Ballot 206 established a new governance structure that puts most substantive work of the Forum into new Working Groups. The Server Certificate Working Group (SCWG) Charter was approved by the same Ballot, and new governance rules and an updated IPR Agreement v1.3 were established in the Forum’s Bylaws, both effective today, July 3, 2018. See excerpts of the Charter and Bylaws below.
Bylaw 5.3.1(c) provides as follows: The CWG Chair will send an invitation to the Public Mail List for an initial CWG [Chartered Working Group] meeting and will solicit eligible Members, Associate Members and Interested Parties (as specified in the charter) with expertise and interest in the CWG’s subject matter to participate in the CWG. In order to participate in a Working Group, a party must have agreed to the IPR Policy Agreement and formally declared participation. Now that the Bylaws are effective as of today, I’m issuing an invitation to Forum Members and Associate Members to participate in the SCWG’s initial teleconference meeting on Thursday, July 12, 2018, starting immediately after adjournment of a short CA/Browser Forum teleconference which begins at 11:00 am Eastern Time. This is the Forum’s regular teleconference time slot. What are the requirements to participate in the SCWG? As noted in the Bylaws, you must (1) have signed and returned the IPR Agreement v1.3, and (2) “formally declared participation.” We have received signed IPR Agreements from most Forum members, and I will list those remaining in a separate email. We have received formal declarations of participation in the SCWG from many existing Forum members, but not all – I will also cover that in a separate email. Interested Parties will also be invited to participate in the SCWG, but not to participate on the July 12 teleconference, as Interested Parties generally participate on the mailing lists but not in meetings and teleconferences. I will cover that in a separate email. On the July 12 organizational call of the SCWG, I plan to start by listing who has effectively applied for membership of the SCWG by signing the IPRA and declaring their participation, then state they appear to qualify, and then ask if anyone has an objection. If there are no objections, then we will have established the initial SCWG membership list by consensus, as we do under Bylaw 2.1(c) when agreeing on Forum membership itself. Then we will get to work on initial CSWG organizing issues – I will provide an draft Agenda in advance. One final point – under Bylaw 2.1(a), “All Forum members must participate in at least one CWG [Chartered Working Group] (as defined in Section 5.3.1 below), and meet at least one of the following criteria: [requirements for membership as a CA or browser].” This means that a Forum member who signs the IPR Agreement but does not declare participation in the SCWG (which is the only CWG we have at present) technically can no longer be a Forum Member. Following discussion in the Governance Change Working Group, we will give Forum Members who have signed the IPR Agreement but not declared their participation in the SCWG 60 days to correct that error before their Forum membership is terminated. ***** Bylaw 5.3 - Working Groups 5.3.1 Formation of Chartered Working Groups (a) Members who desire to form a new “Chartered” Working Group (CWG) shall propose a charter by ballot pursuant to Section 2.1 above. A CWG typically consists of Certificate (or Root Certificate) Issuer participants and Certificate Consumer participants, but is not required to include both. A CWG shall allow for the participation of Interested Parties and Associate Members. (b) The charter shall outline the scope of the CWG’s activities and other important information. A template for Working Group charters is attached to these Bylaws as Exhibit C. A Working Group may deviate from the template, provided that the charter must include at least the following information: 1) Scope of the Working Group 2) Anticipated Working Group end date, if any 3) Initial chairs and contacts for the Working Group 4) Type(s) of Members eligible to participate in the Working Group (e.g., Members, Interested Parties, and Associate Members) 5) Voting structure for the WG 6) Summary of the work that the WG plans to accomplish 7) Summary of major deliverables and guidelines for the Working Group 8) Primary means of communication to be used by the Working Group (see subsection (d) below) 9) Mandatory applicability of the IPR Policy (c) After the charter is approved, the CWG MAY elect a new Chair by majority vote of the CWG’s members, or as otherwise specified in the charter. The CWG Chair will send an invitation to the Public Mail List for an initial CWG meeting and will solicit eligible Members, Associate Members and Interested Parties (as specified in the charter) with expertise and interest in the CWG’s subject matter to participate in the CWG. In order to participate in a Working Group, a party must have agreed to the IPR Policy Agreement and formally declared participation. Each CWG Chair shall be responsible for ensuring that all parties attending the respective CWG meetings have signed the IPR Policy Agreement and have formally declared their participation in the CWG via the mechanism designated by the Forum prior to attending. (d) Each CWG may establish its own means for their communications, as provided in the charter, but such means should be managed in the same fashion as the Public Mail List and employed by the CWG with a similar level of transparency as appropriate to their nature with public archives for written methods of communication. CWGs may meet by teleconference or have face-to-face meetings as provided in the charter, but the Forum shall not be responsible for the expenses of any such teleconferences or meetings. (e) CWGs may establish any number of subcommittees within its own Working Group to address any of such CWG’s business (each, a “Subcommittee”). A CWG-created Subcommittee needs to be approved by the CWG itself according to the approval process set forth in the CWG charter, but approval of the Forum is not necessary. Subcommittees must exist under an approved CWG. *** 5.3.3 Output of Working Groups (a) CWGs may adopt Final Guidelines and Final Maintenance Guidelines within the scope of their charters and according to the provisions (including voting processes) of the CWG’s charter. All Final Guidelines and Final Maintenance Guidelines must be posted on the Public Mail List. (b) Final Guidelines and Final Maintenance Guidelines developed by a CWG do not need to beapproved by the Forum at large. 5.3.4 Legacy Working Groups Any “Legacy” Working Groups (“LWG”) in existence when this Bylaws v.1.8 is approved by the Forum shall have the option of (a) converting to a Subcommittee under a CWG pursuant to Section 5.3.1(e), (b) immediately terminating, or (c) continuing in effect without change for 6 months following such approval. For an LWG to continue beyond such 6 months, it must have a charter approved as described in Section 5.3.1 above, as if it was a new Working Group. Server Certificate Working Group Charter Upon approval of the CAB Forum by ballot, the Server Certificate Working Group (“Working Group”) is created to perform the activities as specified in this Charter, subject to the terms and conditions of the CA/Browser Forum Bylaws and Intellectual Property Rights (IPR) Policy, as such documents may change from time to time. The definitions found in the Forum’s Bylaws shall apply to capitalized terms in this Charter. SCOPE: The authorized scope of the Server Certificate Working Group shall be as follows: 1. To specify Baseline Requirements, Extended Validation Guidelines, Network and Certificate System Security Requirements, and other acceptable practices for the issuance and management of SSL/TLS server certificates used for authenticating servers accessible through the Internet. 2. To update such requirements and guidelines from time to time, in order to address both existing and emerging threats to online security, including responsibility for the maintenance of and future amendments to the current CA/Browser Forum Baseline Requirements, Extended Validation Requirements, and Network and Certificate System Security Requirements. 3. To perform such other activities that are ancillary to the primary activities listed above. OUT OF SCOPE: The Server Certificate Working Group will not address certificates intended to be used primarily for code signing, S/MIME, time-stamping, VoIP, IM, or Web services. The Server Certificate Working Group will not address the issuance, or management of certificates by enterprises that operate their own Public Key Infrastructure for internal purposes only, and for which the Root Certificate is not distributed by any Application Software Supplier. Anticipated End Date: None. Initial chairs and contacts: Chair, Kirk Hall, [email protected]; Vice Chair, Ben Wilson, [email protected]; terms to run concurrently with their terms as Chair and Vice Chair of the Forum, respectively, unless otherwise voted upon by the Working Group. Members eligible to participate: The Working Group shall consist of two classes of voting members, the Certificate Issuers and the Certificate Consumers. The CA Class shall consist of eligible Certificate Issuers and Root Certificate Issuers meeting the following criteria: (1) Certificate Issuer: The member organization operates a certification authority that has a current and successful WebTrust for CAs audit, or ETSI TS 102042, ETSI 101456, or ETSI EN 319 411-1 audit report prepared by a properly-qualified auditor, and that actively issues certificates to Web servers that are openly accessible from the Internet, such certificates being treated as valid when using a browser created by a Certificate Consumer Member. Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Sec. 3.1 for a period of time to be designated by the Forum. (2) Root Certificate Issuer: The member organization operates a certification authority that has a current and successful WebTrust for CAs, or ETSI TS 102042, ETSI TS 101456, ETSI EN 319 411-1 audit report prepared by a properly-qualified auditor, and that actively issues certificates to subordinate CAs that, in turn, actively issue certificates to Web servers that are openly accessible from the Internet, such certificates being treated as valid when using a browser created by a Certificate Consumer Member. Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Sec. 3.1 for a period of time to be designated by the Forum. (3) A Certificate Consumer can participate in this Working Group if it produces a software product intended for use by the general public for browsing the Web securely. The Working Group shall include Interested Parties and Associate Members as defined in the Bylaws. Voting structure: In order for a ballot to be adopted by the Working Group, two-thirds or more of the votes cast by the Certificate Issuers must be in favor of the ballot and more than 50% of the votes cast by the Certificate Consumers must be in favor of the ballot. At least one member of each class must vote in favor of a ballot for it to be adopted. Quorum is the average number of Member organizations (cumulative, regardless of Class) that have participated in the previous three Server Certificate Working Group Meetings or Teleconferences (not counting subcommittee meetings thereof). For transition purposes, if three meetings have not yet occurred, quorum is ten (10). Summary of the work that the WG plans to accomplish: As specified in Scope section above. Summary of major WG deliverables and guidelines: As specified in Scope section above. Primary means of communication: listserv-based email, periodic calls, and face-to-face meetings. IPR Policy: The CA/Browser Forum Intellectual Rights Policy, v. 1.3 or later, SHALL apply to all Working Group activity.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
