On 2020-02-06 9:25 μ.μ., Ryan Sleevi via Public wrote:
[...]
* Regarding membership, you also commented "There's also a
bootstrapping issue for membership, in that until we know who the
accepted Certificate Consumers are, no CA can join as a
Certificate Issuer. I'm curious whether it makes sense to
explicitly bootstrap this in the charter or how we'd like to
tackle this." I agree with this concern but is it something that
can be easily worked around by having Certificate Consumers such
as Microsoft and Mozilla become the first members of the WG?
Define "easily"? The membership definition is circular and intended to
protect CAs' interests, and that's a real problem. A Certificate
Consumer is one who accepts Certificate Issuers in the WG, meaning
that if a given Consumer moves to distrust a given issuer, such action
may result in their removal from the SMCWG, which would happen
automatically, while for CAs, they would merely be suspended.
Beyond that, as suggested, Microsoft and Mozilla cannot qualify as
Certificate Consumers without Certificate Issuers, and CAs cannot
qualify as Certificate Issuers without the existence of Certificate
Consumers. There's no way, valid to the Bylaws, for members to declare
their interest, because they can't meet the qualification, so it's
incorrect to suggest that this is a first-mover problem. This is a
bootstrap problem, similar to the audit, that was flagged in the past.
This was not raised as an issue when the code signing WG was created.
During the kick-off meeting, there was a Certificate Consumer present
and Certificate Issuers that were trusted by this Certificate Consumer.
So the WG was forged at that meeting without problems or concerns
raised. I can only assume we will do the same thing at the kick-off
meeting of the SMCWG.
Dimitris.
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
