[cabfpub] Ballot FORUM-12: Creation of S/MIME Certificates Working Group

Wed May 20 15:18:37 MST 2020

On Fri, May 15, 2020 at 2:20 PM Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:

> I’m willing to drop the scope statement based on Thursday’s discussion and
> the addition of the paragraph I suggested to the introduction, which
> describes much of the same thing in a form that seems more acceptable to
> most.  Clint and Wayne, are you ok with that?
>
>
>
> On the subject of redlines, //github_redline_guide is not normative, so I
> disagree that it is not a valid Ballot.  But that’s not really important,
> because I’m more than happy to improve the ballot by fixing the link.
>

While I realize we end up frequently discussing this, I think you may have
missed that this was a different scenario than you may have realized.

If your ballot had included the full text, then I agree, the redline link
was not normative. However, your ballot just pointed to a link, and so that
made the link itself normative. The contents of the link were not actually
a charter, they were just a few edits. That's why it wasn't really a
"Ballot".

This is easily fixed in the next run. You can paste the full text, as I
think you're one of the folks who still prefers to do so, despite the
risks, or you could provide the full link to all the edits, which will at
least include a "full charter". Just a single commit on its own, or "as of
this revision", can end up being ambiguous :) In the future, the
infrastructure WG efforts will certainly make this easier, and it's not
difficult to imagine an easy "create a ballot for me" that provides the
PDF, docx, and patch file and stable link, so appreciate your patience :)

> Assuming Clint and Wayne sign off, please merge the change, and I’ll
> update the ballot.
>

One more set of issues, now that scope has been finalized, that came up on
another review cycle: https://github.com/sleevi/cabforum-docs/pull/22/files

>
>
> -Tim
>
>
>
> *From:* Ryan Sleevi <sleevi at google.com>
> *Sent:* Wednesday, May 13, 2020 5:44 PM
> *To:* Tim Hollebeek <tim.hollebeek at digicert.com>; CABforum1 <
> public at cabforum.org>
> *Subject:* Re: [cabfpub] Ballot FORUM-12: Creation of S/MIME Certificates
> Working Group
>
>
>
>
>
>
>
> On Wed, May 13, 2020 at 5:18 PM Tim Hollebeek via Public <
> public at cabforum.org> wrote:
>
> Upon approval of the CAB Forum by ballot in accordance with section 5.3 of
> the Bylaws, the S/MIME Certificates Working Group (“SMWG”) is created to
> perform the activities as specified in the Charter, with the Charter as
> described here (
> https://github.com/cabforum/documents/pull/167/commits/2aa376c06b45146249d0cc6b8cc5d42d08ccb177
> ).
>
>
>
> Just to be clear: This link doesn't match the link for a valid proposal,
> so I don't think this is a valid Ballot yet.
> https://wiki.cabforum.org/github_redline_guide is helpful, but any
> suggestions for improvements are welcome.
>
>
>
> The immutable link is
> https://github.com/cabforum/documents/compare/6e0b8e61590164eb2d686ddcf266b189f46fc636...2aa376c06b45146249d0cc6b8cc5d42d08ccb177
>
>
>
> The pull request is still https://github.com/cabforum/documents/pull/167
>
>
>
> Again, our concern is that the statement that "non-publicly trusted S/MIME
> certificates are out of scope" accomplishes nothing valuable, and causes
> real harm. That is, either it fails to keep anything out of scope due to
> its definition, OR limits the discussion to being impossible to introduce
> any new requirements due to, by definition, anything not in the existing
> documents is out of scope. Neither of these scenarios are good, and the
> risk of harm outweighs any benefits. We remain committed to trying to work
> with you and understand your goals, to find language that better captures
> those goals without the problematic ambiguity and harm of what's being
> proposed.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20200520/e2e2dbc6/attachment-0001.html>