[cabf_validation] Amended Draft Minutes of the September 12, 2019 Validation Subcommittee Call

Tue Sep 24 03:14:10 MST 2019

On Tue, Sep 24, 2019 at 3:32 AM Kirk Hall <Kirk.Hall at entrustdatacard.com>
wrote:

> What Ryan suggests is not an appropriate process for getting Minutes of
> meetings published, and I object to Ryan’s proposal for removal of “changes
> 3 and 4” which I added to the first draft of the Sept. 12 Validation
> Subcommittee that Ryan drafted.
>

Kirk,

Could you clarify what you believe the appropriate process? While I can
understand we might disagree on substance, I do want to take issue with the
suggestion that this is not adhering to the Bylaws.

The process is:
1) The minutes are recorded
2) Edits to the minutes are proposed
3) Any objections are then discussed and resolved prior to progressing
4) Final minutes are then approved

In that process, you suggested proposals in #2. However, you then
(inappropriately) circulated an edited version, prior to acknowledging 3,
proposed objections.

There is a lot of factual inaccuracy in your post, and I would ask you to
refrain from making such baseline claims, or to better educate yourself on
the substance of the conversation. The suggestion that the ballot has been
"delayed for weeks" is, of course, factually inaccurate. In conversations
which you have not been present, and thus not disrupted with your
inappropriate behaviour, there has been a rather collegial exchange of
ideas and concerns. The GitHub discussion, which you were thankfully not
part of, shows further refinements and concrete suggestions to address
issues. These then lead to further conversations on a prior call, which you
also thankfully did not participate in, which allowed for a great back and
forth. One issue remained, and so we invited GLEIF to the call. Throughout
this process, CAs and browsers committed to working together have continued
to make progress. The amount of time spent on working on this ballot, to
ensure that CAs like Entrust DataCard are given the appropriate supervision
on how to do their jobs without abusing user trust, has rather exceeded
many ballots, highlighting the good faith effort here.

Unfortunately, on the most recent call, you quite literally interrupted the
discussion of the previous call, as the recording shows, to begin stating
your personal opinion, and then insisted you be allowed to finish your
interruption and non-sequitor. You then repeatedly interrupted questions to
our guest, in order to state your opinion, as well as insisting our guest
should not be asked questions, the entire point of inviting them. The
recording shows all of this highly inappropriate behaviour, which out of
courtesy, the minutes did not record at the same detail.

Throughout, you have behaved wholly inappropriately towards resolution. The
continued suggestion of impropriety is unsupported, to say the least.

For example, your suggestion of a direct quote as somehow not being
included is farcical, as the minutes show the following is included.
Perhaps you simply didn't read that far, as has happened now several times
in messages to you?

** Ryan said he did not think a broad call would be as productive as
needed, given that the current position of Chrome is that it would be
actively harmful to include LEIs in TLS certificates, and may require
Chrome potentially needing to block the certificates or even the CA that
issued them. Because of how serious that would be, Ryan wanted to try and
find a way to avoid that, by making sure there’s a better understanding
about why LEIs should be in TLS certificates, relative to the risks. **

Could you demonstrate what part of that does not reflect what you propose?

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20190924/857e6c8f/attachment.html>