[Servercert-wg] Identity in browser UIs

Ryan Sleevi sleevi at google.com
Thu Nov 7 00:49:13 MST 2019


Let's not confuse descriptive and prescriptive.

What someone has done in the past ("have worked") is not a statement about
what they'll do in the future.

A different way to frame it:
*Members of the CA Browser Forum* *have misissued* *a significant number of
certificates*.

If you read that, one interpretation - the interpretation offered by CAs
that argue that the above sentence in the Bylaws defines the Forum's
purpose - would naturally conclude that similarly, misissuing certificates
is a fundamental purpose of CAs/the CA/Browser Forum. Whether it's in the
Bylaws or not is inconsequential.

Another way to read it, the way I'm sure a number of members would prefer,
is that it's a statement about something that has happened in the past, as
context and explanation, but in no way binds or defines what they will do
in the future. It's descriptive, not prescriptive.

When we say that Members of the CA/Browser Forum *have done *something,
whether in the Bylaws or in a post, we simply describe what they did. Not
what they do, not what they will do, not who they are, and not their raison
d'etre.

On Thu, Nov 7, 2019 at 2:15 AM Kirk Hall via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Two quick responses – it’s not true that Bylaws represent what an
> organization did in the past – Bylaws are a living document specifying what
> the purposes of the organization are *today*.  A Bylaw doesn’t become
> inactive unless and until it is deleted.  This language was on the Forum’s
> website for years until 2012, when it was added to version 1 of the Forum’s
> current Bylaws..
>
>
>
> *Bylaw 1.1 Purpose of the Forum:*
>
>
>
> The Certification Authority Browser Forum (CA/Browser Forum) is a
> voluntary gathering of leading Certificate Issuers (as defined in Section
> 2.1(a)(1) and (2) below) and vendors of Internet browser software and other
> applications that use certificates (Certificate Consumers, as defined in
> Section 2.1(a)(3) below).
>
>
>
> *Members of the CA/Browser Forum have worked closely together in defining
> the guidelines and means of implementation for best practices as a way of*
> providing a heightened security for Internet transactions and *creating a
> more intuitive method of displaying secure sites to Internet users.*
>
>
>
> Also, Ryan suggested that the Forum should not discuss “creating a more
> intuitive method of displaying secure sites to Internet users” but instead
> should move the discussion to the W3C.  Here are the membership fees for
> W3C.  Why should Forum members have to pay $25,000-$77,000 to talk about
> the browser UI in W3C when we can talk about it for free under Bylaw 1.1 in
> the Forum???
>
>
>
>
> https://www.w3.org/Consortium/fees?countryCode=US&quarter=10-01&year=2019#results
>
>
> Fee Table For United States
>
> *Organization Type in United States (HIC category
> <http://data.worldbank.org/country>)*
>
> *Annual Fee for Memberships Starting 2019-10-01*
>
> For-profit organization that has annual gross revenue, as measured by the
> most recent audited statement, of greater than or equal to
> 1,000,000,000 USD.
>
> 77,000 USD
>
> For-profit organization that has annual gross revenue, as measured by the
> most recent audited statement, of greater than or equal to 500,000,000 USD
> and less than 1,000,000,000 USD.
>
> 68,500 USD
>
> Introductory Industry Membership <https://www.w3.org/2014/08/intromem>,
> available for two years to a for-profit organization that has annual gross
> revenue, as measured by the most recent audited statement, of greater than
> or equal to 50,000,000 USD. *Participation limited to one Interest Group*
>
> 34,250 USD
>
> For-profit organization that has annual gross revenue, as measured by the
> most recent audited statement, of greater than or equal to 50,000,000 USD
> and less than 500,000,000 USD.
>
> 25,000 USD
>
> All other organizations, including non-profit organizations and government
> agencies.
>
> 7,900 USD
>
> Enterprises and non-profits with 10 or fewer employees, with revenues
> below 3,000,000 USD, who have not been W3C Members in the previous two
> years. This fee is not applicable to membership organizations
> <https://www.w3.org/Consortium/Process/#MemberConsortia> generally, but
> is available to non-profit organizations of individual members. This fee
> applies for the first two years of W3C Membership.
>
> 2,250 USD
>
>
>
>
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> *On Behalf Of *Scott
> Rea via Servercert-wg
> *Sent:* Thursday, November 7, 2019 2:36 PM
> *To:* CA/B Forum Server Certificate WG Public Discussion List <
> servercert-wg at cabforum.org>
> *Subject:* [EXTERNAL][Servercert-wg] Identity in browser UIs
>
>
>
> *WARNING:* This email originated outside of Entrust Datacard.
> *DO NOT CLICK* links or attachments unless you trust the sender and know
> the content is safe.
> ------------------------------
>
> G’day Folks,
>
>
>
> I listened to Chris’ presentation today at the CABF F2F 48. There are a
> couple of things I am not clear on…
>
>
>
>    1. What are the list of WG’s that Browsers are already participating
>    in where Identity UI is being discussed? Can the participating Browsers
>    please post a list of WG’s or forums they are participating in where this
>    is discussed?
>    2. Secondary to the above, which of these are potentially open to CAs
>    participating in them?
>    3. If CABF previously voted to stop work on coordinating Identity UIs,
>    it would be good to understand the context for that decision – and I
>    understand that potentially Ryan may be able to provide the documentation
>    for this.
>    4. In respect to the alleged decision from #3 above, or any decision
>    the CABF has made in the past, is there some prohibition in our by-laws
>    that stops us from ever discussing it in future?? If the membership wants
>    to take a fresh look at this particular issue/opportunity, aren’t we free
>    to do so?
>    5. If there are forums where this is being discussed today, wouldn’t
>    it be more efficient to coalesce an Industry perspective in CABF and then
>    send a representative to those forums to convey that perspective rather
>    than waiting for individual players to show up piecemeal to provide their
>    perspectives.
>
>
>
> I don’t have the historical context of the decision to work on this issue
> or not work on it, but it certainly seems to be a hot topic of interest
> today, and I am wondering if there is support for this in the CABF, why we
> can’t proceed to seek to address this like any other issue we identify?
>
>
>
> Regards,
>
> -Scott
>
>
>
>
>
> *Scott Rea*
>
> Senior Vice President - Trust Services
>
>
> <http://www.darkmatter.ae>
>
> Level 15, Aldar HQ
> Abu Dhabi, United Arab Emirates
> *T*  +971 2 417 1417 <+971%202%20417%201417>
> *M* +971 52 847 5093 <+971%2052%20847%205093>
> *E*  Scott.Rea at darkmatter.ae
>
> *darkmatter.ae <http://darkmatter.ae>*
>
> [image: Linkedin] <https://www.linkedin.com/company/dark-matter-llc> [image:
> Twitter] <https://twitter.com/GuardedbyGenius>
>  [image: Year of Tolerance] [image: expo]
>
>
> The information in this email is intended only for the person(s) or entity
> to whom it is addressed and may contain confidential or privileged
> information. If you receive this email by error, please notify us
> immediately, delete the original message and do not disclose the contents
> to any other person, use or store or copy the information in any medium and
> for whatever purpose. Any unauthorized use is strictly prohibited.
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191107/87a5b14b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5249 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191107/87a5b14b/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 663 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191107/87a5b14b/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 803 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191107/87a5b14b/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 8060 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191107/87a5b14b/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 22669 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191107/87a5b14b/attachment-0003.jpg>


More information about the Servercert-wg mailing list