/014874.html <https://cabforum.org/pipermail/public/2020-February/014874.html>.
> I looked, but failed to find information as to how mail transfer agents consume S/MIME certificates. However, since it’s included in the ballot I can only conclude that the proposer has relevant and detailed insight into how and why this is a valid categorization for Certificate Consumers and had hoped to be pointed to that information so as to better understand the scope of this proposed CWG.
> REJECT: This was discussed extensively during the governance reform process, and the current procedures were deemed to be sufficient. This charter simply follows those precedents. Indeed, two other chartered working groups were successfully bootstrapped already.
>
>
> I understand one group was the Code Signing Working Group, which perhaps did not have careful or close review from all Forum members due to the explicit lack of intent to participate in the venue or fundamental disagreements about the working group objectives.
>
> However, I'm not sure, what's the other Chartered Working Group you're thinking of? The SCWG explicitly did not follow this process, as part of the Legacy Working Group transition, and so I'm not sure what the other CWG is that avoided this?
>
> Also, while I agree that this was discussed extensively, I must respectfully disagree that the "current procedures were deemed to be sufficient". The current (proposed) procedures were known to be problematic in bootstrapping, something we discussed, and something we knew we could avoid by defining an open and welcoming charter. This WG does not seem to set out to do this.
>
> In all fairness, this seems a repeat of the same issues the bedeviled, and nearly derailed, the Forum in it's first start. The attempt to exclude some CAs, via narrowly and restrictively scoped membership, nearly resulted in the implosion of the Forum, as the management@ archives from 2009 show. Ultimately, it was the Forum's rejection of such exclusionary attempts that helped grow the membership. In particular, it was DigiCert who some were trying to prevent from joining the Forum, so it would be unfortunate to have DigiCert repeat that same process.
>
> I'm hoping you're open to addressing these issues, but I don't think we can support the charter without this issue being addressed.
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20200311/1eaae15b/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SMIME Charter 2020-03-02_ctw.pages
Type: application/octet-stream
Size: 927559 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20200311/1eaae15b/attachment-0002.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20200311/1eaae15b/attachment-0005.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3621 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20200311/1eaae15b/attachment-0002.p7s>
More information about the Public
mailing list