2012-11-08 Minutes

Notes of meeting

CAB Forum

8 November 2012

Version 1

1.   Present:  Ben Wilson, Atsushi  Inaba, Dean Coclin, Yngve Pettersen, Eddy Nigg, Ryan Koski, Kirk Hall, Wayne Thayer, Jeremy Rowley, and Robin Alden

2.  Agenda Review

The agenda was reviewed.

3.  Approve Minutes of 25 Oct 2012

Minutes of 25 October 2012 were approved as published.

4.  Review Ballot Status

Ballot 93 recently passed.  Ballot 92 was pulled.  No other ballots are pending.  Yngve would like to post a ballot for Ballot 7, but currently there are no other ballots pending.

5.  Review Status of EV Processing and Revocation Guideline Papers

Ben suggested that Rick Andrews create an issues list of any open remaining issues on these papers.

6.  Review BR Issues List

Ben is cleaning up the Baseline Requirements issues list.  On Issues 1 and 27, Mozilla has indicated that they will resolve these issues on the Mozilla discussion list, and then they will reach out to us and request for use to update the BRs accordingly.  Dean asked for clarification on what is meant by BR v1.1.  Ben said that it has been published, and that the process is that as each issue is resolved by a ballot that is passed the previous version is redlined.  Then every so often when several errata have accumulated a new version of the full set is published.  Currently Ben is using the clean copy of version 1.1 and redlining it with everything recent, such as Ballot 93 changes, or he is using it to markup a redlined version of 1.1 that is sent out with each ballot so that people can see the changes that are being proposed in a printed PDF so that people can see what it will look like in version 1.2.

Issue 4 was assigned to Jeremy to determine what the status is, and whether it can be closed.

Issue 7 is still being reviewed and discussed.  Yngve is looking for support of a ballot because the AIA caIssuer’s URL is needed to construct a valid certificate chain, and at least 2% of servers fail in this regard, and 6% of misconfigured sites don’t provide the CA issuer.  Ben suggested that the ballot be modified for certificates not issued by the root and that an effective date in the future be stated.  Yngve asked whether this means 6 months, or 12 months.  Kirk asked whether this would break anything.  Yngve said that the only complaint he has received is that it makes the certificate larger, but that just depends on the length of the AIA URL.  Yngve would like people to provide input on a deadline.  Kirk asked for a specific explanation of the proposal.  Ben recommended that Yngve also communicate directly with Symantec, GlobalSign, and other CAs to see what their suggested implementation timeframes might be for resolving this issue.

Ben said that he had heard that the Ballot 92 issues (BR Issues 15 and 29) were being separated into three ballots with different sponsors and endorsers.  Jeremy said that Rick Andrews and Geoff Keating would be taking over the issue dealing with mixed strings and international domain names (IDNs), and that a separate ballot would deal with issues related to multi-domain certificates, and another one would address the new gTLDs.

7.  Review IPR Status

Ben said that the IPR Policy committee met on Wednesday and that there is still debate on stand-around licensing and whether participation needs to be defined.  Jeremy said that there were two issues – the definition of affiliates and the safe harbor.  He said that there wasn’t much debate on the issue of re-defining affiliates.  Kirk disagreed and said that he has posted to the list a while ago that affiliates did not need to be re-defined because the existing IPR Policy already allows members to make a request to exclude affiliates and he had also asked whether members ever assign IPR to affiliates that wouldn’t be covered by the IPR.  Jeremy said it would be better if the Forum did not have to do that because then there might be some allegation of unfairness if we were to approve the exclusion of the affiliate of one member and not the affiliate of another member, but that Kirk was right about the issue of re-defining affiliates being still debated.   Jeremy briefly reviewed the issues about participation vs. membership as covering RF licensing and announced that a straw poll was going to be circulated to the Forum.  Kirk said that members need to explain why an affiliate needed to be excluded.

8.  Review Governance Proposal

Ben said that we were ready to go forward with the ballot as long as observers are not adversely affected.  Kirk said that he did not want to address it in the Bylaws, because it wasn’t in the TrendMicro proposal, but that observers like ETSI, WebTrust, and PayPal would be allowed to continue to participate as previously allowed.  It was agreed that if the ballot mentioned this it would be satisfactory to move forward with the Bylaws without amending the Bylaws document.

9.  Discuss Revision of Web Site

Ben mentioned that he had started a skeleton of the web site on the wiki and will paste relevant content to the skeleton and send out a request for volunteers to fill in the missing gaps.  Wayne said that he has people in mind at GoDaddy who could help with the design, but he hasn’t approached them because we need to figure out what we’re doing with content and he can’t have them working on it for months on end.  Ben agreed and said that we first need to prepare the content and fill in the skeleton before we engage them.   The skeleton is linked from the wiki front page at the bottom under Public Relations.

10.  Any Other Business – Ballot Voting Process

Kirk said that he would like to address these changes in as few more ballots as possible.  Ben said that he is concerned that people do not focus on the content of ballots after the voting period has started and sometimes not until the very last minute when they ask themselves whether to vote yes or no, which is not optimal.  In the future he will try to remind people midway through the review period to comment on the ballot.  His other idea is to have a two-vote process, just to force people into reviewing the ballot early in the process.  Dean said that he would like a format with extra details to give people a better opportunity to understand the ballot.  Kirk said that he believes that if the sponsor amends its own ballot at any time during the 14-day process that they should start over again and repost for the 14-day cycle, but the ballot shouldn’t have to be renumbered.   Kirk said that last time he was traveling and only had two days to vote on a new proposal.  Ben said that it wasn’t two days, but actually a three-day review period with a 5-day voting period.  Kirk said that he would propose his change after the Bylaws are adopted.  Yngve said that it shouldn’t be possible to reset, reset, reset.  Ben said that there is a certain amount of courtesy we should have and not dump in a bunch of issues late in the process.   Kirk said it is the people who change their ballots who cause it to restart.  Ben said that if a proponent is accommodating the criticisms of another member, then a different rule should apply.  Like for instance, if an implementation deadline or effective date is extended from 3 months to 6 months because of a comment.  Kirk said that all ballots should follow a 14-day process if any change is made other than a pure typographical correction.  Yngve said he could see restarting the process when it is a significant change, but there have been situations where the change is a minor error, but not a typographical error, and everyone is in agreement.  Kirk said that the sponsors should just say no and not change it.  Ben said he was against this because it doesn’t make sense if everyone is in support of the change, but the sponsor has to say no because the rule doesn’t allow him to change it and that approach just encourages us to adopt a poor work product.  Kirk asked why anyone would object to another 7-day review period?  Ben said because maybe they are tired of having to go through the ballot process over and over again.  Yngve said that in the case of some issues like the BR issues the discussion period has actually been months.  Kirk said it is now clear that the battle lines have been drawn and that he will be putting forward a ballot proposing a 7-day review period and people can oppose it if they want.  Eddy said that he agreed with Kirk about restarting the ballot period, even though it is not the optimal solution because it is too hard to draw the line between minor and major changes but that there needed to be some due process.  Yngve said he thought a ballot should follow its own rules.

11.  Meeting adjourned with next meeting set for Monday, Nov. 19, at 1600 UTC.

 

Check Also

2022-11-17 Minutes of the Code Signing Certificate Working Group

Attendees Atsushi Inaba (GobalSign), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan …