On Fri, Jan 25, 2019 at 1:37 PM Wayne Thayer <[email protected]> wrote:
> I agree that we should exclude identity validation from the initial scope > of this working group. > > On Fri, Jan 25, 2019 at 10:04 AM Ryan Sleevi via Public < > [email protected]> wrote: > >> >> Finally, regarding membership criteria, I'm curious whether it's >> necessary to consider WebTrust for CAs / ETSI at all. For work like this, >> would it make sense to merely specify the requirements for a CA as one that >> is trusted for and actively issues S/MIME certificates that are accepted by >> a Certificate Consumer. This seems to be widely inclusive and can be >> iterated upon if/when improved criteria are developed, if appropriate. >> >> This would allow a CA that is not eligible for full Forum membership to > join this WG as a full member. How would that work? Would we require such > an organization to join the Forum as an Interested Party? If the idea is > that such an organization wouldn't be required to join the Forum, then I > don't believe that was anticipated or intended in the design of the current > structure. It's not clear to me that we should permit membership in a CWG > without Forum membership. For instance, allowing this may create loopholes > in the IPR obligations that are defined and administered at the Forum level. > Ah, drat, thanks for pointing that out, Wayne. You're right that the changes would need to be accompanied by changes the Forum-level bylaws membership, whether to be more explicit (e.g. government issuers w/ their own audit frameworks, as an example, such as the FPKI) or more implicitly inclusive as this proposed. Absent a Bylaw change, it sounds like the most such folks could achieve would be Interested Party in the CWG. Does that match your understanding?
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
