Suggested edits inline in CAPS, and questions in [square brackets]. I think Entrust would endorse. (I still think 15 months without an audit is a bit too short for suspending CAs… 15 months is the deadline, so…)
From: Public [mailto:[email protected]] On Behalf Of Gervase Markham via Public Sent: Monday, May 1, 2017 10:03 AM To: CABFPub <[email protected]> Cc: Gervase Markham <[email protected]> Subject: [EXTERNAL][cabfpub] Membership-related clarifications ballot draft (3) Here's an updated draft with the details around how suspension would work in practice, as requested. Would anyone care to endorse? Gerv Ballot XXX - Membership-related clarifications Purpose of Ballot: The CAB Forum Bylaws define membership criteria, but don't say what should happen when an existing member ceases to meet those criteria. This ballot is intended to fix this, for the avoidance of doubt and uncertainty. It also makes it clearer that proper recognition of currently-issued certificates by at least one browser member is a membership requirement, and adds the definition of "Affiliate" from the IPR policy. The following motion has been proposed by Gervase Markham of Mozilla and endorsed by XXX of XXX and XXX of XXX: -- MOTION BEGINS -- This motion changes the CAB Forum Bylaws. Section 1 Add a new section between 2.1 ("Qualifying for Forum Membership") and the following section, numbering the new section 2.2, and renumbering following sections appropriately. The new section shall read: 2.2 Ending Forum Membership Forum Members may resign from the Forum at any time. Resignation does not prevent a member potentially having continuing obligations, under the Forum's IPR Policy or any other document. (a) Browser: A Browser member's membership will automatically cease if any of the following become true: 1. it stops providing updates for its membership-qualifying software product; or 2. six months have elapsed since the last such published update. (b) Issuing CA or Root CA: An CA member's membership may be suspended if any of the following become true: 1. it fails to pass its membership-qualifying audit; [SHOULD WE SAY “ANY” MEMBERSHIP-QUALIFYING AUDIT, IN CASE WE ADD TO REQUIREMENTS IN THE FUTURE?] 2. its membership-qualifying audit is rescinded OR WITHDRAWN; [SAME QUESTION] 3. fifteen months have elapsed since the end of the Audit Period of its last successful membership-qualifying audit; 4. it stops issuing certificates to Web servers that are openly accessible from the Internet; or 5. it is no longer the case that its currently-issued certificates are treated as valid by at least one Browser member. Any Forum Member who believes one of the above circumstances is true of a CA Forum Member may report it on the Public Mail List. The Chair will then investigate, including asking the CA for an explanation or appropriate documentation. If evidence of continued qualification for membership is not forthcoming within FIVE working days, the Chair will announce that the member is suspended, such announcement to include the clause(s) from the above list under which the suspension has been made. [SHOULD WE GIVE THE CHAIR AUTHORITY TO EXTEND THE DEADLINE FOR REACHING A CONCLUSION IN CASE THERE IS DISPUTE AS TO THE ALLEGATIONS THAT A MEMBER NO LONGER QUALIFIES? THREE DAYS IS PRETTY SHORT.] A suspended CA Forum Member who believes it has now re-met the membership criteria under the relevant clauses shall post evidence to the Public Mail List. The Chair will examine the evidence and unsuspend the member, or not, by public announcement. A CA Forum Member's membership will automatically cease six months after it becomes suspended if it has not re-met the membership criteria by that time. [Should we include a dispute resolution process, such as “IF ANY MEMBER DISPUTES THE DECISION BY THE CHAIR, THE MATTER WILL BE PUT TO A VOTE OF THE MEMBERS WITH CAS AND BROWSERS VOTING AS A SINGLE CLASS.”?] VOTES BY A CA MEMBER PRIOR TO SUSPENSION WILL BE COUNTED AS VALID EVEN IF THE CA NO LONGER QUALIFIES TO BE A MEMBER AT THE TIME OF THE VOTE AND IS SUBJECT TO POSSIBLE SUSPENSION. While suspended, CAs may participate in meetings and on the Forum's discussion lists, but not take part in any form of voting. Section 2 Update both sections 2.1 (a) and (b) to insert words as follows: "actively issues certificates to Web servers that are openly accessible from the Internet, such certificates being treated as valid when using a browser created by a Browser member." Section 3 Update section 2.2 b) as follows: Only one vote per Member company shall be accepted; representatives of corporate affiliatesAffiliates shall not vote. Add to the Definitions section: Affiliate: an entity that directly or indirectly controls, is controlled by or is under common control with, a Member. Control for the purposes of this Agreement shall mean direct or indirect beneficial ownership of more than fifty percent of the voting stock, or decision-making authority in the event that there is no voting stock, in an entity. -- MOTION ENDS -- The procedure for approval of this Final Maintenance Guideline ballot is as follows: BALLOT XXX Status: Final Maintenance Guideline Start time (23:00 UTC) End time (23:00 UTC) Discussion (7 to 14 days) XXX XXX Vote for approval (7 days) XXX XXX If vote approves ballot: Review Period (Chair to send Review Notice) (30 days). If Exclusion Notice(s) filed, ballot approval is rescinded and PAG to be created. If no Exclusion Notices filed, ballot becomes effective at end of Review Period. Upon filing of Review Notice by Chair 30 days after filing of Review Notice by Chair From Bylaw 2.3: If the Draft Guideline Ballot is proposing a Final Maintenance Guideline, such ballot will include a redline or comparison showing the set of changes from the Final Guideline section(s) intended to become a Final Maintenance Guideline, and need not include a copy of the full set of guidelines. Such redline or comparison shall be made against the Final Guideline section(s) as they exist at the time a ballot is proposed, and need not take into consideration other ballots that may be proposed subsequently, except as provided in Bylaw Section 2.3(j). Votes must be cast by posting an on-list reply to this thread on the Public list. A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: https://cabforum.org/members/ In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is shown on CA/Browser Forum wiki. Under Bylaw 2.2(g), at least the required quorum number must participate in the ballot for the ballot to be valid, either by voting in favor, voting against, or abstaining.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
