One of the companies that disagrees with you is Google.

 

-Tim

 

From: Ryan Sleevi [mailto:sle...@google.com] 
Sent: Thursday, May 17, 2018 8:53 PM
To: Tim Hollebeek <tim.holleb...@digicert.com>
Cc: CA/Browser Forum Public Discussion List <public@cabforum.org>
Subject: Re: [cabfpub] For Discussion: S/MIME Working Group Charter

 

 

 

On Thu, May 17, 2018 at 8:12 PM, Tim Hollebeek <tim.holleb...@digicert.com 
<mailto:tim.holleb...@digicert.com> > wrote:

I agree that “web-based mail” may be problematic.  That’s why I went with 
S/MIME.  I was just throwing it out there, because of the popularity of things 
like, say, GMail :)

 

While this doesn't really answer the question in a way that helps further the 
discussion, it sounds like we're in agreement that the answer is no, "web-based 
mail" has no place in the charter because it's a concept without any defined 
relation to any of the rest of the proposed charter. These were the sort of 
things I was raising as concerns in rushed proposals of charters - and is 
exactly why these sorts of thing take time.

 

Also, the S/MIME EV Guidelines may be identical to the Web EV guidelines.  Or 
they may be better.  Or they may be worse.  It’s up to the WG.

 

The same is true of the NCSSRs.  It will be up to the WG what version of the 
NCSSRs they want to enforce, and if they want to add or subtract requirements.  
I think there will probably be a NCSSR WG that hasn’t been chartered yet.  
Various CA/Wildcard WGs can adopt and/or modify the NCSSRs as they see fit.

 

As mentioned, then, I think this is problematic as a starting point for a 
charter.

 

A good charter - and a good WG - starts with a narrow and defined scope for a 
problem that can build momentum, interest, and most importantly, results. It 
can then look for improvements and ways to explore. Importantly, this also 
helps keep the scope of IP risk - which we know a number of members are 
sensitive to. A narrowly defined charter is mindful of folks' time and effort - 
it ensures that discussions don't rathole on side-topics when there's 
meaningful work to be done.

 

Obviously, I have concerns with the very fundamental idea of EVG for S/MIME, 
but I think those concerns are orthogonal to a more reasonable goal that seeks 
to bring stakeholders to the table. I can understand that CAs may prefer broad 
scopes, but I again implore you to focus on the narrowly-defined, widely-agreed 
problem of the need for S/MIME BRs, to ensure that any such chair actually 
keeps discussion focused on that topic, and to demonstrate that CAs can bring 
valuable contributions to the table by focusing on solving real and immediate 
pressing problems, as the BRs could, without promoting pet projects.

 

I can say that these are real challenges to consider in supporting, in that an 
overly broad charter - as proposed - suggests that the actual production and 
discussion of a meaningful first effort at BRs can and will be derailed by 
unrelated and unnecessary side topics.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Reply via email to