Re: [cabfpub] Public Digest, Vol 77, Issue 81

[Geoff Keating via Public]

I think we’re in agreement as to the effect of not having minutes on the IPR 
policy.

I don’t believe anyone is proposing a subcommittee charter which *prevents* it 
from having minutes.  So, perhaps if you’re concerned that a subcommittee might 
not have the standard of minute-taking that you would like, you could offer to 
take minutes for that subcommittee?  My experience is that such an offer is 
usually received with gratitude!

> On Sep 14, 2018, at 2:04 PM, Ryan Sleevi via Public <public@cabforum.org> 
> wrote:
> 
> Please review section 8 of the IPR policy with your legal counsel, Tim, 
> particularly around what constitutes a "Contribution"
> 
> On Fri, Sep 14, 2018 at 4:52 PM Tim Hollebeek <tim.holleb...@digicert.com 
> <mailto:tim.holleb...@digicert.com>> wrote:
> We have the protections in the IPR policy, because we have the IPR policy.  
> To be clear, the existence or absence of minutes does not in any way affect 
> the IPR policy, and there’s no text in the Bylaws or IPR policy that suggests 
> that it does.
> 
>  
> 
> -Tim
> 
>  
> 
> From: Public <public-boun...@cabforum.org 
> <mailto:public-boun...@cabforum.org>> On Behalf Of Ryan Sleevi via Public
> Sent: Friday, September 14, 2018 4:41 PM
> To: Virginia Fournier <vfourn...@apple.com <mailto:vfourn...@apple.com>>; 
> CABFPub <public@cabforum.org <mailto:public@cabforum.org>>
> Subject: Re: [cabfpub] Public Digest, Vol 77, Issue 81
> 
>  
> 
> Virginia,
> 
>  
> 
> I do not understand how that position is at all consistent with our bylaws 
> with respect to IP risk. If we have Subcommittees without the requirement to 
> maintain or produce minutes, how could we possibly hope to have the IP 
> protections afforded by our policy?
> 
>  
> 
> On Fri, Sep 14, 2018 at 4:32 PM Virginia Fournier via Public 
> <public@cabforum.org <mailto:public@cabforum.org>> wrote:
> 
> It would be great if the people who continually complain that the Bylaws 
> don’t contain x, or took away y, would actively participate in the process to 
> create new versions of the Bylaws.  The version of the Bylaws creating CWGs 
> and their Subcommittees was developed over more than a year, with ample time 
> for review, comment, revision, rinse and repeat.
> 
>  
> 
> The Bylaws say that "each CWG may establish any number of subcommittees 
> within its own Working Group to address any of such CWG’s business.” However, 
> there's nothing in the Bylaws that prohibits Subcommittees from having their 
> own mailing lists, minutes, chairs, etc.  It looks like Subcommittees have 
> the   flexibility to determine how to conduct their own business within the 
> CWG.  
> 
>  
> 
> If a CWG wants a Subcommittee to do something specific (like keep minutes), 
> they can specify that in the CWG charter.   
> 
>  
> 
> Best regards,
> 
>  
> 
> Virginia Fournier
> 
> Senior Standards Counsel
> 
>  Apple Inc.
> 
> ☏ 669-227-9595
> 
> ✉︎ v...@apple.com <mailto:v...@apple.com>
>  
> 
>  
> 
>  
> 
> On Sep 14, 2018, at 9:29 AM, public-requ...@cabforum.org 
> <mailto:public-requ...@cabforum.org> wrote:
> 
>  
> 
> Send Public mailing list submissions to
> public@cabforum.org <mailto:public@cabforum.org>
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> https://cabforum.org/mailman/listinfo/public 
> <https://cabforum.org/mailman/listinfo/public>
> or, via email, send a message with subject or body 'help' to
> public-requ...@cabforum.org <mailto:public-requ...@cabforum.org>
> 
> You can reach the person managing the list at
> public-ow...@cabforum.org <mailto:public-ow...@cabforum.org>
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Public digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: Ballot SC10 ? Establishing the Network Security
>      Subcommittee of the SCWG (Ryan Sleevi)
>   2. Re: Ballot SC10 ? Establishing the Network Security
>      Subcommittee of the SCWG (Tim Hollebeek)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 14 Sep 2018 12:19:24 -0400
> From: Ryan Sleevi <sle...@google.com <mailto:sle...@google.com>>
> To: Tim Hollebeek <tim.holleb...@digicert.com 
> <mailto:tim.holleb...@digicert.com>>
> Cc: CABFPub <public@cabforum.org <mailto:public@cabforum.org>>
> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
> Subcommittee of the SCWG
> Message-ID:
> <cacvawvbodx1ec0bvxrnx7eik3tgb8efxeqv06j_qyzkt7cz...@mail.gmail.com 
> <mailto:cacvawvbodx1ec0bvxrnx7eik3tgb8efxeqv06j_qyzkt7cz...@mail.gmail.com>>
> Content-Type: text/plain; charset="utf-8"
> 
> Subcommittees don't have requirements for minutes or publicly-available
> notes.
> 
> That's the point. All this thinking about subcommittees working "just like"
> LWGs is not the case. All of that was lost from the Bylaws. A subcommittee
> can just be two people having a chat, at least as written in the Bylaws
> today.
> 
> There's nothing stating subcommittees work with their own mailing lists,
> for example, in the way our old bylaws did. There's nothing establishing
> chairs or charters or deliverables. It's a one-off note.
> 
> That's the point.
> 
> On Fri, Sep 14, 2018 at 12:13 PM Tim Hollebeek <tim.holleb...@digicert.com 
> <mailto:tim.holleb...@digicert.com>>
> wrote:
> 
> 
> 
> Collaborating outside of a subcommittee has a bunch of drawbacks,
> including a complete lack of public transparency and much weaker IPR
> protections.
> 
> 
> 
> In my opinion, there?s already way, way too much going on in private that
> would be better handled in subcommittees where everyone can participate and
> there are publicly available notes.
> 
> 
> 
> -Tim
> 
> 
> 
> *From:* Public <public-boun...@cabforum.org 
> <mailto:public-boun...@cabforum.org>> *On Behalf Of *Wayne Thayer
> via Public
> *Sent:* Thursday, September 13, 2018 7:11 PM
> *To:* Ryan Sleevi <sle...@google.com <mailto:sle...@google.com>>; CA/Browser 
> Forum Public Discussion
> List <public@cabforum.org <mailto:public@cabforum.org>>
> *Subject:* Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
> Subcommittee of the SCWG
> 
> 
> 
> Would it be helpful to take a step back and propose an amendment to the
> Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I
> would be willing to work on that. Meanwhile, if the Network Security WG
> left some urgent work unfinished, nothing prevents SCWG members from
> collaborating outside of the Subcommittee structure.
> 
> 
> 
> On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <
> public@cabforum.org <mailto:public@cabforum.org>> wrote:
> 
> I think that, without incorporating or responding to feedback, we will be
> opposed to this ballot. I agree that it's unfortunate we have gotten
> nowhere - but it's equally unfortunate to have spent two months without
> responding to any of the substance of the issues. It's great to see
> progress, but making small steps doesn't excuse leaving glaring issues.
> It's better to let these fall down than to support them with fundamental
> flaws.
> 
> 
> 
> Concrete feedback is:
> 
> Delete: "These renewed NCSSR documents will serve CAs, auditors and
> browsers in giving a state of the art set of rules for the deployment and
> operation of CAs computing infrastructures."
> 
> Rationale: That presumes this output will be valid/valuable.
> 
> 
> 
> Delete: "The Subcommittee may choose its own initial Chair."
> 
> Rationale: Subcommittees don't have Chairs and votes. They're just
> meetings of the CWG with focus.
> 
> 
> 
> Delete: "The Network Security Subcommittee shall produce one or more
> documents offering options to the Forum for establishing minimal security
> standards within the scope defined above, which may be used to modify the
> existing NCSSRs."
> 
> Rationale: This is a pretty much a non-scope as worded, but worse,
> precludes some of the very activities you want to do. For example,
> reforming existing requirements doesn't establish minimums, so is out of
> scope.
> 
> 
> 
> Obviously, that leaves you with nothing left. Hopefully there's something
> concrete you think should remain, and you can suggest improvements there.
> 
> 
> 
> 
> 
> 
> 
> On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <kirk.h...@entrustdatacard.com 
> <mailto:kirk.h...@entrustdatacard.com>>
> wrote:
> 
> On this ballot and Ballot SC10, I?m only going to consider comments and
> criticisms that propose specific alternate language that you will support.
> We have spent two months on creation of Subcommittees that simply continue
> the work we have been doing., and getting nowhere.  Time to finish up!
> 
> 
> 
> Do you have specific alternate ballot language you want the Members to
> consider?  If so, please post.
> 
> 
> 
> *From:* Ryan Sleevi [mailto:sle...@google.com <mailto:sle...@google.com>]
> *Sent:* Thursday, September 13, 2018 2:55 PM
> *To:* Kirk Hall <kirk.h...@entrustdatacard.com 
> <mailto:kirk.h...@entrustdatacard.com>>; CABFPub <
> public@cabforum.org <mailto:public@cabforum.org>>
> *Subject:* [EXTERNAL]Re: [cabfpub] Ballot SC10 ? Establishing the Network
> Security Subcommittee of the SCWG
> 
> 
> 
> On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <public@cabforum.org 
> <mailto:public@cabforum.org>>
> wrote:
> 
> *Scope: *Revising and improving the Network and Certificate Systems
> Security Requirements (NCSSRs).
> 
> 
> *Out of Scope: *No provision.
> 
> *Deliverables: *The Network Security Subcommittee shall produce one or
> more documents offering options to the Forum for establishing minimal
> security standards within the scope defined above, which may be used to
> modify the existing NCSSRs. These renewed NCSSR documents will serve CAs,
> auditors and browsers in giving a state of the art set of rules for the
> deployment and operation of CAs computing infrastructures.  The
> Subcommittee may choose its own initial Chair.
> 
> 
> 
> Is this Deliverable correct? Is that scope correct? The previous WG
> produced (only after significant prodding) a statement about 'options' -
> which was to modifying the existing NCSSRs. It seems like we're talking now
> about concrete recommendations for changes, and it seems more relevant to
> note what is in scope or out of scope.
> 
> 
> 
> I disagree that the deliverable affirmatively stating "will serve CA,
> auditors, and browsers".
> 
> 
> 
> However, there's other, more fundamental problems. Most notable is that
> Subcommittees aren't established to have Chairs - the point of the rework
> of the Bylaws was to make it clearer what activities are done and how they
> fit, and a SCWG subcommittee is just that - a subgroup of the SCWG. The
> other is that the SCWG does not yet have a defined process for the
> establishment of subcommittees.
> 
> _______________________________________________
> Public mailing list
> Public@cabforum.org <mailto:Public@cabforum.org>
> https://cabforum.org/mailman/listinfo/public 
> <https://cabforum.org/mailman/listinfo/public>
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: 
> <http://cabforum.org/pipermail/public/attachments/20180914/7203cd81/attachment-0001.html
>  
> <http://cabforum.org/pipermail/public/attachments/20180914/7203cd81/attachment-0001.html>>
> 
> ------------------------------
> 
> Message: 2
> Date: Fri, 14 Sep 2018 16:29:38 +0000
> From: Tim Hollebeek <tim.holleb...@digicert.com 
> <mailto:tim.holleb...@digicert.com>>
> To: Ryan Sleevi <sle...@google.com <mailto:sle...@google.com>>
> Cc: CABFPub <public@cabforum.org <mailto:public@cabforum.org>>
> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security
> Subcommittee of the SCWG
> Message-ID:
> <bn6pr14mb11066d38b44b3bf97d0857d883...@bn6pr14mb1106.namprd14.prod.outlook.com
>  
> <mailto:bn6pr14mb11066d38b44b3bf97d0857d883...@bn6pr14mb1106.namprd14.prod.outlook.com>>
> 
> Content-Type: text/plain; charset="utf-8"
> 
> My ballot that I didn?t get around to writing would have had something like:
> 
> 
> 
> ?The current Bylaws lack clarity and precision about the functioning of 
> subcommittees.  Until such a time as that is corrected, subcommittees created 
> from LWGs shall operate in the same manner as pre-governance reform working 
> groups.?
> 
> 
> 
> Would that help?
> 
> 
> 
> -Tim
> 
> 
> 
> P.S. I asked the Validation WG chair if the Validation Subcommittee would 
> continue using the validation mailing list, and continue to produce agendas 
> and minutes, and he said yes.
> 
> 
> 
> From: Ryan Sleevi <sle...@google.com <mailto:sle...@google.com>> 
> Sent: Friday, September 14, 2018 12:19 PM
> To: Tim Hollebeek <tim.holleb...@digicert.com 
> <mailto:tim.holleb...@digicert.com>>
> Cc: Wayne Thayer <wtha...@mozilla.com <mailto:wtha...@mozilla.com>>; CABFPub 
> <public@cabforum.org <mailto:public@cabforum.org>>
> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security 
> Subcommittee of the SCWG
> 
> 
> 
> Subcommittees don't have requirements for minutes or publicly-available notes.
> 
> 
> 
> That's the point. All this thinking about subcommittees working "just like" 
> LWGs is not the case. All of that was lost from the Bylaws. A subcommittee 
> can just be two people having a chat, at least as written in the Bylaws today.
> 
> 
> 
> There's nothing stating subcommittees work with their own mailing lists, for 
> example, in the way our old bylaws did. There's nothing establishing chairs 
> or charters or deliverables. It's a one-off note.
> 
> 
> 
> That's the point.
> 
> 
> 
> On Fri, Sep 14, 2018 at 12:13 PM Tim Hollebeek <tim.holleb...@digicert.com 
> <mailto:tim.holleb...@digicert.com> <mailto:tim.holleb...@digicert.com 
> <mailto:tim.holleb...@digicert.com>> > wrote:
> 
> Collaborating outside of a subcommittee has a bunch of drawbacks, including a 
> complete lack of public transparency and much weaker IPR protections.
> 
> 
> 
> In my opinion, there?s already way, way too much going on in private that 
> would be better handled in subcommittees where everyone can participate and 
> there are publicly available notes.
> 
> 
> 
> -Tim
> 
> 
> 
> From: Public <public-boun...@cabforum.org 
> <mailto:public-boun...@cabforum.org> <mailto:public-boun...@cabforum.org 
> <mailto:public-boun...@cabforum.org>> > On Behalf Of Wayne Thayer via Public
> Sent: Thursday, September 13, 2018 7:11 PM
> To: Ryan Sleevi <sle...@google.com <mailto:sle...@google.com> 
> <mailto:sle...@google.com <mailto:sle...@google.com>> >; CA/Browser Forum 
> Public Discussion List <public@cabforum.org <mailto:public@cabforum.org> 
> <mailto:public@cabforum.org <mailto:public@cabforum.org>> >
> Subject: Re: [cabfpub] Ballot SC10 ? Establishing the Network Security 
> Subcommittee of the SCWG
> 
> 
> 
> Would it be helpful to take a step back and propose an amendment to the 
> Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I 
> would be willing to work on that. Meanwhile, if the Network Security WG left 
> some urgent work unfinished, nothing prevents SCWG members from collaborating 
> outside of the Subcommittee structure.
> 
> 
> 
> On Thu, Sep 13, 2018 at 3:49 PM Ryan Sleevi via Public <public@cabforum.org 
> <mailto:public@cabforum.org> <mailto:public@cabforum.org 
> <mailto:public@cabforum.org>> > wrote:
> 
> I think that, without incorporating or responding to feedback, we will be 
> opposed to this ballot. I agree that it's unfortunate we have gotten nowhere 
> - but it's equally unfortunate to have spent two months without responding to 
> any of the substance of the issues. It's great to see progress, but making 
> small steps doesn't excuse leaving glaring issues. It's better to let these 
> fall down than to support them with fundamental flaws.
> 
> 
> 
> Concrete feedback is:
> 
> Delete: "These renewed NCSSR documents will serve CAs, auditors and browsers 
> in giving a state of the art set of rules for the deployment and operation of 
> CAs computing infrastructures."
> 
> Rationale: That presumes this output will be valid/valuable.
> 
> 
> 
> Delete: "The Subcommittee may choose its own initial Chair."
> 
> Rationale: Subcommittees don't have Chairs and votes. They're just meetings 
> of the CWG with focus.
> 
> 
> 
> Delete: "The Network Security Subcommittee shall produce one or more 
> documents offering options to the Forum for establishing minimal security 
> standards within the scope defined above, which may be used to modify the 
> existing NCSSRs."
> 
> Rationale: This is a pretty much a non-scope as worded, but worse, precludes 
> some of the very activities you want to do. For example, reforming existing 
> requirements doesn't establish minimums, so is out of scope.
> 
> 
> 
> Obviously, that leaves you with nothing left. Hopefully there's something 
> concrete you think should remain, and you can suggest improvements there.
> 
> 
> 
> 
> 
> 
> 
> On Thu, Sep 13, 2018 at 6:24 PM Kirk Hall <kirk.h...@entrustdatacard.com 
> <mailto:kirk.h...@entrustdatacard.com> <mailto:kirk.h...@entrustdatacard.com 
> <mailto:kirk.h...@entrustdatacard.com>> > wrote:
> 
> On this ballot and Ballot SC10, I?m only going to consider comments and 
> criticisms that propose specific alternate language that you will support.  
> We have spent two months on creation of Subcommittees that simply continue 
> the work we have been doing., and getting nowhere.  Time to finish up!
> 
> 
> 
> Do you have specific alternate ballot language you want the Members to 
> consider?  If so, please post.
> 
> 
> 
> From: Ryan Sleevi [mailto:sle...@google.com <mailto:sle...@google.com> 
> <mailto:sle...@google.com <mailto:sle...@google.com>> ] 
> Sent: Thursday, September 13, 2018 2:55 PM
> To: Kirk Hall <kirk.h...@entrustdatacard.com 
> <mailto:kirk.h...@entrustdatacard.com> <mailto:kirk.h...@entrustdatacard.com 
> <mailto:kirk.h...@entrustdatacard.com>> >; CABFPub <public@cabforum.org 
> <mailto:public@cabforum.org> <mailto:public@cabforum.org 
> <mailto:public@cabforum.org>> >
> Subject: [EXTERNAL]Re: [cabfpub] Ballot SC10 ? Establishing the Network 
> Security Subcommittee of the SCWG
> 
> 
> 
> On Thu, Sep 13, 2018 at 5:25 PM Kirk Hall via Public <public@cabforum.org 
> <mailto:public@cabforum.org> <mailto:public@cabforum.org 
> <mailto:public@cabforum.org>> > wrote:
> 
> Scope: Revising and improving the Network and Certificate Systems Security 
> Requirements (NCSSRs). 
> 
> 
> Out of Scope: No provision.
> 
> Deliverables: The Network Security Subcommittee shall produce one or more 
> documents offering options to the Forum for establishing minimal security 
> standards within the scope defined above, which may be used to modify the 
> existing NCSSRs. These renewed NCSSR documents will serve CAs, auditors and 
> browsers in giving a state of the art set of rules for the deployment and 
> operation of CAs computing infrastructures.  The Subcommittee may choose its 
> own initial Chair.
> 
> 
> 
> Is this Deliverable correct? Is that scope correct? The previous WG produced 
> (only after significant prodding) a statement about 'options' - which was to 
> modifying the existing NCSSRs. It seems like we're talking now about concrete 
> recommendations for changes, and it seems more relevant to note what is in 
> scope or out of scope.
> 
> 
> 
> I disagree that the deliverable affirmatively stating "will serve CA, 
> auditors, and browsers".
> 
> 
> 
> However, there's other, more fundamental problems. Most notable is that 
> Subcommittees aren't established to have Chairs - the point of the rework of 
> the Bylaws was to make it clearer what activities are done and how they fit, 
> and a SCWG subcommittee is just that - a subgroup of the SCWG. The other is 
> that the SCWG does not yet have a defined process for the establishment of 
> subcommittees.
> 
> _______________________________________________
> Public mailing list
> Public@cabforum.org <mailto:Public@cabforum.org> <mailto:Public@cabforum.org 
> <mailto:Public@cabforum.org>> 
> https://cabforum.org/mailman/listinfo/public 
> <https://cabforum.org/mailman/listinfo/public>
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: 
> <http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.html
>  
> <http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.html>>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/pkcs7-signature
> Size: 4940 bytes
> Desc: not available
> URL: 
> <http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.p7s
>  
> <http://cabforum.org/pipermail/public/attachments/20180914/fe5fea4f/attachment.p7s>>
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> Public mailing list
> Public@cabforum.org <mailto:Public@cabforum.org>
> https://cabforum.org/mailman/listinfo/public 
> <https://cabforum.org/mailman/listinfo/public>
> 
> 
> ------------------------------
> 
> End of Public Digest, Vol 77, Issue 81
> **************************************
> 
>  
> 
> _______________________________________________
> Public mailing list
> Public@cabforum.org <mailto:Public@cabforum.org>
> https://cabforum.org/mailman/listinfo/public 
> <https://cabforum.org/mailman/listinfo/public>_______________________________________________
> Public mailing list
> Public@cabforum.org
> https://cabforum.org/mailman/listinfo/public

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public