The intent was that Forum level membership was the union of all CWG membership criteria. If you’re able to join a CWG, you’re a Forum member.
I think allowing in unaudited Certificate Issuers would be a huge step backwards. -Tim From: Public <[email protected]> On Behalf Of Wayne Thayer via Public Sent: Friday, January 25, 2019 2:06 PM To: Ryan Sleevi <[email protected]> Cc: CA/Browser Forum Public Discussion List <[email protected]> Subject: Re: [cabfpub] Draft SMIME Working Group Charter On Fri, Jan 25, 2019 at 11:45 AM Ryan Sleevi <[email protected] <mailto:[email protected]> > wrote: On Fri, Jan 25, 2019 at 1:37 PM Wayne Thayer <[email protected] <mailto:[email protected]> > wrote: I agree that we should exclude identity validation from the initial scope of this working group. On Fri, Jan 25, 2019 at 10:04 AM Ryan Sleevi via Public <[email protected] <mailto:[email protected]> > wrote: Finally, regarding membership criteria, I'm curious whether it's necessary to consider WebTrust for CAs / ETSI at all. For work like this, would it make sense to merely specify the requirements for a CA as one that is trusted for and actively issues S/MIME certificates that are accepted by a Certificate Consumer. This seems to be widely inclusive and can be iterated upon if/when improved criteria are developed, if appropriate. This would allow a CA that is not eligible for full Forum membership to join this WG as a full member. How would that work? Would we require such an organization to join the Forum as an Interested Party? If the idea is that such an organization wouldn't be required to join the Forum, then I don't believe that was anticipated or intended in the design of the current structure. It's not clear to me that we should permit membership in a CWG without Forum membership. For instance, allowing this may create loopholes in the IPR obligations that are defined and administered at the Forum level. Ah, drat, thanks for pointing that out, Wayne. You're right that the changes would need to be accompanied by changes the Forum-level bylaws membership, whether to be more explicit (e.g. government issuers w/ their own audit frameworks, as an example, such as the FPKI) or more implicitly inclusive as this proposed. Absent a Bylaw change, it sounds like the most such folks could achieve would be Interested Party in the CWG. Does that match your understanding? I'm not aware of anything that requires membership in a CWG to be at a level equivalent to that of the Forum, but I do think that is the intent of the bylaws. There may be no harm in having an Interested Party at the Forum level be a full member of a CWG, but I think it would be best for that to be clarified in the bylaws before creating a CWG with looser membership criteria than the Forum.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
