Just to add one more perspective – I have always viewed Associate Members as
people or groups that CAs and Browsers wanted on our calls and meetings as
providing necessary expertise – starting with WebTrust and ETSI
representatives. It’s very convenient to have them understand what we are
doing and provide feedback during meetings and calls. I was not active with
the Forum when PayPal was added as an Associate Member, and was never entirely
certain about the reasons for a single company to be an Associate Member.
As to adding ETA as an Associate Member – I think the Forum would benefit by
adding one financial services group Associate Member who can provide rapid
responses to our work at meetings and on calls (and serve as a conduit of
information back to the ETA membership), especially after the SHA-1 problems.
Some Forum members have been very harsh toward those financial services
companies who didn’t respond in time to the SHA-1 cutoff and are now seeking
SHA-1 certificates, saying “they should have paid attention”. Future Forum
changes are likely to have a disproportionate impact on financial services
companies, so I think one Associate Member makes sense – I just want to make
sure ETA is the right member from that community.
Perhaps we also could benefit from one Associate Member who can represent all
the independent hosting and registrar companies out there (not associated with
a CA or browser). But to keep meetings and calls to manageable size, in my
opinion we should only add a very limited number of Associate Members.
From: [email protected] [mailto:[email protected]] On
Behalf Of Dean Coclin
Sent: Saturday, April 09, 2016 2:29 PM
To: Ryan Sleevi
Cc: [email protected]
Subject: Re: [cabfpub] FW: Associate member of the CA/B Forum
Basically because they would like to be more active in meetings and one benefit
of Associate membership is the ability to attend F2F meetings.
So can Interested Parties
>>Yes, by invitation only. As I read the bylaws, AMs can come w/o invitation.
As a representative of 5000 members, ETA can better communicate things they
learn from the forum and our meetings to a wide audience of theirs.
Traditionally, associations have been granted Associate member status, rather
than Interested Party.
So that seems to be two arguments:
- So they can talk to members
- Because it's what we did in the past
The first can be accomplished by Interested Parties, and the Second is... more
complicated.
The notion of Associate Members is actually relatively new - they were
introduced in Bylaws v1.1, rather than the original version. Contributions,
such as PayPal's, which arguably occupies a similar niche as ETA, were under
the Interested Party contribution. The introduction of the notion in v1.1 (via
Ballot 116 -
https://cabforum.org/2014/03/24/ballot-116-bylaw-amendment-for-associate-member-category/
) was to align our practices and inconsistencies with following our bylaws,
but I don't know if we can argue they were associate members.
Given that https://cabforum.org/liaisons/ is now, seemingly, considerably out
of date due to non-renewal of the IPR policy, I don't know how much we can
argue on that basis either. In terms of membership tracking, unfortunately, the
Wiki is not very helpful in determining who, of the parties that have executed
IPR agreements (and are thus members in good standing) are Interested Parties
vs Associate Members, but it seems that there are entities comparable to ETA
that are as Interested Parties.
I would also note that the Associate Member status seems to have been granted
to the SDOs directly involved in the Web PKI operations - that is, WebTrust and
ETSI stand out as participants. To what degree ETA is an SDO is unclear to me;
my understanding is they are merely a trade association, and not responsible
for the standards themselves (compared to, say, the PCI SSC)
While I fully welcome greater participation in the Forum, and that's a topic
that we've advocated for rather hard in the past, my feeling and suspicion is
that many potential members needs will be met as an Interested Party. A
concern, of course, has been raised by many CAs in the past, which is that the
larger the F2F meetings get, the less likely we'll be able to accomplish
anything productive, and the more expensive it will be to host. However, my
concern is that the F2F's are notoriously "smoke-filled rooms", in that minutes
fail to capture the many nuances of discussions, due to their subtleties, and
thus provide much less transparency or accountability to discussions on the
list.
That's why I favor greater Interested Party participation, because it
encourages greater participation on the list, and greater transparency of what
was said and why decisions were made.
While I'm uncertain as to whether "oppose" the application would be the right
position I'm advocating, I would like to strongly encourage an Interested Party
membership, which should confer almost all of the benefits - except for that of
secrecy (the ability to post on the management list, and the ability to
routinely hold discussions that aren't well or completely minuted during the
F2F). That seems certainly in everyone's best interests.
>>I’m hearing two points here: One is that as part of the Governance Change WG,
>>we should re-look at the categories of IPs and AMs and determine if there is
>>a meaningful distinction. That can certainly be done.
The other subtle point is that the F2F meetings are not valuable, not
transparent enough and should be discontinued. I think you’ll find some
arguments there from members but again, can be tackled by the WG to determine
if the frequency of meetings is too much, too little or just right and if
minute taking should be recorded or changed to another format.
Back to the issue of ETA, I’ll put this on the agenda for next week’s call and
would be interested in hearing from others either on the list or the call.
Thanks
Dean
<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
