Re: [cabfpub] [EXTERNAL]Re: cabfpub] Bylaws: Add Forum Subcommittees

[Kirk Hall via Public]

I’m not trying to be difficult, but I’m not sure there will always be agreement 
on how to interpret the phrase “the Forum shall not engage in activities that 
carry a significant risk of introducing encumbered intellectual property”.  
Clearly working on the development or amendment of Guidelines should be 
blocked.  Can you give examples of “activities that carry a significant risk of 
introducing encumbered intellectual property” that don’t involve Guidelines?  I 
can’t think if any – the IRPA only addresses Guidelines.

I would hate to adopt a phrase like that if it resulted in fights on what 
non-Guidelines topics could be discussed at the Forum level.

From: Wayne Thayer [mailto:wtha...@mozilla.com]
Sent: Wednesday, February 6, 2019 2:40 PM
To: Kirk Hall 
Cc: CA/Browser Forum Public Discussion List 
Subject: [EXTERNAL]Re: cabfpub] Bylaws: Add Forum Subcommittees

WARNING: This email originated outside of Entrust Datacard.
DO NOT CLICK links or attachments unless you trust the sender and know the 
content is safe.

Kirk - I agree with your arguments that my proposed language is too broad but I 
also think that yours is a bit too narrow. How about:

“Due to the lack of IPR protection, Subcommittees of the Forum shall not engage 
in activities that carry a significant risk of introducing encumbered 
intellectual property, such as the development or amendment of Guidelines.”

- Wayne

On Thu, Jan 24, 2019 at 11:25 AM Kirk Hall 
mailto:kirk.h...@entrustdatacard.com>> wrote:
Wayne – as I said on the call, I think the restriction should be narrower.  
Something like “In order to avoid coming within the scope of the IPR Agreement 
, the Forum and its Subcommittees shall not engage in the development or 
amendment of Guidelines.”

The draft language you have below is almost impossible to apply – “any activity 
that could result in a claim infringement of a Member's Intellectual Property”. 
 If we discuss a draft Charter at the Forum level for creation of a new 
Anti-Gravity Certificate Working Group and we want to fine-tune the WG’s scope, 
we will certainly be discussing technical issues.  How can we possibly know 
whether or not our discussion “could result in a claim infringement of a 
Member's Intellectual Property”?  I have no idea what Intellectual Property the 
other Members have.

As another example, the Infrastructure WG may forward a proposal to the Forum 
for how we do our wiki, emails, etc., and ask for comments.  I’m sure that 
several Members have IP relating to wikis, servers, email systems, etc.  If we 
discuss the WG proposal at the Forum level, would that be an “activity that 
could result in a claim infringement of a Member's Intellectual Property”?  No, 
because the Forum will not be drafting Guidelines, and is not a WG.

We need to keep focused on the language of the IPRA and what it covers – which 
is only development of Guidelines at the WG level.  So long as the Forum (and 
its subcommittees) stays away from that, we should be good.

From: Public 
[mailto:public-boun...@cabforum.org] On 
Behalf Of Wayne Thayer via Public
Sent: Thursday, January 24, 2019 9:38 AM
To: CA/Browser Forum Public Discussion List 
mailto:public@cabforum.org>>
Subject: [EXTERNAL][cabfpub] Bylaws: Add Forum Subcommittees

On today's call, we discussed the addition of the following section to the 
Bylaws:
5.6Subcommittees
The Forum may establish subcommittees of the Forum by ballot to address any of 
the Forum’s business as specified in the ballot. Subcommittees are open to all 
Forum Members. A Forum Subcommittee may work on and recommend Forum ballots, 
complete delegated Forum functions, or issue reports to the Forum that are 
within the subcommittee’s jurisdiction. Subcommittees must post all agendas and 
minutes on a public mail list.

Ryan proposed the addition of explicit language regarding IPR. Something like:

Subcommittees of the Forum shall not engage in any activity that could result 
in a claim infringement of a Member's Intellectual Property. Such activities 
include the discussion or creation of Guidelines or similar standards-setting 
documents.

Comments?

Thanks,

Wayne
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Re: [cabfpub] Bylaws: Update Membership Criteria (section 2.1)

[Ryan Sleevi via Public]

On Fri, Feb 8, 2019 at 3:24 PM Dimitris Zacharopoulos (HARICA) <
dzach...@harica.gr> wrote:

> In any case, since this seems to be a controversial matter, I will
> create a new thread in the Server Certificate Working Group public list
> and remove the additional requirements for WebTrust. I hope you are ok
> with the additional criteria for the third option (equivalent audits
> like Government CAs). If not, I can remove that option also.
>

I'm not opposed to it, I think it merely requires clarity, since we don't
(and there isn't) a very clear definition about Government CAs. We've had
that discussion in the case of Protiviti (which participates in the
discussions on behalf of FPKI) and in cases such as, if I recall correctly,
Hong Kong Post CA. This is, admittedly, an issue with the existing BRs, but
for which the matter is (presently) resolved by Root Store members applying
their own interpretation and/or requirements regarding Section 8.4 of the
BRs.

As a concrete example relevant for those European members, given that the
status of being recognized as Qualified is not fundamentally linked to the
possession of an EN 319 411-1/-2 audit, as I understand it, would a CA that
was qualified, but lacking an EN 319 411-1/-2 audit, constitute a
Government CA by virtue of the eIDAS Regulation (EU) 910/2014 being a
European Regulation?

I suspect that the matter could be resolved by clarifying that CAs which
participate in and provide audit for schemes that meet the existing
criteria (a) and (b) (combining them) from that Section 8.4 of the BRs,
bullet 3, and for which the scheme is required by or established "any
jurisdiction in which the CA operates or issues certificates" (using the
language from 9.16.3), we can avoid the phrase "Government CA" entirely.

Putting that all together:

If the CA is required to use a different audit scheme by any jurisdiction
in which the CA operates or issues certificates, it MAY use such scheme
provided that the audit scheme criteria are available for public and review
and either (a) encompasses all requirements of one of the above schemes or
(b) consists of comparable criteria.
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Re: [cabfpub] Bylaws: Update Membership Criteria (section 2.1)

[Dimitris Zacharopoulos (HARICA) via Public]

Thank you for reminding us these past discussions, they are indeed very 
helpful.


One observation is that these were discussions about Forum membership 
requirements when the Forum was considering other types of digital 
certificates and not just SSL/TLS, before the new governance established 
by ballot 206. The server certificate working group is currently focused 
on SSL/TLS Certificates and candidate members with experience in SSL/TLS 
certificates can prove that with a BR-compliant audit report (not 
necessarily a "successful" or "clean" audit). I believe there is 
consensus for not requiring a clean audit.


I am still uncertain about other Members' opinion. If the Server 
Certificate Working Group wants more relaxed criteria for Membership 
(like they are today), I would appreciate members to indicate their 
preference.


In any case, since this seems to be a controversial matter, I will 
create a new thread in the Server Certificate Working Group public list 
and remove the additional requirements for WebTrust. I hope you are ok 
with the additional criteria for the third option (equivalent audits 
like Government CAs). If not, I can remove that option also.



Thanks,
Dimitris.

On 8/2/2019 8:50 μ.μ., Ryan Sleevi wrote:

Here's some references for some of the past discussions:

You can search for the discussion around Ballot 149, in which Kirk had 
proposed changes similar to what you're doing now. There's quite a bit 
of discussion on that from various bits, but I suspect 
https://cabforum.org/pipermail/public/2015-May/005620.html probably 
captures it. This was a continuation of a discussion from earlier - 
see https://cabforum.org/pipermail/public/2015-March/005375.html - 
which itself was a continuation of the discussion from Cupertino in 
Meeting 34 - 
https://cabforum.org/2015/03/11/2015-03-11-minutes-of-cupertino-f2f-meeting-34/


If there's concerns that we haven't captured those objections enough, 
I'm sure we can make sure minutes going forward capture controversial 
topics more thoroughly.


My search focused on discussions on our public list; searching our 
governance reform list is a bit trickier, but this was something we 
similarly discussed when revising the Bylaws to our current form, and 
the same concerns and objections were shared in the discussion of the 
draft SCWG charter. Let me know if the above isn't sufficient.


We know that there will be direct harm - by promoting more exclusion - 
by requiring the SSL BRs w/ Net Sec. While it's true that ETSI has 
incorporated them directly, were ETSI to provide a similar broad 
profile, I suspect there would be support for *reducing* the current 
ETSI requirements. Given how ETSI functions, I suspect that 'reducing' 
is accomplished by adding yet another criteria, since unlike WebTrust, 
you don't mix and match the same, but the end result would be to 
increase opportunities for participation.


There's very little benefit to increasing membership requirements. The 
main benefits seem to be logistical, rather than practical - 
increasing requirements can exclude more members and thus make it 
cheaper or easier to host or organize meetings. However, given the 
harm that can be caused by that, it does not seem useful - members who 
are affected by the requirements cannot contribute effectively to them.


Consider, for example, if the only way to contribute to the EVGLs was 
to have an EVGL audit. Imagine how difficult it would be to correct 
any criteria that prevented a CA from getting an EVGL audit, such as 
the discussion we saw related to E insurance/liability limits, as 
raised by our Asian CA members. Today, they could propose suggestions 
by virtue of the open membership; in a world where only entities with 
the audits could participate in the discussions, there would be no way 
to resolve that or push for change, short of hoping someone 'takes 
pity' and does it themselves.


From our perspective; the Forum's strength is not its production of 
Guidelines themselves, but in providing a venue to gather feedback 
about proposed changes in a way that does not create conflicting 
requirements between Root Stores. The Guidelines do not and have never 
represented 'best' practice - just a common baseline. As we've shifted 
to a WG model, that same logic extends to WGs - the greatest value in 
the Forum is through having diverse views represented and gathering 
feedback about potentially conflicting requirements, to try and find 
solutions for those conflicts. From our early involvement in the first 
governance reform - that lead to the creation of the public lists - to 
our effort to provide opportunity to gather and share public feedback 
via the questions@ list, we've valued increased participation and 
transparency. The Validation Summit effort in Herndon was, in many 
ways, a high point in the Forum's opportunity for participation. We 
should be pushing for greater involvement - as we've seen through the 
participation of 

Re: [cabfpub] Bylaws: Update Membership Criteria (section 2.1)

[Ryan Sleevi via Public]

Here's some references for some of the past discussions:

You can search for the discussion around Ballot 149, in which Kirk had
proposed changes similar to what you're doing now. There's quite a bit of
discussion on that from various bits, but I suspect
https://cabforum.org/pipermail/public/2015-May/005620.html probably
captures it. This was a continuation of a discussion from earlier - see
https://cabforum.org/pipermail/public/2015-March/005375.html - which itself
was a continuation of the discussion from Cupertino in Meeting 34 -
https://cabforum.org/2015/03/11/2015-03-11-minutes-of-cupertino-f2f-meeting-34/

If there's concerns that we haven't captured those objections enough, I'm
sure we can make sure minutes going forward capture controversial topics
more thoroughly.

My search focused on discussions on our public list; searching our
governance reform list is a bit trickier, but this was something we
similarly discussed when revising the Bylaws to our current form, and the
same concerns and objections were shared in the discussion of the draft
SCWG charter. Let me know if the above isn't sufficient.

We know that there will be direct harm - by promoting more exclusion - by
requiring the SSL BRs w/ Net Sec. While it's true that ETSI has
incorporated them directly, were ETSI to provide a similar broad profile, I
suspect there would be support for *reducing* the current ETSI
requirements. Given how ETSI functions, I suspect that 'reducing' is
accomplished by adding yet another criteria, since unlike WebTrust, you
don't mix and match the same, but the end result would be to increase
opportunities for participation.

There's very little benefit to increasing membership requirements. The main
benefits seem to be logistical, rather than practical - increasing
requirements can exclude more members and thus make it cheaper or easier to
host or organize meetings. However, given the harm that can be caused by
that, it does not seem useful - members who are affected by the
requirements cannot contribute effectively to them.

Consider, for example, if the only way to contribute to the EVGLs was to
have an EVGL audit. Imagine how difficult it would be to correct any
criteria that prevented a CA from getting an EVGL audit, such as the
discussion we saw related to E insurance/liability limits, as raised by
our Asian CA members. Today, they could propose suggestions by virtue of
the open membership; in a world where only entities with the audits could
participate in the discussions, there would be no way to resolve that or
push for change, short of hoping someone 'takes pity' and does it
themselves.

>From our perspective; the Forum's strength is not its production of
Guidelines themselves, but in providing a venue to gather feedback about
proposed changes in a way that does not create conflicting requirements
between Root Stores. The Guidelines do not and have never represented
'best' practice - just a common baseline. As we've shifted to a WG model,
that same logic extends to WGs - the greatest value in the Forum is through
having diverse views represented and gathering feedback about potentially
conflicting requirements, to try and find solutions for those conflicts.
>From our early involvement in the first governance reform - that lead to
the creation of the public lists - to our effort to provide opportunity to
gather and share public feedback via the questions@ list, we've valued
increased participation and transparency. The Validation Summit effort in
Herndon was, in many ways, a high point in the Forum's opportunity for
participation. We should be pushing for greater involvement - as we've seen
through the participation of Cisco, for example - than adding barriers that
would limit it.
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

[cabfpub] Draft F2F Agenda for Cupertino meeting

[Dimitris Zacharopoulos (HARICA) via Public]

This is a *TENTATIVE/DRAFT Agenda* for F2F 46. Please propose updates 
and new topics.


Day 1 seems to be overloaded but if there are no new topics for 
discussion, we can move some of them to day 2.



Dimitris.


   Tuesday, 12 March 2019 - Infra WG and Subcommittee Meetings

Start



Stop



Slot



Description



Discussion Leader / Notes

8:30



9:00






Check-in, badging, get situated in room




9:00



9:15



1



Welcome, Preliminary Matters, Meeting Recordings, Photo Policy, 
Logistics, Antitrust Statement, Code of Conduct




Curt, Dimitris

9:15



10:15



2



Forum Infrastructure Working Group meeting



Jos

10:15



10:30






Break




10:30



11:30



3



Forum Bylaws and CWG Charter discussion



Dimitris, Dean, Wayne

11:30



12:30



4



Network Security Subcommittee



Ben

12:30



13:00






Lunch




13:00



17:00



5



Validation Subcommittee - with breaks



Tim, Wayne

17:00









Adjourn for the Day




*Dinner on your own or informal groups*


   Wednesday, 13 March 2019 - Plenary Meeting (Day 1)

Start



Stop



Slot



Description



Discussion Leader / Notes

8:30



9:00






Register / Conference pass distribution / Snacks







9:00






*Call to Order and Welcome - CA/Browser Forum Plenary Meeting*




9:00



9:14






Welcome, Recap of Preliminary Matters, Meeting Recordings, Photo Policy, 
Logistics, Antitrust Statement, Code of Conduct, Assign Minute Taking




Curt, Dimitris

9:14



9:15



1



Approval of CABF Minutes from )



Dimitris

9:15



9:30



2



Report from Forum Infrastructure Working Group



Jos

9:30



9:50



3



Report on Bylaws, SCWG Charter Issues



Dimitris, Dean, Wayne

9:50



10:00



4



Creation of additional Working Groups - Code Signing



Ben, Bruce, others??

10:00



10:30



5



Creation of additional Working Groups - Secure Mail



Ben, Bruce, others??

10:30



10:45






Break




10:45



11:15



6



CA/B Forum Issues to be addressed



Dimitris, Dean, Wayne




11:15






Adjourn CA/Browser Plenary Meeting



Dimitris




11:15






*Call to Order - Server Certificate Working Group Plenary Meeting*



Dimitris

11:15



11:19






Antitrust Statement, Assign Minute Taking



Dimitris

11:19



11:20



7



Approval of SCWG Minutes from XXX



Dimitris

11:20



11:30



8



Procedures for ballots and guideline updates



Dimitris, Wayne

11:30



11:35



9



Opera Root Program Update



Tomasz

11:35



11:50



10



Mozilla Root Program Update



Wayne

11:50



12:05



11



Microsoft Root Program Update



Mike

12:05



12:50






Lunch




12:50



13:20



12



Google Safe Browsing



Speaker: Cy Khormaee, Google

13:20



13:35



13



Google Root Program Update



Ryan

13:35



13:45



14



Cisco Systems Root Program Update



J.P.

13:45



14:00



15



Apple Root Program Update



Geoff

14:00



14:15



16



360 Root Program Update



Iñigo

14:15



14:30



17



ETSI Update



Arno

14:30



14:45



18



Acab'c Update



Clemens

14:45



15:00






Break




15:00



15:30



19



WebTrust Update



Jeff, Don

15:30



16:00



20



WebTrust  for RAs



Tim H.

16:00



16:30



21



Report from SCWG Validation Subcommittee



Tim H.

16:30



16:50



22



-




16:50



17:00






Announcements, Evening Social Event



Curt, Dimitris




17:00






Adjourn and take *Group Photo*




Evening: *Group Social Event*


   Thursday, 14 March 2019 - Plenary Meeting (Day 2)

Start



Stop



Slot

   

Re: [cabfpub] Bylaws: Update Membership Criteria (section 2.1)

[Ryan Sleevi via Public]

On Fri, Feb 8, 2019 at 12:42 PM Dimitris Zacharopoulos (HARICA) <
dzach...@harica.gr> wrote:

>
>
> On 8/2/2019 6:34 μ.μ., Ryan Sleevi wrote:
>
>
>
> On Fri, Feb 8, 2019 at 3:19 AM Dimitris Zacharopoulos (HARICA) via Public <
> public@cabforum.org> wrote:
>
>>
>> I made the following updates in addition to Wayne's:
>>
>>- Added a process for Interested Party application to CWGs as it
>>seemed to be missing from the Bylaws. The only reference we currently have
>>is on the web site (https://cabforum.org/email-lists/).
>>- For the Server Certificate Working Group membership criteria, I
>>tried to align with section 8.4 of the BRs.
>>
>> I'm hoping this is unintentional, but this is not a good change. This has
> been discussed repeatedly in the Forum, and moving to a more restrictive
> policy for membership in the charter has been regularly rejected.
>
>
> I don't recall Members being against it for membership criteria, because
> it was discussed in the past without objections. This was for consistency
> with ETSI because ETSI EN 319 411-1 includes the baseline requirements and
> network security guidelines where WebTrust for CAs does not. This change
> better aligns the two schemes and was discussed in ballot 223
> .
> Do other Members have similar concerns with this issue? I would appreciate
> it if others can also state their objection and concerns with this change.
>

I'll dig up the multiple past discussions of concerns.


> My hope is that, as proposer of those changes on the doc, you can go
> through and reject them or update them to ensure that our current approach
> for the SCWG remains as is.
>
>
> Can you explain why there should be a difference between the Baseline
> Requirements section 8.4 and the server certificate working group
> membership criteria? Since these are accepted in the BRs, it makes sense to
> me to also be updated in the Membership criteria for the Server Certificate
> Working Group.
>

I'll dig up the multiple past discussions of concerns.
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Re: [cabfpub] Bylaws: Update Membership Criteria (section 2.1)

[Dimitris Zacharopoulos (HARICA) via Public]

On 8/2/2019 6:34 μ.μ., Ryan Sleevi wrote:



On Fri, Feb 8, 2019 at 3:19 AM Dimitris Zacharopoulos (HARICA) via 
Public mailto:public@cabforum.org>> wrote:



I made the following updates in addition to Wayne's:

  * Added a process for Interested Party application to CWGs as it
seemed to be missing from the Bylaws. The only reference we
currently have is on the web site
(https://cabforum.org/email-lists/).
  * For the Server Certificate Working Group membership criteria,
I tried to align with section 8.4 of the BRs.

I'm hoping this is unintentional, but this is not a good change. This 
has been discussed repeatedly in the Forum, and moving to a more 
restrictive policy for membership in the charter has been regularly 
rejected.


I don't recall Members being against it for membership criteria, because 
it was discussed in the past without objections. This was for 
consistency with ETSI because ETSI EN 319 411-1 includes the baseline 
requirements and network security guidelines where WebTrust for CAs does 
not. This change better aligns the two schemes and was discussed in 
ballot 223 
. 
Do other Members have similar concerns with this issue? I would 
appreciate it if others can also state their objection and concerns with 
this change.




My hope is that, as proposer of those changes on the doc, you can go 
through and reject them or update them to ensure that our current 
approach for the SCWG remains as is.


Can you explain why there should be a difference between the Baseline 
Requirements section 8.4 and the server certificate working group 
membership criteria? Since these are accepted in the BRs, it makes sense 
to me to also be updated in the Membership criteria for the Server 
Certificate Working Group.





  * On the last call, we also agreed to add sample Membership
criteria to the new Working Group Charter section. I added a
simplified version of criteria based on section 8.4 of the
BRs, including Government internal audit schemes that might
also be acceptable for the S/MIME Working Group.

The problem with lifting this text, as is, is that it relies on 
definitions from the BRs not present within charters. For example, the 
interchangability of "Government CA" / "Government Certificate Issuer" 
are in no way defined.


The same applies to Qualified Auditor but it has not been a problem. 
Would you like to propose an improvement that addresses this issue? 
Would the use of "Government CA" be clearer for people to understand 
what we mean? I left it because it could be useful for the S/MIME 
charter discussion. It certainly looks better to me than the current 
language that only accepts ETSI and WebTrust.



  * Following the example of moving the membership criteria to the
CWG Charters, I moved the "end membership" section to the
Server Certificate Working Group Charter AND the template for
new WG Charters. I believe that there was agreement that each
Working Group should determine their own rules for ending
Working Group membership, similar to determining the criteria
for joining a working group.

Similarly, the prospects of ending membership are not well-aligned 
with a generic charter.


It's a proposed language, members that draft charters can use this 
particular template language or not. The same applies for Membership 
criteria. Improvements are always welcome.


Dimitris.
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Re: [cabfpub] Bylaws: Update Membership Criteria (section 2.1)

[Ryan Sleevi via Public]

On Fri, Feb 8, 2019 at 3:19 AM Dimitris Zacharopoulos (HARICA) via Public <
public@cabforum.org> wrote:

>
> I made the following updates in addition to Wayne's:
>
>- Added a process for Interested Party application to CWGs as it
>seemed to be missing from the Bylaws. The only reference we currently have
>is on the web site (https://cabforum.org/email-lists/).
>- For the Server Certificate Working Group membership criteria, I
>tried to align with section 8.4 of the BRs.
>
> I'm hoping this is unintentional, but this is not a good change. This has
been discussed repeatedly in the Forum, and moving to a more restrictive
policy for membership in the charter has been regularly rejected.

My hope is that, as proposer of those changes on the doc, you can go
through and reject them or update them to ensure that our current approach
for the SCWG remains as is.


>- On the last call, we also agreed to add sample Membership criteria
>to the new Working Group Charter section. I added a simplified version of
>criteria based on section 8.4 of the BRs, including Government internal
>audit schemes that might also be acceptable for the S/MIME Working Group.
>
> The problem with lifting this text, as is, is that it relies on
definitions from the BRs not present within charters. For example, the
interchangability of "Government CA" / "Government Certificate Issuer" are
in no way defined.

>
>- Following the example of moving the membership criteria to the CWG
>Charters, I moved the "end membership" section to the Server Certificate
>Working Group Charter AND the template for new WG Charters. I believe that
>there was agreement that each Working Group should determine their own
>rules for ending Working Group membership, similar to determining the
>criteria for joining a working group.
>
> Similarly, the prospects of ending membership are not well-aligned with a
generic charter.
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Re: [cabfpub] Bylaws: Update Membership Criteria (section 2.1)

[Dimitris Zacharopoulos (HARICA) via Public]

I made the following updates in addition to Wayne's:

 * Added a process for Interested Party application to CWGs as it
   seemed to be missing from the Bylaws. The only reference we
   currently have is on the web site (https://cabforum.org/email-lists/).
 * For the Server Certificate Working Group membership criteria, I
   tried to align with section 8.4 of the BRs.
 * On the last call, we also agreed to add sample Membership criteria
   to the new Working Group Charter section. I added a simplified
   version of criteria based on section 8.4 of the BRs, including
   Government internal audit schemes that might also be acceptable for
   the S/MIME Working Group.
 * Following the example of moving the membership criteria to the CWG
   Charters, I moved the "end membership" section to the Server
   Certificate Working Group Charter AND the template for new WG
   Charters. I believe that there was agreement that each Working Group
   should determine their own rules for ending Working Group
   membership, similar to determining the criteria for joining a
   working group.

I hope you will find these changes acceptable and of course please send 
any comments on these additional changes.


Dimitris.


On 8/2/2019 12:51 π.μ., Wayne Thayer via Public wrote:
On today's call we discussed an alternative approach to updating 
Bylaws section 2.1: change the Forum level membership requirement to:


CWG Members are automatically granted Forum membership.

Then ensure that all CWG charters specify appropriate membership 
criteria. This approach has some advantages:
* Each CWG can tailor membership requirements to their scope without 
worrying about conflicting with Forum requirements
* Eliminates the Forum application process that currently requires 
Applicants to submit the same information to both the SCWG and the Forum

* Clarifies the intent that CWG members must be Forum members as well

I have drafted these changes in the document at the link I sent out on 
the Management list earlier today:
* Replaced all of the membership language in section 2.1 with the 
statement above
* Added requirements in section 5.3.1 for CWGs to specify membership 
criteria for each supported category of membership that is defined in 
the Bylaws (Certificate Issuer, Certificate Consumer, Associate 
Member, Interested Party)

* Added section 3 on Membership to the CWG Charter template in Exhibit C
* Added the current SCWG Charter to the end of the doc and moved the 
membership criteria from the Bylaws (with most proposed changes that 
were discussed earlier in this thread) into this new version of the 
SCWG Charter


I also experimented with moving Bylaws section 2.2 "Ending Forum 
Membership" to the SCWG Charter, but I don't think that's necessary.


I would appreciate everyone's review and comments on these changes.

If we go ahead with this, I suspect that there are other changes we 
should make to the SCWG Charter - feel free to add your suggestions to 
the doc.


Thanks,

Wayne

___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public


___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public