Ballot 94 – Adoption of CA/Browser Forum Bylaws (Passed Unanimously)
Kirk Hall made the following motion and it was endorsed by Wayne Thayer and Jeremy Rowley.
A. Be it resolved that the CA / Browser Forum adopts the following set of Bylaws.
|BYLAWS OF THE CA/BROWSER FORUM
Adopted effective as of 23 November 2012
1. CA/BROWSER FORUM – PURPOSE, STATUS, AND ANTITRUST LAWS
1.1 Purpose of the Forum:
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of leading certification authorities (CAs) and vendors of Internet browser software and other applications.
Members of the CA/Browser Forum have worked closely together in defining the guidelines and means of implementation for best practices as a way of providing a heightened security for Internet transactions and creating a more intuitive method of displaying secure sites to Internet users.
1.2 Status of the Forum and Forum Activities
The Forum has no corporate or association status, but is simply a group of CAs and browsers which communicates or meets from time to time to discuss matters of common interest relevant to the Forum’s purpose. The Forum has no regulatory or industry powers over its members or others. Other than those rights and responsibilities found in the Forum’s Intellectual Property Rights Policy (IPR), Forum “membership” or other participation status does not convey any legal status or rights, but is intended simply as a guide to the levels of participation in Forum activities.
1.3 Intellectual Property Rights Policy; Antitrust Laws and Regulations; Goal; Conduct
Forum Members and Interested Parties must comply with the then-current IPR policy and all applicable antitrust laws and regulations during their Forum activities.
The historic goal of Forum activities (including development of proposed requirements and guidelines and voting on all matters) has been to seek substantial consensus among Forum Members before proceeding or adopting final work product, and this goal will remain for the future. Members shall not use their participation in the Forum either to promote their own products and offerings or to restrict or impede the products and offerings of other Members.
The Chair will read an antitrust compliance statement at the start of all Forum Meetings (and on other occasions, as the Chair deems necessary) in substantially the following form:
“As you know, this meeting includes companies that compete against one another. This meeting is intended to discuss technical standards related to the provision of existing and new types of digital certificates without restricting competition in developing and marketing such certificates. This meeting is not intended to share competitively-sensitive information among competitors, and therefore all participants agree not to discuss or exchange information related to:
(a) Pricing policies, pricing formulas, prices or other terms of sale;
(b) Costs, cost structures, profit margins,
(c) Pending or planned service offerings,
(d) Customers, business, or marketing plans; or
(e) The allocation of customers, territories, or products in any way.”
2. FORUM MEMBERSHIP AND VOTING
2.1 Qualifying for Forum Membership
(a) CA/Browser Forum members shall meet at least one of the following criteria.
(1) Issuing CA: The member organization operates a certification authority that has a current and successful WebTrust for CAs audit, or ETSI 102042 or ETSI 101456 audit report prepared by a properly-qualified auditor, and that actively issues certificates to Web servers that are openly accessible from the Internet using any one of the mainstream browsers.
(2) Root CA: The member organization operates a certification authority that has a current and successful WebTrust for CAs, or ETSI 102042 or ETSI 101456 audit report prepared by a properly-qualified auditor, and that actively issues certificates to subordinate CAs that, in turn, actively issue certificates to Web servers that are openly accessible from the Internet using any one of the mainstream browsers.
(3) Browser: The member organization produces a software product intended for use by the general public for browsing the Web securely.
(b) Applicants should supply the following information:
(1) Confirmation that the applicant satisfies at least one of the membership criteria (and if it satisfies more than one, indication of the single category under which the applicant wishes to apply).
(2) URL of the current qualifying performance audit report.
(3) The organization name, as you wish it to appear on the Forum Web site and in official Forum documents.
(4) URL of the applicant’s main Web site.
(5) Names and email addresses of employees who will participate in the Forum mail list.
(6) Emergency contact information for security issues related to certificate trust.
(c) An Applicant shall become a Member once the Forum has determined by vote that the Applicant meets all of the requirements of subsection (a). A vote of Members shall be held as soon as the Applicant indicates that it has presented all information required under subsection (b) and has responded to all follow-up questions from the Forum and the Member has complied with the requirements of Section 5.5.
2.2 Ballots Among Forum Members
Ballots will be conducted in accordance with the following rules.
(a) Only votes by Members shall be accepted.
(b) Only one vote per Member company shall be accepted; representatives of corporate affiliates shall not vote.
(c) A representative of any Member can call for a proposed ballot to be published for review and comment by the membership. Any proposed ballot needs two endorsements by other Members in order to proceed. The review period then shall take place for at least seven calendar-days before votes are cast.
(d) The CA/Browser Forum shall provide seven calendar-days for voting, with the deadline clearly communicated via the members’ electronic mailing list. All voting will take place online via the members’ electronic mailing list.
(e) Only votes that indicate a clear ‘yes’ or ‘no’ response to the ballot question shall be considered (i.e. votes to abstain and votes that do not indicate a clear ‘yes’ or ‘no’ response will not figure in the calculation of item 6, below).
(f) Members fall into two categories: CAs (comprising issuing CAs and root CAs, as defined in the membership criteria) and product suppliers (as defined in the membership criteria). In order for the motion to be adopted by the Forum, two-thirds or more of the votes cast by the Members in the CA category must be in favor of the motion, and at least 50% plus one of the votes cast by the members in the browser category must be in favor of the motion At least one CA Member and one browser Member must vote in favor of a ballot for the ballot to be adopted.
(g) A ballot result will be considered valid only when more than half of the number of currently active members has participated. The number of currently active members is the average number of member organizations that have participated in the previous three meetings (both teleconferences and face-to-face meetings).
(h) The CA/Browser Forum will tabulate and announce the results within one calendar-day of the close of the voting period.
3. OTHER FORUM PARTICIPATION
3.1 Interested Parties
Any person or entity that wishes to participate in the Forum as an Interested Party may do so by completing an enrollment form and Participation Agreement (completed and submitted manually or online) including name, affiliation (optional), and contact information, and by agreeing to the IPR Agreement attached as Exhibit B (indicating agreement by manual signing or a click-through agreement).
Interested Parties may participate in Forum activities in the following ways:
(a) By becoming involved in Working Groups,
(b) By posting to the Public Mail List, and
(c) By participating in those portions of Forum Teleconferences and Forum Meetings to which they are invited by the Forum Chair relating to their areas of special expertise or the subject of their Working Group participation.
Interested Parties are required to comply with the provisions of the Participation Agreement and these Bylaws. Interested Parties may lose their status as Interested Parties by vote of the Members, in the Members’ sole discretion.
3.2 Other Parties
The public may follow the Forum’s activities by reading all postings on the Public Mail List and the Public Web Site. Questions or comments to the Forum may be sent to Questions Mail List.
4. OFFICERS AND FINANCES
The Forum will elect a Chair and Vice Chair, each to serve for a two-year term. The Vice Chair has the authority of the Chair in the event of any absence or unavailability of the Chair, and in such circumstances, any duty delegated to the Chair herein may be performed by the Vice Chair. For example, the Vice Chair will preside at Forum Meetings and Forum Teleconferences in the Chair’s absence. The offices of Chair and Vice Chair may only be filled by Forum Member representatives.
No person may serve as Chair for more than a two-year period or be elected to Vice Chair upon expiration or termination of the person’s service as Chair, but a person is eligible to be elected as Chair again after having vacated the position as Chair for at least two years.
Upon expiration or early termination of the current Chair’s term, the Vice Chair will automatically be nominated to become the next Chair, but Members may nominate themselves or others to be additional candidates as Chair. Upon close of nominations a ballot will be held in the regular manner to elect the new Chair. If the election of a new Chair means the office of Vice Chair becomes vacant, the Members may nominate themselves or other candidates to the office of Vice Chair, and a ballot will be held in the regular manner to elect the new Vice Chair.
The Chair and Vice Chair shall exercise their functions in a fair and neutral manner, allowing all Members equal treatment for their comments and proposals, and shall not favor one side over another in any matter (except that the Chair and Vice Chair may indicate their own position during discussion and voting on the matter). The Chair and Vice Chair shall have no personal liability for any activities of the Forum or its Members or Interested Parties.
The Chair or the Vice Chair may sign correspondence, applications, forms, Letters of Intent, and Memoranda of Understanding relating to projects with standards bodies, industry groups, and other third parties, but shall have no personal liability therefor.
Because the Forum has no corporate status, it will not maintain funds or banking accounts. The costs of operating Forum websites or mailing lists will be covered by voluntary contribution from Forum Members (who may seek voluntary contributions from other Members to help defray such costs). Forum Members may propose other group activities which they propose to sponsor (e.g., research projects, etc.) which require funding and may seek voluntary contributions from other Members for such activities.
Forum Meetings may be held from time to time upon the voluntary sponsorship of one or more Forum members. The sponsor of a Forum Meeting may suggest a fixed cost per meeting participant as reimbursement to the sponsor to cover (a) the cost of meeting rooms and refreshments, and (b) the cost of any meeting dinner or other group activity. Sponsors will be encouraged to announce any suggested per-participant fixed cost reimbursement amount in advance of the Forum Meeting for participant planning purposes, and will provide a statement or invoice to each participant upon request after the Forum Meeting for submission to the participant’s accounting department. All per-participant reimbursements shall be paid directly to the sponsor.
Interested Parties will not be required to pay anything for their participation in Forum activities, but must cover their own expenses for participation in any Working Group meetings.
5. FORUM ACTIVITIES
5.1 Member Mail List and Member Web Site
The Forum shall maintain a Member Mail List and Member Web Site that are not accessible by the public. The following matters may be posted to the Member Mail List and Member Web Site:
(a) Draft minutes of Forum meetings (both virtual and in-person, and including any sub-groups or committees) will be posted to the Member Mail List to allow Members to make sure they are being correctly reported.
Minutes will be considered Final when approved at a subsequent Forum Meeting or Forum Teleconference, or after 2 weeks have elapsed since publication of the draft if no Forum Meeting or Forum Teleconference is imminent. Final minutes will then be posted to the Public Mail List and Public Web Site. The Chair will, upon request, make redactions of any part of the public copy of the minutes identified as private or sensitive by either the information discloser or a member mentioned or affiliated with the subject of the information.
(b) Messages formally announcing ballots or ballot outcomes, including vote and quorum counts, will be posted to the Public Mail List. However, ballots and the listing of final votes by each Member will only be posted to the Member Mail List and Member Web Site.
(c) Nominations for officer positions, Forum Meeting and Forum Teleconference scheduling issues, and discussion of Forum financial issues.
(d) Security incidents if, in the opinion of the Members, discussion on the Public Mail List could reasonably be detrimental to the implementation of security measures by Members.
(e) Proposed responses to questions sent to the Questions Mail List.
(f) Matters which, in the opinion of the Members, require confidentiality.
Members have discretion about which mailing list they use, but are strongly encouraged to use the Public Mail List for matters other than those listed above.
Members are strongly discouraged from posting the text of Member Mail List messages to the Public Mail List without the permission of the author or commenter.
5.2 Public Mail List and Public Web Site
The Chair shall appoint a List Manager who shall maintain a Public Mail List. Forum Members and Interested Parties may post to the Public Mail List in compliance with these Bylaws. Anyone else is allowed to subscribe to and receive messages posted to the Public Mail List, which may be crawled and indexed by Internet search engines.
The Chair shall appoint a Webmaster. The Webmaster shall post instructions on the Public Web Site for subscribing to the Public Mail List.
The following materials shall be posted to the Public Mail List or Public Web Site:
(a) Draft and final agendas for Working Group meetings, Forum Meetings and Forum Teleconferences (including any sub-groups or committees).
(b) Final minutes of Forum Meetings and Forum Teleconferences (including minutes of any sub-groups or committees), and minutes of all Working Group teleconferences and meetings.
(c) Messages formally proposing a Forum ballot (including ballots to establish, modify, or terminate Working Groups) and announcing ballot outcomes, including vote and quorum counts but not identifying individual votes by name of Member.
(d) Initial and final drafts of Forum requirements, guidelines, and recommendations after the drafter has had an opportunity to receive and respond to initial Member comments.
(e) Initial and final drafts of Working Group requirements, guidelines, and recommendations after the drafter has had an opportunity to receive and respond to initial Working Group member comments.
5.3 Working Groups
Members may propose by ballot the appointment of Working Groups open to participation by Members and Interested Parties. The ballot shall outline the scope of the Working Group’s activities, including deliverables, any limitations, and Working Group expiration date. Upon approval of the Working Group, the Chair will call for a show of interest in participation by Members, and shall appoint a Working Group Chair from among the interested Members.
Upon creation of a Working Group, the Forum will post an invitation to all Interested Parties to participate, and will solicit others with expertise and interest in the Working Group subject matter to become Interested Parties and participate in the Working Group. With the approval of the Chair, Working Groups may establish separate list-servs, wikis, and web pages for their communications, but all such separate list-servs must be managed in the same fashion as the Public Mail List. Working Groups may meet by teleconference or face-to-face meetings upon approval by the Chair and the Working Group Chair, but the Forum shall not be responsible for the expenses of any such teleconferences or meetings.
Working Groups may draft recommendations to be forwarded to the Forum for its consideration, but no recommendations will be considered the product of the Working Group unless approved by two-thirds of all Working Group members who vote on the recommendations. All substantial initial and final drafts of the Working Group product will be posted on the Public Mail List.
The Forum shall review the final recommendations from a Working Groups and may approve and implement some or all of the recommendations as appropriate in the Forum’s judgment following the Forum’s regular voting rules. The Forum shall retain the right to amend a Working Group recommendation before approval, but in most cases should first return the proposed amended recommendation to the Working Group for its review and response before voting.
The Forum shall not be required to submit any matter to a Working Group, but may itself draft requirements and guidelines without a Working Group in its discretion.
5.4 Forum Teleconferences and Forum Meetings
From time to time the Forum will hold Forum Teleconferences and Forum Meetings among the Members, who may participate in person or (where feasible) by teleconference. Interested Parties and others may be invited by the Chair, in the Chair’s discretion, to participate in those portions of Forum Teleconferences and Forum Meetings that are relevant to their expertise or their participation in Working Groups.
5.5 IPR policies
As a requirement for membership, Members must execute and return to the Chair the IPR Agreement attached as Exhibit A.
As a requirement for participation as an Interested Party, Interested Parties must execute and return to the Chair (or indicate their agreement by clicking through an online agreement) the IPR Agreement attached as Exhibit B.
5.6 Project Lifecycle
In general, Forum projects will follow the model Project Lifecycle attached as Exhibit C. However, the Members may modify this model as appropriate by their subsequent actions.
6.1 Posting and Amendment of the Bylaws
The current Bylaws shall be posted to the Public Web Site. These Bylaws may be amended by subsequent ballot of the Members.
6.2 Procedure for Dealing with Questions and Comments
The Forum procedure for dealing with questions and comments sent to the Questions Mail List shall be as follows. The Chair shall appoint a Questions List Coordinator. The responsibilities of the Questions List Coordinator are:
(a) If practical, within 24 hours send an acknowledgment to the questioner indicating that the question or comment has been received and that a response will provided as soon as is practical.
(b) Coordinate discussion using the Member Mail List until consensus has been achieved.
(c) Post the proposed response to the Member Mail List indicating that Members have 24 hours to object.
(d) If no objections are received before the deadline expires, then send the response to the questioner.
(e) If consensus cannot be achieved, or one or more objections are received, then the matter should be dealt with in the next Forum Meeting or Forum Teleconference.
Forum Meetings: Face-to-face meetings of Members as scheduled from time to time.
Forum Teleconferences: Teleconference meetings of Members as scheduled from time to time.
Member: A Member of the Forum or a representative of the Member (depending on context).
Member Mail List: The email list-serv maintained by the Forum for communications by and among Forum Members. The Member Mail List is not available to Interested Parties or Other Parties.
Member Web Site: The password-protected web site available only to Members (currently called the CA/Browser Forum Wiki).
Participation Agreement: An agreement that individuals or entities must agree to in order to participate in the Forum as Interested Parties. The current form of Participation Agreement is attached as Exhibit D.
Public Mail List: The public email list-serv currently located at email@example.com maintained by the Forum for communications by and among Members and Interested Parties. The Public Mail List may be read by Other Parties, but Other Parties may not post to the Public Mail List.
Public Web Site: The web site available only to Members, Interested Parties, and Other Parties (currently located at cabforum.org). A Forum Member will be appointed as Webmaster and will control all postings to the Public Web Site.
Questions Mail List: The email list-serv currently located at firstname.lastname@example.org maintained by the Forum for communications from the public to the Forum.
Exhibit A [Insert Member IPR Agreement here]
Exhibit C – Project Lifecycle
Exhibit D – Interested Parties Participation Agreement
B. Be it further resolved that these Bylaws do not modify the status of, or requirements applicable to, current observers such as ETSI, WebTrust, PayPal, tScheme, or the Federal PKI Management Authority, and they may continue to participate in meetings and on lists on the same basis as they did previously.
The ballot review period comes into effect immediately upon posting today (Friday, 9 Nov 2012) and will close at 2000 UTC on Friday, 16 Nov 2012. Unless the ballot is withdrawn or modified during the review period, the voting period will start immediately thereafter and will close at 2000 UTC on Friday, 23 Nov 2012. If the ballot is modified for reasons other than to correct minor typographical errors, then the ballot will be deemed to have been withdrawn.
Votes must be cast by posting an on-list reply to this thread.
A vote in favor of the ballot must indicate a clear ‘yes’ in the response.