Thanks for your insights, Roman. I'm not yet convinced that the attendance approach would not be effective. Nevertheless, here are some other potential alternatives to discuss:
1 - require that a Certificate Consumer have a certain size userbase, or alternatively, that they be a Root Store member of the Common CA Database <https://www.ccadb.org/rootstores/how>, or 2 - require that a Certificate Consumer pay a membership fee to the CA/Browser Forum. Does anyone have any other ideas, proposals, or suggestions that we can discuss? The approaches listed above would be in addition to the following other requirements already proposed: The Certificate Consumer has public documentation stating that it requires Certification Authorities to comply with the CA/Browser Forum’s Baseline Requirements for the issuance and maintenance of TLS server certificates; its membership-qualifying software product uses a list of CA certificates to validate the chain of trust from a TLS certificate to a CA certificate in such list; and it publishes how it decides to add or remove a CA certificate from the root store used in its membership-qualifying software product. Thanks, Ben On Mon, Jul 24, 2023 at 10:48 PM Roman Fischer <roman.fisc...@swisssign.com> wrote: > Dear Ben, > > > > As stated before, I’m against minimal attendance (or even participation – > however you would measure that, numbers of words spoken or written?) > requirements. I’ve seen in university, in private associations, policitcs… > that this simply doesn’t solve the problem. I totally agree with Tim: It > will create administrative overhead and not solve the problem. > > > > IMHO non-particpants taking part in the democratic process (i.e. voting) > is just something we have to accept and factor in. It’s one end of the > extreme spectrum. There might be over-active participants that overwhelm > the group by pushing their own agenda… If we have minimum participation > requirements, then we maybe should also have maximum participation rules? > 😉 > > > > Rgds > Roman > > > > *From:* Servercert-wg <servercert-wg-boun...@cabforum.org> *On Behalf Of *Ben > Wilson via Servercert-wg > *Sent:* Montag, 24. Juli 2023 21:40 > *To:* Tim Hollebeek <tim.holleb...@digicert.com>; CA/B Forum Server > Certificate WG Public Discussion List <servercert-wg@cabforum.org> > *Subject:* Re: [Servercert-wg] Participation Proposal for Revised SCWG > Charter > > > > Tim, > > One problem we're trying to address is the potential for a great number of > “submarine voters”. Such members may remain inactive for extended periods > of time and then surface only to vote for or against something they > suddenly are urged to support or oppose, without being aware of the > issues. This will skew and damage the decision-making process. > > Another problem, that I don't think has been mentioned before, is the > reliability of the CA/Browser Forum to adopt well-informed standards going > forward. In other words, if something like I suggest happens, then I can > see Certificate Consumers leaving the Forum and unilaterally setting very > separate and distinct rules. This will result in fragmentation, > inconsistency, and much more management overhead for CAs than the effort > needed to keep track of attendance, which is already being done by the > Forum. (If you'd like, I can share with everyone the list of members who > have not voted or attended meetings in over two years.) > > Ben > > > > On Mon, Jul 24, 2023 at 11:41 AM Tim Hollebeek <tim.holleb...@digicert.com> > wrote: > > What is your argument in response to the point that any potential bad > actors will be trivially able to satisfy the participation metrics? > > > > I’m very worried we’ll end up doing a lot of management and tracking work, > without actually solving the problem. > > > > -Tim > > > > *From:* Ben Wilson <bwil...@mozilla.com> > *Sent:* Monday, July 24, 2023 10:21 AM > *To:* Ben Wilson <bwil...@mozilla.com>; CA/B Forum Server Certificate WG > Public Discussion List <servercert-wg@cabforum.org> > *Cc:* Tim Hollebeek <tim.holleb...@digicert.com> > *Subject:* Re: [Servercert-wg] Participation Proposal for Revised SCWG > Charter > > > > All, > > I have thought a lot about this, including various other formulas (e.g. > market share) to come up with something reasonable, but I've come back to > attendance as the key metric that we need to focus on. I just think that an > attendance metric provides the only workable, measurable, and sound > solution for determining the right to vote as a Certificate Consumer > because it offers the following three elements: > > - Informed Decision-Making: Voting requires a comprehensive > understanding of ongoing discussions and developments. Regular attendance > provides members with the necessary context and knowledge to make > well-informed decisions. > - Commitment: Attendance is a tangible and measurable representation > of a member's commitment to the Server Certificate WG and its objectives. > It demonstrates a genuine interest in contributing to the development and > improvement of the requirements. > - Active Involvement: By prioritizing attendance, we encourage active > involvement and discourage passive membership. Voting rights should be > earned through consistent engagement, as this ensures that decisions are > made by those who are genuinely invested in the outcomes. > > At this point, I'm going to re-draft a proposal for a revision to the > Server Certificate WG Charter and present it on the public list (because an > eventual revision of the Charter will have to take place at the Forum > level). > > Thanks, > > Ben > > > > On Thu, Jul 13, 2023 at 9:45 AM Ben Wilson via Servercert-wg < > servercert-wg@cabforum.org> wrote: > > Thanks, Tim. > > > > All, > > > > I will look closer at the distribution and use of software for browsing > the internet securely, instead of participation metrics. There is at least > one source, StatCounter (https://gs.statcounter.com/browser-market-share), > that purports to measure use of browsing software, both globally and > regionally. Would it be worthwhile to explore distribution by region and > come up with a reasonable threshold? Can we rely on StatCounter, or should > we look elsewhere? > > > > Thanks, > > > > Ben > > > > On Wed, Jul 12, 2023 at 9:30 AM Tim Hollebeek via Servercert-wg < > servercert-wg@cabforum.org> wrote: > > I have a meaningful comment. > > > > I don’t want to ever have to discuss or judge whether someone’s comment is > “meaningful” or not, and I don’t think incentivizing people to post more > comments than they otherwise would is helpful. > > > > I also think getting the chairs involved in any way in discussing whether > a member representative did or did not have a medical condition during a > particular time period is an extremely bad idea. > > > > Given that the original issue was trying to determine whether a > certificate consumer is in fact a legitimate player in the ecosystem or > not, I would suggest that exploring metrics like market share might be far > more useful. Metrics like participation are rather intrusive and onerous, > except to those who are trying to game them, and those trying to game such > metrics will succeed with little or no effort. > > > > -Tim > > > > *From:* Servercert-wg <servercert-wg-boun...@cabforum.org> *On Behalf Of > *Roman > Fischer via Servercert-wg > *Sent:* Wednesday, July 12, 2023 7:23 AM > *To:* CA/B Forum Server Certificate WG Public Discussion List < > servercert-wg@cabforum.org> > *Subject:* Re: [Servercert-wg] Participation Proposal for Revised SCWG > Charter > > > > Dear Ben, > > > > Mandatory participation has in my experience never resulted in more or > better discussions. People will dial into the telco and let it run in the > background to “earn the credits”. > > > > Also, what would happen after the 90 day suspension? Would the > organization be removed as a CA/B member? > > > > Rgds > Roman > > > > *From:* Servercert-wg <servercert-wg-boun...@cabforum.org> *On Behalf Of *Ben > Wilson via Servercert-wg > *Sent:* Freitag, 7. Juli 2023 21:59 > *To:* CA/B Forum Server Certificate WG Public Discussion List < > servercert-wg@cabforum.org> > *Subject:* [Servercert-wg] Participation Proposal for Revised SCWG Charter > > > > All, > > > > Here is a draft participation proposal for the SCWG to consider and > discuss for inclusion in a revised SCWG Charter. > > > > #. Participation Requirements to Maintain Voting Privileges > > > > (a) Attendance. The privilege to vote “Yes” or “No” on ballots is > suspended for 90 days if a Voting Member fails to meet the following > attendance requirement over any 365-day period: > > - 10% of SCWG meetings for Voting Members located in time zones offset > by UTC +5 through UTC +12 > - 30% of SCWG meetings for Voting Members located in all other time > zones > > (b) Meaningful Comments. Posting a Meaningful Comment is an alternative > means of meeting the attendance requirement in subsection (a). A Voting > Member can earn an attendance credit to make up for each missed meeting by > posting a Meaningful Comment to the SCWG Public Mail List. Each Meaningful > Comment is equal to attending one (1) meeting. > > > > A Meaningful Comment is one that follows the Code of Conduct and provides > relevant information to the SCWG, such as new information, an insight, > suggestion, or perspective related to the Scope of the SCWG, or that > proposes an improvement to the TLS Baseline Requirements or EV Guidelines. > It can also be something that responds to or builds on the comments of > others in a meaningful way, or that offers feedback, suggestions, or > solutions to the issues or challenges raised by the topic of discussion. > > > > A Meaningful Comment should be both relevant (within the Scope of the > SCWG or related to the discussion that is taking place on the mailing > list) and well-supported (clear reasons why the Voting Representative > believes what they believe and supported by facts, data, or other > information.) > > > > (c) A Voting Member that has failed to meet the attendance requirement in > subsection (a) above is considered an "Inactive Member". Any Member who > believes that any other Member is an Inactive Member may report that Member > on the Forum's Management List by providing specific information about that > Member's non-participation, and the SCWG Chair shall send written notice > to the Inactive Member by email within seven (7) calendar days. The notice > will include a reminder of the requirement to participate and inform the > Inactive Member of the consequences of not participating. > > > > (d) Suspension of Voting Privileges. The Inactive Member's privilege to > vote “Yes” or “No” on any ballot shall be temporarily suspended for a > period of 90 days from the date of the notice. During the suspension > period, the Inactive Member may vote “Abstain” on ballots. > > > > (e) Restoration of Voting Privilege. Voting privileges will be > automatically restored to the Inactive Member upon attending three > consecutive meetings. The restoration of voting privileges will be > effective on the next ballot that enters the voting period after the > Inactive Member meets the reactivation criteria. > > > > (f) Exceptional Circumstances. In cases where an Inactive Member can > demonstrate justifiable reasons for their inability to participate, such as > medical conditions or other extenuating circumstances affecting their > Voting Representative(s), the SCWG Chair may review and consider > reinstating voting privileges on a case-by-case basis. > > > > Thanks, > > > > Ben > > _______________________________________________ > Servercert-wg mailing list > Servercert-wg@cabforum.org > https://lists.cabforum.org/mailman/listinfo/servercert-wg > > _______________________________________________ > Servercert-wg mailing list > Servercert-wg@cabforum.org > https://lists.cabforum.org/mailman/listinfo/servercert-wg > >
_______________________________________________ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg