Re: [cabfpub] Voting begins on Special Ballot Forum-15: Election of CA/Browser Forum Chair

[Tim Hollebeek via Public]

DigiCert votes YES on ballot Forum-15.

 

-Tim

 

From: Public  On Behalf Of Dimitris Zacharopoulos 
(HARICA) via Public
Sent: Monday, September 14, 2020 11:11 AM
To: CABforum1 
Subject: [cabfpub] Voting begins on Special Ballot Forum-15: Election of 
CA/Browser Forum Chair

 


Voting begins for Special Ballot Forum-15.

Dimitris.



On 2020-09-07 8:53 μ.μ., Dimitris Zacharopoulos (HARICA) wrote:

 


The following motion has been proposed by the CA/Browser Forum Chair Dimitris 
Zacharopoulos of HARICA.




Purpose of Ballot


This special ballot is to confirm the new Chair of the CA/Browser Forum. 

 

--- MOTION BEGINS ---


In accordance with Bylaw 4.1(c), Dean Coclin representing Digicert is hereby 
elected Chair of the CA/Browser Forum for a term commencing on November 1, 2020 
and continuing through October 31, 2022. 

 

--- MOTION ENDS ---

 

 

The procedure for approval of this ballot is as follows: 


Special Ballot Forum-15 - Election of CA/Browser Forum Chair

Start time 

End time 


Discussion (7 days) 

September 7, 2020 at 11:00 am Eastern Time

September 14, 2020 at 11:00 am Eastern Time


Vote for approval (7 days)  

September 14, 2020 at 11:00 am Eastern Time

September 21, 2020 at 11:00 am Eastern Time

 

 



smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Voting begins on Special Ballot Forum-15: Election of CA/Browser Forum Chair

[Jos Purvis (jopurvis) via Public]

Cisco votes YES on Ballot FORUM-15. 

 

 

-- 
Jos Purvis (jopur...@cisco.com)
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | Controls and Trust Verification

 

 

From: Public  on behalf of CA/B Forum Public List 

Reply-To: "Dimitris Zacharopoulos (HARICA)" , CA/B Forum 
Public List 
Date: Monday, September 14, 2020 at 11:12 AM
To: CA/B Forum Public List 
Subject: [cabfpub] Voting begins on Special Ballot Forum-15: Election of 
CA/Browser Forum Chair

 


Voting begins for Special Ballot Forum-15.

Dimitris.

On 2020-09-07 8:53 μ.μ., Dimitris Zacharopoulos (HARICA) wrote:


The following motion has been proposed by the CA/Browser Forum Chair Dimitris 
Zacharopoulos of HARICA.

Purpose of Ballot
This special ballot is to confirm the new Chair of the CA/Browser Forum. 

 

--- MOTION BEGINS ---


In accordance with Bylaw 4.1(c), Dean Coclin representing Digicert is hereby 
elected Chair of the CA/Browser Forum for a term commencing on November 1, 2020 
and continuing through October 31, 2022. 

--- MOTION ENDS ---

 

The procedure for approval of this ballot is as follows: 

Special Ballot Forum-15 - Election of CA/Browser Forum ChairStart time End time 
Discussion (7 days) September 7, 2020 at 11:00 am Eastern TimeSeptember 14, 
2020 at 11:00 am Eastern Time
Vote for approval (7 days)  September 14, 2020 at 11:00 am Eastern 
TimeSeptember 21, 2020 at 11:00 am Eastern Time

 






smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Voting begins on Special Ballot Forum-15: Election of CA/Browser Forum Chair

[Wojciech Trapczyński via Public]

Certum votes YES on ballot Forum-15.

W dniu 14.09.2020 o 17:11, Dimitris Zacharopoulos (HARICA) via Public pisze:


Voting begins for Special Ballot Forum-15.

Dimitris.


On 2020-09-07 8:53 μ.μ., Dimitris Zacharopoulos (HARICA) wrote:



The following motion has been proposed by the CA/Browser Forum Chair 
Dimitris Zacharopoulos of HARICA.



Purpose of Ballot

This special ballot is to confirm the new Chair of the CA/Browser Forum.


--- MOTION BEGINS ---


In accordance with Bylaw 4.1(c), *Dean Coclin* representing Digicert 
is hereby elected Chair of the CA/Browser Forum for a term commencing 
on November 1, 2020 and continuing through October 31, 2022.


--- MOTION ENDS ---


The procedure for approval of this ballot is as follows:

*Special Ballot Forum-15 - Election of CA/Browser Forum Chair*



*Start time*



*End time*

Discussion (7 days)
September 7, 2020 at 11:00 am Eastern Time


September 14, 2020 at 11:00 am Eastern Time

Vote for approval (7 days)


September 14, 2020 at 11:00 am Eastern Time



September 21, 2020 at 11:00 am Eastern Time





___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public






smime.p7s
Description: Kryptograficzna sygnatura S/MIME
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] [Servercert-wg] CANCEL Notice of Review Period – Ballot SC35

[Ryan Sleevi via Public]

On Wed, Sep 16, 2020 at 2:17 PM Dimitris Zacharopoulos (HARICA) <
dzach...@harica.gr> wrote:

>
>
> On 2020-09-16 8:52 μ.μ., Ryan Sleevi wrote:
> > I realize you've provided further context, but my hope is that by
> > laying out the fundamentally wrong assumptions above, which your
> > further replies build on, we can make progress here in understanding
> > why "Everyone already reviewed the Ballot, what's the harm" is a
> > deeply flawed assumption that permeates the subsequent decision making.
>
> Early in this thread, when you presented the example ballot A and B
> should not produce an IPR review of A + B because failure of either A or
> B would block the other, I agreed that the IPR reviews should be
> distinct. This solves the possible legal issue you described.
>
> The second issue is the creation of an aggregated or separate final
> guidelines which exploded the thread.
>

The two are coupled. You cannot separate these; the IP review is what
produces a Final Guideline. If you separate out for IP review, by
necessity, it separates out the publication of a Final Guideline.


> The logical assumption I make is that CAs, especially the ones outside
> the Forum, assuming they don't check the ballots, IPR Review and such,
> they should at least directly check and monitor when a new Final
> Maintenance Guideline is published. These CAs will either see three
> distinct Final Guidelines becoming effective on the same day [versions
> 1.2.1, 1.2.2 (including changes from 1.2.1) and 1.2.3 (including changes
> from 1.2.1 and 1.2.2)], or one aggregated version 1.2.1 that will
> include changes from all ballots that cleared IPR review.
>
> In my understanding these CAs are better served by bringing the
> aggregated final Guideline to their compliance/engineering department,
> rather than versions 1.2.1, 1.2.2 and 1.2.3. It doesn't make sense for
> me to create 1.2.1 and 1.2.2 since all the introduced changes will be in
> 1.2.3.
>

Put differently, it appears that you're stating the "expected" process if
CAs (whether member or not), should be individually checking each Ballot
and IP review, rather than the Final Guideline, in order to understand what
changes.

I'm saying that's an unreasonable (as practiced) and unfair (in what it
expects) assumption. If you recognize the benefit of understanding what was
in SC30 vs SC31, then it's not clear to me how you cannot recognize the
benefit of seeing that reflected in the Final Guideline.

The very point of creating 1.2.1 is to show what changed from 1.2.0, to
then create a 1.2.2 that showed what changed from 1.2.1. Your approach, of
creating an aggregate 1.2.3, does indeed show *everything* that changed
from 1.2.0, but that's the very problem in the first place! By showing a
series of aggregate Ballots, it destroys the very context that separate
Ballots are trying to preserve, of logically grouping related changes, to
make them easier to process and understand the systemic set of changes.

It appears you recognize that value, but you think it should only exist at
the Ballot level. Yet I'm trying to tell you that we have clear evidence
that it's not working.
It appears you recognize the value of distinction, from the IP review
process, so continuing that to the Final Guideline level produces no new
work; you reuse the exact same document you used for the IP review (by
design, of the IP review process)


> I realize that we are spending a disproportional amount of time debating
> on this, but I honestly can't see -yet- the "disastrous consequences"
> that this can create, and I am very curious to see why I can't see that.
>

Because you've specifically asked me to stop providing references to CA
compliance incidents. In particular, I've got a pattern of CAs, both
Members and non-Members of the Forum, having trouble adapting to changes,
for a variety of reasons. I am fundamentally opposed to anything that makes
it harder to understand the context and relevance of the changes.

You seemingly acknowledge the issue with the IP review, and I would say the
necessity of formation of a PAG would absolutely be disastrous for any
productivity, especially under aggregated changes.

I totally get that the crux of your argument is "Isn't it better for CAs to
be able to see everything that changed at once?", as if it makes it easier
to carefully review and implement changes. However, what we're consistently
seeing is CAs say "Oh, a bunch of stuff changed at once, so we overlooked
things" - and making it clearer, more digestible, to work through each
logical change is one of things to address that. I understand that there's
a "If you have to review each change, it makes it harder to see the big
picture", but that's not the ostensible argument for why you started this
(as I understand it), it was time-savings. And I understand you're saying
"CAs can (and implicitly, should) look at individual Ballots to understand
each of those contextual changes", and in an ideal world, that would be

Re: [cabfpub] [Servercert-wg] CANCEL Notice of Review Period – Ballot SC35

[Dimitris Zacharopoulos (HARICA) via Public]

On 2020-09-16 8:52 μ.μ., Ryan Sleevi wrote:
I realize you've provided further context, but my hope is that by 
laying out the fundamentally wrong assumptions above, which your 
further replies build on, we can make progress here in understanding 
why "Everyone already reviewed the Ballot, what's the harm" is a 
deeply flawed assumption that permeates the subsequent decision making.


Early in this thread, when you presented the example ballot A and B 
should not produce an IPR review of A + B because failure of either A or 
B would block the other, I agreed that the IPR reviews should be 
distinct. This solves the possible legal issue you described.


The second issue is the creation of an aggregated or separate final 
guidelines which exploded the thread.


The logical assumption I make is that CAs, especially the ones outside 
the Forum, assuming they don't check the ballots, IPR Review and such, 
they should at least directly check and monitor when a new Final 
Maintenance Guideline is published. These CAs will either see three 
distinct Final Guidelines becoming effective on the same day [versions 
1.2.1, 1.2.2 (including changes from 1.2.1) and 1.2.3 (including changes 
from 1.2.1 and 1.2.2)], or one aggregated version 1.2.1 that will 
include changes from all ballots that cleared IPR review.


In my understanding these CAs are better served by bringing the 
aggregated final Guideline to their compliance/engineering department, 
rather than versions 1.2.1, 1.2.2 and 1.2.3. It doesn't make sense for 
me to create 1.2.1 and 1.2.2 since all the introduced changes will be in 
1.2.3.


I realize that we are spending a disproportional amount of time debating 
on this, but I honestly can't see -yet- the "disastrous consequences" 
that this can create, and I am very curious to see why I can't see that. 
That's why I was hoping for Wayne or Dean to explain these risks in 
their own words, in case it makes more sense to them.


This is no longer an issue because as mentioned in my previous post, we 
will stop this practice as I don't have any strong feelings about either 
way, but I sincerely want to better understand and "see" these risks and 
problems with this practice.

___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] [Servercert-wg] CANCEL Notice of Review Period – Ballot SC35

[Ryan Sleevi via Public]

On Wed, Sep 16, 2020 at 1:30 PM Dimitris Zacharopoulos (HARICA) <
dzach...@harica.gr> wrote:

> You seem to be conflating my role, as Chair, with HARICA and how HARICA
> evaluates changes in ballots.
>

No, I'm trying to call out that you may be assuming that how HARICA
evaluates Ballots is how everyone evaluates Ballots. This is most obvious
in your follow-up, which is why I'm calling out the concern. How HARICA
does things should not necessarily influence how the Chair does things, and
that's the disconnect I'm trying to call out, because we have evidence that
it's not happening as described.


> I'd like to start off by clarifying that each Member (HARICA as one of the
> voting Members), reviews each ballot independently and votes after
> evaluating the changes of each individual ballots. When a ballot passes,
> this means that each Member must prepare for the changes to be effective as
> soon as the IPR period is over. This has nothing to do with having 2-3
> ballots being added in a single new version of the new Guideline, because
> the Member has already been aware of the upcoming changes because of the
> already voted ballot. This is my personal understanding of the situation,
> and I would even say that it's common sense.
>

There's several important flaws here in this assumption.

One, not every CA that makes use of the Baseline Requirements is a Member
of the Forum. So, at the outset, the process you describe doesn't apply to
them; they logically only see the final result.
Two, not every CA that participates as a Member of the Forum votes on the
Ballots, or even necessarily reviews. We've seen several CAs specifically
call out that the volume of activity in the Forum, versus their current
staffing availability, is often inadequate. As such, they only review the
final product, and otherwise abstain or don't participate in Ballots.
Three, everything you describe, in terms of individual Ballot review, is
precisely the property we're trying to make sure is preserved through the
IP review. The IP review, by aggregating, forces CAs that want to follow
the process you described to then go through the individual Ballots to
achieve the same end result.

At the core, the assumption here is that everyone is following at the time
of Balloting, and everyone knows how to obtain and review the individual
Ballots in isolation, from engineering, to compliance, to legal, but that's
not a fair assumption, and that's not how it's working out in practice.


> As the Chair, to the best of my ability I interpret the Bylaws, and with
> the help of the Vice Chairs (who have worked with me as officers for almost
> two years) I am ultimately responsible for producing the necessary
> documents and all other activities according to the Bylaws. Aggregating
> ballots to a single version of a Guideline is not prohibited, it has been
> used several times already, yet you found an opportunity to attack me
> personally and imply things for HARICA that are totally irrelevant with
> this issue.
>

I didn't imply things for HARICA. I pointed out how you're generalizing
HARICA's approach here and assuming it's the general workmode of everyone
affected by the Forum, while we have repeated evidence that this is not the
case. The most recent aggregation has lead to a compliance incident, for a
Member of the Forum, who voted on a Ballot. While that is just one example,
and we're still gathering details, an obvious systemic issue here is the
recent trend to aggregation makes it more difficult, and more work, for CAs
to ensure compliance, rather than less. The incredibly relevant context of
Ballots is lost through the aggregation.

As it applies to the legal risks that we spent two years trying to address,
it reintroduces the problems we've tried to address multiple times in the
Forum, from the introduction of the requirement to produce Final Guidelines
with Ballots, the shift to version-managed documents, and the adoption of
our updated Bylaws and IP policy. I wholly understand this was made in
good-faith as an attempt to reduce the time involved from being a Chair,
but it's had disastrous consequences, and leaves the door open for even
greater risks. It bears calling out precisely because we're seeing already
that the approach does not work. I started off by trying to understand the
problems you're trying to solve, so we can work and prioritize reasonable
alternative solutions for them, but the fact that there's a fundamental
misunderstanding about the problems being caused has taken the conversation
in a very different direction.

I realize you've provided further context, but my hope is that by laying
out the fundamentally wrong assumptions above, which your further replies
build on, we can make progress here in understanding why "Everyone already
reviewed the Ballot, what's the harm" is a deeply flawed assumption that
permeates the subsequent decision making.
___
Public mailing list

Re: [cabfpub] [Servercert-wg] CANCEL Notice of Review Period – Ballot SC35

[Dimitris Zacharopoulos (HARICA) via Public]

You seem to be conflating my role, as Chair, with HARICA and how HARICA 
evaluates changes in ballots.


I'd like to start off by clarifying that each Member (HARICA as one of 
the voting Members), reviews each ballot independently and votes after 
evaluating the changes of each individual ballots. When a ballot passes, 
this means that each Member must prepare for the changes to be effective 
as soon as the IPR period is over. This has nothing to do with having 
2-3 ballots being added in a single new version of the new Guideline, 
because the Member has already been aware of the upcoming changes 
because of the already voted ballot. This is my personal understanding 
of the situation, and I would even say that it's common sense.


As the Chair, to the best of my ability I interpret the Bylaws, and with 
the help of the Vice Chairs (who have worked with me as officers for 
almost two years) I am ultimately responsible for producing the 
necessary documents and all other activities according to the Bylaws. 
Aggregating ballots to a single version of a Guideline is not 
prohibited, it has been used several times already, yet you found an 
opportunity to attack me personally and imply things for HARICA that are 
totally irrelevant with this issue.


More answers inline.


On 2020-09-16 6:13 μ.μ., Ryan Sleevi wrote:



On Wed, Sep 16, 2020 at 2:12 AM Dimitris Zacharopoulos (HARICA) 
mailto:dzach...@harica.gr>> wrote:




On 2020-09-16 2:43 π.μ., Ryan Sleevi wrote:



On Tue, Sep 15, 2020 at 4:18 PM Dimitris Zacharopoulos (HARICA)
mailto:dzach...@harica.gr>> wrote:



On 2020-09-15 9:34 μ.μ., Ryan Sleevi wrote:




Sure, I can do that but in any case I forwarded it the
argument on the list. I also support this argument that
aggregating new versions of the documents saves time.


While you're the only one qualified to measure whether it saves
time, as a browser, this raises a host of questions for
understanding how CAs are staying abreast of changes and
reviewing them. This is actually critical, given that I've seen
multiple CA incidents where CAs have reported that they have
trouble staying abreast of changes, even for ballots they voted
for! So it suggests to me that some of the current ways that CAs
are keeping up to date are flawed, or lend themselves to easy
mistakes.



I hope you realize that this is not related with Forum's
activities. The Forum produces standards/Guidelines. Whether CAs,
Relying Parties adhere to those standards/Guidelines and update
their processes/products is a different issue.


I hope you realize that questions about the working mode of the Forum 
impacting the ability to make reliable use of the Forum's work product 
is, of course, essential to the continued value and participation in 
the Forum.


If the view of the Chair of the Forum is that the Forum should not 
consider how usable its work product is, which is voluntary standards 
that can be used by Browsers, then I think it raises deep concerns 
about the value of the Forum.




I still can't find the relevance of a CA doing its due diligence to 
review the ballots that were voted, with the production of an aggregated 
or individual Guideline. Perhaps someone else with better understanding 
of the issue could rephrase it so I can see how these two are connected. 
Dean, Wayne, can you please assist here?



Naturally, if we had the specific member, we could ask them to
describe their process for staying aware of changes, and why one
document makes that easier. For example, I'd be deeply concerned
if a CA was looking at an aggregated SC28+SC35, since they might
mistake a meaningful normative change as a cleanup or
clarification, or similarly, mistake or overlook an important
clarification because they're distracted by logging changes.


I don't think that's necessary. It seems very reasonable to me
that reviewing one redline document that introduces changes from
two or three ballots, is more convenient and simpler than having
to review two or three redline documents to reach the same result.

If there are questions about a new requirement or an introduced
change, the discussion of the specific ballot that introduced the
change is there for anyone to review and get a better
understanding on the rationale and get clarifications. In some
cases, even that is not enough, and we encourage people to submit
questions to the questi...@cabforum.org
, or if these questions come from
Members, they can post questions directly to the WG public mailing
list.


I am concerned that you're allowing your personal judgement, which 
unfortunately is seemingly clouded by confusion of the issues, to 
impair your ability to effectively and respectfully Chair, by 
selectively picking and choosing which viewpoints are respected.


My "personal 

Re: [cabfpub] [Servercert-wg] CANCEL Notice of Review Period – Ballot SC35

[Ryan Sleevi via Public]

On Wed, Sep 16, 2020 at 2:12 AM Dimitris Zacharopoulos (HARICA) <
dzach...@harica.gr> wrote:

>
>
> On 2020-09-16 2:43 π.μ., Ryan Sleevi wrote:
>
>
>
> On Tue, Sep 15, 2020 at 4:18 PM Dimitris Zacharopoulos (HARICA) <
> dzach...@harica.gr> wrote:
>
>>
>>
>> On 2020-09-15 9:34 μ.μ., Ryan Sleevi wrote:
>>
>>
>>
>> Sure, I can do that but in any case I forwarded it the argument on the
>> list. I also support this argument that aggregating new versions of the
>> documents saves time.
>>
>
> While you're the only one qualified to measure whether it saves time, as a
> browser, this raises a host of questions for understanding how CAs are
> staying abreast of changes and reviewing them. This is actually critical,
> given that I've seen multiple CA incidents where CAs have reported that
> they have trouble staying abreast of changes, even for ballots they voted
> for! So it suggests to me that some of the current ways that CAs are
> keeping up to date are flawed, or lend themselves to easy mistakes.
>
>
> I hope you realize that this is not related with Forum's activities. The
> Forum produces standards/Guidelines. Whether CAs, Relying Parties adhere to
> those standards/Guidelines and update their processes/products is a
> different issue.
>

I hope you realize that questions about the working mode of the Forum
impacting the ability to make reliable use of the Forum's work product is,
of course, essential to the continued value and participation in the Forum.

If the view of the Chair of the Forum is that the Forum should not consider
how usable its work product is, which is voluntary standards that can be
used by Browsers, then I think it raises deep concerns about the value of
the Forum.



> Naturally, if we had the specific member, we could ask them to describe
> their process for staying aware of changes, and why one document makes that
> easier. For example, I'd be deeply concerned if a CA was looking at an
> aggregated SC28+SC35, since they might mistake a meaningful normative
> change as a cleanup or clarification, or similarly, mistake or overlook an
> important clarification because they're distracted by logging changes.
>
>
> I don't think that's necessary. It seems very reasonable to me that
> reviewing one redline document that introduces changes from two or three
> ballots, is more convenient and simpler than having to review two or three
> redline documents to reach the same result.
>
> If there are questions about a new requirement or an introduced change,
> the discussion of the specific ballot that introduced the change is there
> for anyone to review and get a better understanding on the rationale and
> get clarifications. In some cases, even that is not enough, and we
> encourage people to submit questions to the questi...@cabforum.org, or if
> these questions come from Members, they can post questions directly to the
> WG public mailing list.
>

I am concerned that you're allowing your personal judgement, which
unfortunately is seemingly clouded by confusion of the issues, to impair
your ability to effectively and respectfully Chair, by selectively picking
and choosing which viewpoints are respected.

I realize you believe it's very reasonable, but that appears to be a lack
of familiarity with the issues we, as browsers, are seeing. As a Forum CA
Member, that's concerning for HARICA, but as a Chair, that's even more
inexcusable. Ballots are specifically produced to group their logical
related changes within a single ballot, to make it clear the many related
things that need to change in order to accomplish a particular goal, as
stated in the Ballot. The aggregation approach destroys that contextually
relevant information.

Your further suggestion that it's confusion that a CA is actively aware of,
and thus can and should avail themselves of questions, when that cannot be
further from what I stated. It is the lack of awareness that causes the
issue, and this lack of awareness is heightened by the increasing number of
changes that come in aggregation.

As a member, HARICA represented that it was overloaded with reviewing
changes, and concerned about the quality of results at the continued
cadence in light of COVID. I would expect that you (HARICA), of all
organizations, should thus be familiar with the risk of many changes
causing important changes to be *overlooked*, rather than misunderstood.

Ultimately, I understand that you, individually, have a workmode that works
for you. However, that workmode is demonstrably not working in industry. As
Chair, I'm requesting you do not impose your preferences on the Forum,
particularly when doing so impairs and impacts the ability for CAs to
adhere to these Guidelines, and thus greatly diminishes the value of the
Forum as a producer of such documents. Again, the relevance of the Forum is
how well it serves industry, and that has to be acknowledged as being how
well its voluntary Guidelines, such as the Baseline Requirements, provide
value to browser 

Re: [cabfpub] Voting begins on Special Ballot Forum-15: Election of CA/Browser Forum Chair

[霍海涛 via Public]

360 votes YES on Ballot Forum-15

From: Public  on behalf of Juan Ángel Martín via 
Public 
Reply-To: Juan Ángel Martín , CA/Browser Forum Public 
Discussion List 
Date: Wednesday, September 16, 2020 at 16:28
To: "Dimitris Zacharopoulos (HARICA)" , CA/Browser Forum 
Public Discussion List 
Subject: Re: [cabfpub] Voting begins on Special Ballot Forum-15: Election of 
CA/Browser Forum Chair

Camerfirma votes ‘Yes’ on Ballot Forum-15

Juan Ángel


De: Public  En nombre de Dimitris Zacharopoulos 
(HARICA) via Public
Enviado el: lunes, 14 de septiembre de 2020 17:11
Para: public@cabforum.org
Asunto: [cabfpub] Voting begins on Special Ballot Forum-15: Election of 
CA/Browser Forum Chair


Voting begins for Special Ballot Forum-15.

Dimitris.


On 2020-09-07 8:53 μ.μ., Dimitris Zacharopoulos (HARICA) wrote:



The following motion has been proposed by the CA/Browser Forum Chair Dimitris 
Zacharopoulos of HARICA.


Purpose of Ballot

This special ballot is to confirm the new Chair of the CA/Browser Forum.


--- MOTION BEGINS ---

In accordance with Bylaw 4.1(c), Dean Coclin representing Digicert is hereby 
elected Chair of the CA/Browser Forum for a term commencing on November 1, 2020 
and continuing through October 31, 2022.



--- MOTION ENDS ---





The procedure for approval of this ballot is as follows:

Special Ballot Forum-15 - Election of CA/Browser Forum Chair


Start time


End time

Discussion (7 days)

September 7, 2020 at 11:00 am Eastern Time


September 14, 2020 at 11:00 am Eastern Time

Vote for approval (7 days)


September 14, 2020 at 11:00 am Eastern Time


September 21, 2020 at 11:00 am Eastern Time



___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Voting begins on Special Ballot Forum-15: Election of CA/Browser Forum Chair

[an_yin--- via Public]

iTrusChina votes "YES" to Ballot Forum-15.



an_...@itrus.com.cn
 
From: Dimitris Zacharopoulos \(HARICA\) via Public
Date: 2020-09-14 23:11
To: public
Subject: [cabfpub] Voting begins on Special Ballot Forum-15: Election of 
CA/Browser Forum Chair

Voting begins for Special Ballot Forum-15.

Dimitris.


On 2020-09-07 8:53 μ.μ., Dimitris Zacharopoulos (HARICA) wrote:

The following motion has been proposed by the CA/Browser Forum Chair Dimitris 
Zacharopoulos of HARICA.
Purpose of Ballot
This special ballot is to confirm the new Chair of the CA/Browser Forum. 

--- MOTION BEGINS ---

In accordance with Bylaw 4.1(c), Dean Coclin representing Digicert is hereby 
elected Chair of the CA/Browser Forum for a term commencing on November 1, 2020 
and continuing through October 31, 2022. 

--- MOTION ENDS ---

The procedure for approval of this ballot is as follows: 
Special Ballot Forum-15 - Election of CA/Browser Forum Chair
Start time 
End time 
Discussion (7 days) 
September 7, 2020 at 11:00 am Eastern Time
September 14, 2020 at 11:00 am Eastern Time
Vote for approval (7 days)  
September 14, 2020 at 11:00 am Eastern Time
September 21, 2020 at 11:00 am Eastern Time


___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Voting begins on Special Ballot Forum-15: Election of

[陳立群 via Public]

Chunghwa Telecom votes Yes on Ballot Forum-15.



   Li-Chun



From: Public mailto:public-boun...@cabforum.org> 
> On Behalf Of Dimitris Zacharopoulos (HARICA) via Public
Sent: Monday, September 14, 2020 11:11 AM
To: public@cabforum.org 
Subject: [cabfpub] Voting begins on Special Ballot Forum-15: Election of 
CA/Browser Forum Chair




Voting begins for Special Ballot Forum-15.

Dimitris.

On 2020-09-07 8:53 μ.μ., Dimitris Zacharopoulos (HARICA) wrote:




The following motion has been proposed by the CA/Browser Forum Chair Dimitris 
Zacharopoulos of HARICA.


Purpose of Ballot


This special ballot is to confirm the new Chair of the CA/Browser Forum.



--- MOTION BEGINS ---


In accordance with Bylaw 4.1(c), Dean Coclin representing Digicert is hereby 
elected Chair of the CA/Browser Forum for a term commencing on November 1, 2020 
and continuing through October 31, 2022.



--- MOTION ENDS ---





The procedure for approval of this ballot is as follows:


Special Ballot Forum-15 - Election of CA/Browser Forum Chair

Start time

End time


Discussion (7 days)

September 7, 2020 at 11:00 am Eastern Time

September 14, 2020 at 11:00 am Eastern Time


Vote for approval (7 days)

September 14, 2020 at 11:00 am Eastern Time

September 21, 2020 at 11:00 am Eastern Time






Please be advised that this email message (including any attachments) contains 
confidential information and may be legally privileged. If you are not the 
intended recipient, please destroy this message and all attachments from your 
system and do not further collect, process, or use them. Chunghwa Telecom and 
all its subsidiaries and associated companies shall not be liable for the 
improper or incomplete transmission of the information contained in this email 
nor for any delay in its receipt or damage to your system. If you are the 
intended recipient, please protect the confidential and/or personal information 
contained in this email with due care. Any unauthorized use, disclosure or 
distribution of this message in whole or in part is strictly prohibited.  Also, 
please self-inspect attachments and hyperlinks contained in this email to 
ensure the information security and to protect personal information.
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Voting begins on Special Ballot Forum-15: Election of CA/Browser Forum Chair

[Tamer ERGUN via Public]

Kamu SM votes “Yes” on Ballot Forum-15

 

Regards,

Tamer Ergun

 

 

 

De: Public mailto:public-boun...@cabforum.org> > 
En nombre de Dimitris Zacharopoulos (HARICA) via Public
Enviado el: lunes, 14 de septiembre de 2020 17:11
Para: public@cabforum.org  
Asunto: [cabfpub] Voting begins on Special Ballot Forum-15: Election of 
CA/Browser Forum Chair

 


Voting begins for Special Ballot Forum-15.

Dimitris.

On 2020-09-07 8:53 μ.μ., Dimitris Zacharopoulos (HARICA) wrote:

 


The following motion has been proposed by the CA/Browser Forum Chair Dimitris 
Zacharopoulos of HARICA.


Purpose of Ballot


This special ballot is to confirm the new Chair of the CA/Browser Forum. 

 

--- MOTION BEGINS ---


In accordance with Bylaw 4.1(c), Dean Coclin representing Digicert is hereby 
elected Chair of the CA/Browser Forum for a term commencing on November 1, 2020 
and continuing through October 31, 2022. 

 

--- MOTION ENDS ---

 

 

The procedure for approval of this ballot is as follows: 


Special Ballot Forum-15 - Election of CA/Browser Forum Chair

Start time 

End time 


Discussion (7 days) 

September 7, 2020 at 11:00 am Eastern Time

September 14, 2020 at 11:00 am Eastern Time


Vote for approval (7 days)  

September 14, 2020 at 11:00 am Eastern Time

September 21, 2020 at 11:00 am Eastern Time

 

 

___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Voting begins on Special Ballot Forum-15: Election of CA/Browser Forum Chair

[Juan Ángel Martín via Public]

Camerfirma votes ‘Yes’ on Ballot Forum-15

Juan Ángel


De: Public  En nombre de Dimitris Zacharopoulos 
(HARICA) via Public
Enviado el: lunes, 14 de septiembre de 2020 17:11
Para: public@cabforum.org
Asunto: [cabfpub] Voting begins on Special Ballot Forum-15: Election of 
CA/Browser Forum Chair


Voting begins for Special Ballot Forum-15.

Dimitris.

On 2020-09-07 8:53 μ.μ., Dimitris Zacharopoulos (HARICA) wrote:



The following motion has been proposed by the CA/Browser Forum Chair Dimitris 
Zacharopoulos of HARICA.

Purpose of Ballot

This special ballot is to confirm the new Chair of the CA/Browser Forum.


--- MOTION BEGINS ---

In accordance with Bylaw 4.1(c), Dean Coclin representing Digicert is hereby 
elected Chair of the CA/Browser Forum for a term commencing on November 1, 2020 
and continuing through October 31, 2022.



--- MOTION ENDS ---





The procedure for approval of this ballot is as follows:

Special Ballot Forum-15 - Election of CA/Browser Forum Chair

Start time

End time
Discussion (7 days)
September 7, 2020 at 11:00 am Eastern Time

September 14, 2020 at 11:00 am Eastern Time
Vote for approval (7 days)

September 14, 2020 at 11:00 am Eastern Time

September 21, 2020 at 11:00 am Eastern Time


___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

[cabfpub] Final CA/Browser Forum agenda - Thursday, September 17, 2020 at 11:30 am Eastern Time

[Dimitris Zacharopoulos (HARICA) via Public]

Here is the final CA/B Forum agenda for the teleconference described in 
the subject of this message.


*CA/Browser Forum Agenda*
*Time*  *Start(ET)**
*   *Stop**
*   *Item**
*   *Description**
*   *Presenters**
*
0:02
11:30
11:32
1.
Roll Call   Dimitris
0:01
11:32
11:33
2.
Read Antitrust Statement

0:01
11:33
11:34
3.
Review Agenda   
0:01
11:34
11:35
4.
Approval of minutes from last teleconference
Dimitris
0:05
11:35
11:40
5.
Forum Infrastructure Subcommittee update
Jos
0:0511:40
11:45   6.  Code Signing Working Group update
Dean
0:05
11:45
11:50
7.  S/MIME Working Group update
Stephen
0:02
11:50
11:52
8.
Elections update
Dimitris
0:03
11:52
11:55
9.
Topics for the next virtual F2F Dimitris
0:04
11:55
11:59
10.
Any Other Business

0:01
11:59
12:00
11.
Next call: October 1, 2020 at 11:30 am Eastern Time 




Adjourn;




 *F2F Meeting Schedule: *

 * 2020: October 20-22 (Virtual)
 * 2021: Feb-March San Jose, CA (Cisco), June – Poland (Asseco-Certum),
   October - Minneapolis (OATI)
 * 2022: Mar-April New Delhi / Bengaluru (e-Mudhra), June - [Open],
   October - [Open]

/
/
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] [Servercert-wg] CANCEL Notice of Review Period – Ballot SC35

[Dimitris Zacharopoulos (HARICA) via Public]

On 2020-09-16 2:43 π.μ., Ryan Sleevi wrote:



On Tue, Sep 15, 2020 at 4:18 PM Dimitris Zacharopoulos (HARICA) 
mailto:dzach...@harica.gr>> wrote:




On 2020-09-15 9:34 μ.μ., Ryan Sleevi wrote:




Sure, I can do that but in any case I forwarded it the argument on
the list. I also support this argument that aggregating new
versions of the documents saves time.


While you're the only one qualified to measure whether it saves time, 
as a browser, this raises a host of questions for understanding how 
CAs are staying abreast of changes and reviewing them. This is 
actually critical, given that I've seen multiple CA incidents where 
CAs have reported that they have trouble staying abreast of changes, 
even for ballots they voted for! So it suggests to me that some of the 
current ways that CAs are keeping up to date are flawed, or lend 
themselves to easy mistakes.




I hope you realize that this is not related with Forum's activities. The 
Forum produces standards/Guidelines. Whether CAs, Relying Parties adhere 
to those standards/Guidelines and update their processes/products is a 
different issue.


Naturally, if we had the specific member, we could ask them to 
describe their process for staying aware of changes, and why one 
document makes that easier. For example, I'd be deeply concerned if a 
CA was looking at an aggregated SC28+SC35, since they might mistake a 
meaningful normative change as a cleanup or clarification, or 
similarly, mistake or overlook an important clarification because 
they're distracted by logging changes.


I don't think that's necessary. It seems very reasonable to me that 
reviewing one redline document that introduces changes from two or three 
ballots, is more convenient and simpler than having to review two or 
three redline documents to reach the same result.


If there are questions about a new requirement or an introduced change, 
the discussion of the specific ballot that introduced the change is 
there for anyone to review and get a better understanding on the 
rationale and get clarifications. In some cases, even that is not 
enough, and we encourage people to submit questions to the 
questi...@cabforum.org, or if these questions come from Members, they 
can post questions directly to the WG public mailing list.




Indeed, I'd be quite worried if someone was specifically using the 
Redline PDF for reviewing changes (in the full document), without also 
looking at any supporting discussion and included redlines, to also 
make sure they have an at-a-glance understanding of what's changing. 
Of course, I'm not a CA, so it's much better to hear, in a CAs own 
words, the processes they employee, so they can describe why one 
document saves more time.


Selfishly, my priority is not in saving time for CAs, if saving time 
risks correctness. I'd much rather ensure CAs do the right thing, and 
consistently implement it, even if it means they have to take more 
time to be careful and thorough. This is no different from me wanting 
to make sure my surgeon was certain my spleen needed to be removed, 
before scheduling the surgery, rather than just have them open me up 
and see what looks interesting or relevant.


My priority here is to serve the SCWG and the Forum in a compliant and 
productive manner. If the SCWG Members have no objection to the current 
practice of aggregating Final Guidelines when we have timelines that 
permit this aggregation, I will continue with this practice.



Once I have the review period redline ready, it usually takes
between 30 minutes to 1 hour to create the final documents,
upload them to the wiki (the word versions), produce the
final PDF versions and upload them to the public web site.


Wow! I wouldn't have expected this to be more than 5 minutes, so
that's a really surprising amount of time!  Do you know where the
bulk of the time is, so we can prioritize? That said, it sounds
like your response here aggregated 2-5 - is that roughly right?


Yes, because to produce a Final Guideline and a redlined version
in a non-GitHub version is quite painful. In the GitHub version,
things are faster but again I need to create the redline manually,
compare the two .docx versions produced by GitHub (before and
after the merge to Main), check everything like track changes
mode, make sure the ToC is not tracked and other minor details.


I'm not really sure I understand this process. It might be useful to 
have a demonstration on an Infrastructure WG call, to best see the 
challenge. Beyond helping the (presumptive, given single candidate) 
future chair, it might also help figure out opportunities for 
improvement here :)


We did try to capture the steps in 
https://docs.google.com/spreadsheets/d/1gTHJfPoGgv-1oXCtGxqxg887iSyCnPF0bSYfrc4JD30/edit#gid=0 
but this probably needs to be updated with more details regarding the 
preparation of redlines and final