Re: [cabfpub] Draft Charter for IPR Subcommittee

[Ben Wilson via Public]

All,

Here is a revised Charter for the Forum IPR Subcommittee ("FIPR").

https://github.com/BenWilson-Mozilla/forum/blob/fipr-charter/FIPR-Charter.md

Thanks,

Ben

On Fri, Apr 19, 2024 at 11:59 AM Dimitris Zacharopoulos (HARICA) via Public
 wrote:

> Hi  Ben,
>
> On 16/4/2024 7:48 μ.μ., Ben Wilson via Public wrote:
>
> All,
>
> As mentioned during the Forum teleconference of April 11, 2024, here is a
> draft charter for a Forum IPR Subcommittee. (This effort is separate, but
> somewhat in parallel to the work of the Patent Advisory Group, which will
> be handling GoDaddy's Patent Exclusion Notice, filed Mar. 22, 2024, in
> relation to Ballot SC-70.)
>
> Please provide your comments or questions.
>
> Thanks,
>
> Ben
>
>
>
> *Forum IPR Subcommittee Charter*
>
> Upon approval of the CAB Forum by ballot in accordance with section 5.6 of
> the Bylaws, the Forum IPR Subcommittee (“FIS”) is created to perform the
> activities as specified in this Charter, subject to the terms and
> conditions of the CA/Browser Forum Bylaws and Intellectual Property Rights
> (IPR) Policy, as such documents may change from time to time. The
> definitions found in the Forum’s Bylaws or IPR Policy shall apply to
> capitalized terms in this Charter.
>
>
> I'm not sure the IPR Policy needs to be invoked here. Please take a look
> at the Forum Infrastructure SC charter (
> https://cabforum.org/2019/10/08/ballot-forum-10-re-charter-forum-infrastructure-working-group/).
> Also, is it ok to use the acronym "FIS" as it is also referred in the Forum
> Subcommittee Charter?
>
> *Scope*
>
> The primary activity of the FIS shall be to review, and propose revisions
> to, the Forum’s IPR Policy, IPR Policy Agreement, exclusion notice
> template, and similar documents.  The FIS may perform other activities
> ancillary to this primary activity.  The FIS will not create Final
> Guidelines or Final Maintenance Guidelines.
>
>
> Based on the last statement, I don't think we need to mention that this
> charter is subject to the IPR Policy.
>
> *Anticipated End Date*
>
> The FIS is chartered without a specific end date. However, it is expected
> that the FIS will deliver results of its initial work to the Forum prior to
> _ 2024.  Thereafter, the FIS will continue to exist, but may be
> dissolved at any time by Forum ballot.
>
>
> If the Subcommittee completes its deliverables and those deliverables are
> accepted by the Forum by ballot, the subcommittee should probably be
> dissolved automatically. We could renew its charter or duration if we find
> something else useful but based on the current expectations it looks like
> it will be dissolved if the proposed documents are approved.
>
> *Initial Chairs and Contacts*
>
> The proposer of the ballot adopting this Charter, Ben Wilson, will act as
> organizer of the FIS until the first teleconference is held for the FIS, at
> which time the FIS will elect a chair and vice-chair, either by vote or by
> acclamation of those present. The chair and vice-chair will normally serve
> two-year terms.  However, the first term will start upon their election
> and run through 31 October 2026.
>
> *Members Eligible to Participate*
>
> The FIS welcomes the participation of any Member organization of the Forum
> interested in this work.  Forum Members that have initially declared
> their participation in this Subcommittee are:
>
> Amazon, Apple, DigiCert, GoDaddy, Google, HARICA, Let’s Encrypt, Mozilla,
> Sectigo, SwissSign,
>
> *Voting and Voting Structure*
>
> Voting in the FIS shall be limited to Forum members. Voting shall be
> egalitarian: all Members shall vote together as a single class, with one
> vote granted to each Member organization. Any decisions of the FIS needed
> to be voted upon by the FIS shall be considered adopted if the number of
> votes in favor exceeds 50% of the votes cast.
>
>
> This is not a WG so no voting or voting structure is necessary.
>
> *Primary Means of Communication*
>
> The FIS will communicate primarily through listserv-based email and shall
> conduct periodic calls or face-to-face meetings as needed.
>
>
> I suggest we combine some elements from
> https://cabforum.org/2019/10/08/ballot-forum-10-re-charter-forum-infrastructure-working-group/
> to improve this charter.
>
> Thanks Ben for putting this together!
>
> Dimitris.
>
>
>
> ___
> Public mailing 
> listPublic@cabforum.orghttps://lists.cabforum.org/mailman/listinfo/public
>
>
> ___
> Public mailing list
> Public@cabforum.org
> https://lists.cabforum.org/mailman/listinfo/public
>
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [Cscwg-public] Code Signing Baseline Requirements references to the EV Guidelines

[Dimitris Zacharopoulos (HARICA) via Cscwg-public]

On 11/3/2024 6:20 μ.μ., Dimitris Zacharopoulos (HARICA) via Cscwg-public 
wrote:


All,

I re-based the importEVG branch to the latest CSBR (3.7.0). You can 
see the ballot redline in 
https://github.com/cabforum/code-signing/pull/38. Feel free to start a 
review within the PR or reply to this thread with comments.


Importing the EV Guidelines into the CSBRs ballot requires time to 
review so I plan to give at least 2 weeks discussion period for 
Members to check before starting the voting period.


I have one remaining task which is to import the changes introduced by 
Ballot SC68 . Other 
than that, we should be good to go. I would like to ask for 2 
endorsers to reserve a ballot number.


I added the language of Ballot SC68, fixed some numbering issues and 
reformatted the tables. Everything seems to be all set. Martijn and 
Corey have kindly offered to review the PR and hopefully they will also 
be able to endorse the ballot. You can also download the artifacts 
(.docx, .pdf, redline pdf) 
 
produced based on the latest commit.


Please let me know if you have any questions or concerns.


Best regards,
Dimitris.





Thank you,
Dimitris.

On 2/2/2024 1:59 μ.μ., Dimitris Zacharopoulos (HARICA) wrote:

Dear Members,

Apologies for sending this late. Here is the mapping document for the 
import of the EV Guidelines into the CS Baseline Requirements.


The process started from sections of the CSBRs that point to sections 
of the EV Guidelines. In some cases, the referenced EVG section, 
contained additional references within the EVG. The spreadsheet tried 
to capture and follow all those references to ensure we didn't miss 
anything.


I hope this document will help the review process so we can proceed 
with a ballot. Before we do the ballot, we will have to rebase to the 
latest CSBR version and resolve any conflicts that may be caused by 
the last 2 ballots. My goal is to get this ready for a ballot after 
the next F2F meeting.



Thank you,
Dimitris.

On 8/1/2024 3:06 μ.μ., Dimitris Zacharopoulos (HARICA) via 
Cscwg-public wrote:

Dear Members,

Following up on the work of importing the references to the EV 
Guidelines and specifically the latest version (1.8.0) with the 
exception of the CA/B Forum organization identifier extension as 
agreed in previous meetings, the resulting redline (based on CSBR 
version 3.4.0) is available in the following link:


  * https://github.com/cabforum/code-signing/compare/main...importEVG

We can easily rebase to version 3.5.0 which is the latest CSBR 
version, but the focus should be more on the import of the existing 
EV references.


The redline contains several formatting improvements as well, like 
removal of double spaces and tabs that break the conversion.


Here are my notes from the conversion:


- CSBR section 3.2.2.2 points to EV Guidelines
  - Section 10.1.2 for specific roles (done)
  - Section 11.2 for Legal Existence and Identity (done)
  - Section 11.3 for Assumed Name (done)
  - Section 11.4 for Physical Existence (done)
  - Section 11.5 for Method of Communication (done)
  - Section 11.6 for Operational Existence (done)
  - Section 11.8 for Name, Title and Authority of Contract Signer 
and Certificate Approver (done)
  - Section 11.9 for Signature on Subscriber Agreement and EV CS 
Certificate Requests (done)

  - Section 11.10 for Approval of EV CS Certificate Request (done)
  - Section 11.11 for Certain Information Sources (done)
  - Section 11.12.3 for Parent/Subsidiary/Affiliate Relationship (done)
- CSBR section 4.1.1 points to EV Guidelines section 11.12.2 for 
"suspicious" certificate requests (done new section 3.2.8)

- CSBR section 4.2.1 points to EV Guidelines
   - section 11.13 for the "due diligence" verification (done new 
section 3.2.9)
   - section 11.14 for the usage periods of documents, data and 
previous validations performed per section 3.2. (done with new 
section 4.2.1.1)
- CSBR section 5.2.4 points to EV Guidelines section 11.13 for the 
Final Cross-Correlation and Due Diligence steps (done by pointing to 
the new section 3.2.9)
- CSBR section 5.3.3 points to EV Guidelines in general for the 
Validation Specialist training and internal examination (done)
- CSBR section 7.1.4.2.4 points to EV Guidelines sections 9.2.1 
(done), 9.2.3 (done), 9.2.4 (done, section 11.1.3 disclosure of 
verification sources migrated to 3.2.10), 9.2.5 (done), 9.2.6 
(done), 9.2.8 (done updated reference to 9.2.4 to 7.1.4.2.4 (c)) for 
subject information
- CSBR section 9.2.1 points to EV Guidelines section 8.4 for 
insurance coverage (done)



9.8.2 --> Do not import
11.11.1 --> 3.2.2.2.10.1
11.11.4 --> 3.2.2.2.12
11.13 --> 3.2.9
14.1.1, 14.1.2 --> 5.3 (Training and background checks)
14.1.3 --> 5.2.4 (separation of duties)
14.2 --> 1.3.2.1 (new section)

We still need to do a thorough check for the import of the 

[Smcwg-public] Weekly github digest (S/MIME Certificate Working Group)

[Infrastructure Bot via Smcwg-public]

Issues
--
* cabforum/smime (+1/-0/0)
 1 issues created:
 - Nit: Clarify scope for S/MIME ICAs (by timfromdigicert)
   https://github.com/cabforum/smime/issues/243 





Repositories tracked by this digest:
---
* https://github.com/cabforum/smime
___
Smcwg-public mailing list
Smcwg-public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/smcwg-public