CA/Browser Forum

Bylaws

1. CA/BROWSER FORUM – PURPOSE, STATUS, AND ANTITRUST LAWS

1.1 Purposes of the Forum

The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).

Members of the CA/Browser Forum have worked closely together in defining the guidelines and means of implementation for best practices as a way of providing a heightened security for Internet transactions and creating a more intuitive method of displaying secure sites to Internet users.

1.2 Status of the Forum and Forum Activities

The Forum has no corporate or association status, but is simply a group of Certificate Issuers and Certificate Consumers that communicates or meets from time to time to discuss matters of common interest relevant to the Forum’s purposes. The Forum has no regulatory or industry powers over its members or others. Other than those rights and responsibilities found in the Forum’s Intellectual Property Rights (IPR) Policy, Forum “membership” or other participation status does not convey any legal status or rights, but is intended simply as a guide to the levels of participation in Forum activities.

1.3 Intellectual Property Rights Policy; Antitrust Laws and Regulations; Goal; Conduct

Forum Voting Members, Probationary Members, Associate Members, and Interested Parties must comply with the then-current IPR Policy, code of conduct, and all applicable antitrust laws and regulations during their Forum activities. Before an applicant for membership is evaluated to join a Chartered Working Group (CWG), it must be confirmed that the person signing the IPR agreement on behalf of an applicant is authorized to bind that entity to this agreement.

The historic goal of Forum activities (including development of proposed requirements and guidelines and voting on all matters) has been to seek substantial consensus among Forum Members before proceeding or adopting final work product, and this goal will remain for the future. Members shall not use their participation in the Forum either to promote their own products and offerings or to restrict or impede the products and offerings of other Members.

An antitrust compliance statement shall be read at the start of all Forum face-to-face Meetings (and on other occasions, as the Chair deems necessary) in substantially the following form:

“As you know, this meeting includes companies that compete against one another. This meeting is intended to discuss technical standards related to the provision of existing and new types of digital certificates without restricting competition in developing and marketing such certificates. This meeting is not intended to share competitively-sensitive information among competitors, and therefore all participants agree not to discuss or exchange information related to:

  1. Pricing policies, pricing formulas, prices or other terms of sale;
  2. Costs, cost structures, profit margins,
  3. Pending or planned service offerings,
  4. Customers, business, or marketing plans; or
  5. The allocation of customers, territories, or products in any way.”

At the start of a Forum, CWG or sub-group Teleconference, the following “Note Well” shall be read:

“All participants are reminded that they must comply with the CA/Browser Forum’s Bylaws, which include an antitrust policy, a code of conduct, and an intellectual property rights agreement. Please contact the Forum Chair with any comments or concerns about the Bylaws or these policies”.

The antitrust compliance statement or note well does not need to be re-read when it has been read during a larger-scope meeting. For example, if there are three consecutive meetings (Forum-level, Server Certificate Working Group, Validation Subcommittee of the Server Certificate Working Group), the “antitrust statement/note well” needs to be read only at the beginning of the Forum-level meeting.

2. FORUM MEMBERSHIP AND VOTING

2.1 Qualifying for Forum Membership

Chartered Working Group (CWG) Members are automatically granted Forum Membership.

Categories of Forum Membership are defined as follows:

  • Voting Member, which contains the following two (2) sub-categories:
    • Certificate Issuer: The member organization operates a certification authority that meets the requirements for membership as a Certificate Issuer in one or more CWGs.
    • Certificate Consumer: The member organization produces software that processes certificates and meets the requirements for membership as a Certificate Consumer in one or more CWGs.
  • Other types of membership consists of the following three (3) sub-categories:
    • Associate Member: As defined in Section 3.1
    • Interested Party: As defined in Section 3.2
    • Probationary Member (Certificate Issuer/Certificate Consumer): As defined in Section 3.3.

Note: Based on Section 3.1 in version 2.4 of the Bylaws, it was allowed for a Certificate Issuer that partially met the CWG membership criteria to be accepted as “Associate Member”. Once version 2.5 of the Bylaws becomes effective, these Associate Members will automatically be re-assigned to the “Probationary Member” membership category, as described in Section 3.3 below.

Voting Members that qualify under more than one category of Forum membership must choose only one membership category at the Forum level. Similarly, a Voting Member within a given CWG that qualifies under more than one category of CWG membership must choose only one membership category in that CWG.

2.2 Ending Forum Membership

When a Forum Member ceases to be a Member of at least one CWG, its Forum membership is terminated. Termination does not prevent a Member from potentially having continuing obligations, under the Forum’s IPR Policy or any other document.

2.3 General Provisions Applicable to All Ballots

The following rules will apply to all ballots, including Draft Guideline Ballots (defined in 2.4).

  1. Only votes by Voting Members shall be accepted.

  2. Only one vote per Voting Member organization shall be accepted; Affiliates of Voting Members shall not vote. Only votes from a designated representative of a Voting Member (“Voting Representative”) shall be accepted.

  3. Any Voting Representative can call for a proposed ballot to be published for discussion and comment by the membership. Any proposed ballot needs endorsements by at least one (1) Voting Representative from two (2) other Voting Members in order to proceed. The discussion period then shall take place for at least seven (7) calendar days before votes are cast. At any time, a new version of the ballot (marked with a distinguishing version number) may be posted by the proposer in the same manner as the original. Once no new version of the ballot has been posted for seven (7) calendar days, the proposer may end the discussion period and start the voting period by reposting the final version of the ballot and clearly indicating that voting is to begin, along with the start and end dates and times (including time zone) for the voting period. The ballot automatically fails if ninety (90) calendar days elapse since the proposer last posted a version of the ballot and the voting period has not been started.

  4. Upon commencement of the voting period, Voting Members shall have exactly seven (7) calendar days for voting on the proposed ballot, with the deadline clearly communicated in the ballot and sent via a Public Mail List. A proposer may withdraw a ballot containing defective language at any point during the voting period. For ballots related to the Forum level, votes must be sent to the Public Mail List of the Forum. For ballots related to a CWG, votes must be sent to the Public Mail List of the CWG. All voting will take place via a Public Mail List. Votes must be submitted by a Voting Representative to the correct Public Mail List by the end of the voting period (as specified in the ballot) to be considered valid and counted. Each Voting Member, and not the Forum or CWG, will be responsible for taking precautions to make sure such Member’s vote is submitted properly and counted. In the event that a Voting Member’s vote on a ballot is not submitted properly, such vote shall not be valid and shall not be counted for any purpose, and there shall be no appeal, re-vote (except in the case of a new ballot submitted to all Voting Members) or other recourse.

  5. Voting Members may vote “yes”, “no”, or “abstain” on a ballot. Only votes that indicate a clear “yes” or “no” response to the ballot question shall be considered (i.e. votes to “abstain” and votes that do not indicate a clear “yes” or “no” response will not figure in the calculation of item (6), below).

  6. Voting Members fall into two categories: Certificate Issuers and Certificate Consumers. In order for a ballot to be adopted by the Forum, two-thirds (2/3) or more of the votes cast by the Voting Members in the Certificate Issuer category must be in favor of the ballot, and at least fifty percent (50%) plus one (1) of the votes cast by the Voting Members in the Certificate Consumer category must be in favor of the ballot. At least one (1) Voting Member in each category must vote in favor of a ballot for the ballot to be adopted.

  7. A ballot result will be considered valid only when more than half of the number of currently active Voting Members has participated. The number of currently active Voting Members is the average number of Voting Member organizations that have participated in the previous three (3) Forum Meetings and Forum Teleconferences.

  8. The Chair will tabulate and announce the results within three (3) business days of the close of the voting period.

  9. The Chair may delegate any of his/her duties under this Section 2.3 and Section 2.4 to the Vice Chair as necessary, or the Vice Chair may otherwise execute the duties and obligations of the Chair as provided in Section 4.1(1) of these Bylaws.

2.4 Requirements for Draft Guideline Ballots

This section applies to any ballot that proposes a Final Guideline or a Final Maintenance Guideline (a “Draft Guideline Ballot”), all as defined under the Forum’s IPR Policy. Draft Guideline Ballots must comply with the following rules in addition to the requirements set forth in Section 2.3 above.

  1. A Draft Guideline Ballot will clearly indicate whether it is proposing a Final Guideline or a Final Maintenance Guideline. If the Draft Guideline Ballot is proposing a Final Guideline, such ballot will include the full text of the Draft Guideline intended to become a Final Guideline. If the Draft Guideline Ballot is proposing a Final Maintenance Guideline, such ballot will include a redline or comparison showing the set of changes from the Final Guideline section(s) intended to become a Final Maintenance Guideline, and need not include a copy of the full set of guidelines or text describing the proposed changes. Such redline or comparison shall be made against the Final Guideline section(s) as they exist at the time a ballot is proposed, and need not take into consideration other ballots that may be proposed subsequently, except as provided in Section 2.4(10) below. In the event there is a conflict between the text of a Final Guideline or Final Maintenance Guideline included in a Draft Guideline Ballot (the “Ballot Version”), and the text in the redline/comparison copy of the Final Guideline or Final Maintenance Guideline attached to the Draft Guideline Ballot (the “Redline Version”), the Ballot Version shall in all cases take precedence over the redline version. If present, the Ballot Version shall be the official text used for implementation should the Draft Guideline Ballot pass. If a discrepancy between the redline version and the Ballot version is discovered during the Draft Guideline Ballot discussion or voting periods, a corrected copy of the redline version shall be submitted to the Public Mail List for reference; this corrected Redline Version shall not affect the Draft Guideline Ballot text, the discussion period, or the voting period.

  2. As described in Section 2.3(3), there will be a discussion period of at least seven (7) days before votes are cast on a Draft Guideline Ballot, with the start date of such discussion period clearly specified in the ballot. The discussion period shall end and the voting period shall commence also according to the procedure specified in Section 2.3(3).

  3. As described in Section 2.3(4), upon commencement of the voting period, Voting Members shall have exactly seven (7) calendar days to vote on a Draft Guideline Ballot, with the deadline clearly communicated in the ballot sent via a Public Mail List. The proposing and endorsing organizations may also vote. For ballots related to the Forum level, votes must be sent to the Public Mail List of the Forum. For ballots related to a CWG, votes must be sent to the Public Mail List of the CWG. All voting will take place via the proper Public Mail List. Votes not submitted to the Public Mail List or not submitted by a Voting Representative, will not be considered valid, and will not be counted for any purpose. The Chair may send an email to a Public Mail List reminding Voting Members of when the voting period opens and closes.

  4. The Forum (via the Chair) will tabulate and announce the results within three (3) business days of the close of the initial voting period (the “Initial Vote”). If the Draft Guidelines Ballot does not pass the Initial Vote, the ballot fails.

  5. If a Draft Guideline Ballot passes the Initial Vote, the Chair shall initiate, no later than the third (3rd) business day after the announcement of the Initial Vote results, the Review Period of thirty (30) or sixty (60) days, as applicable and as described in Section 4.1 of the IPR Policy. The Chair will initiate the Review Period by sending the Review Notice to the Public Mail List. The Review Notice will clearly specify the open and close dates and times (with time zone) of the Review Period. If the Chair does not initiate the Review Period within five (5) business days after the announcement of the Initial Vote results, the Vice Chair must initiate the Review Period, using the same process as the Chair would have been required to use.

  6. The Review Period will continue to the end of the thirty (30) or sixty (60) day period, as applicable, regardless of the number of Exclusion Notices filed pursuant to the IPR Policy during such period, if any. No later than three (3) business days after the conclusion of the applicable Review Period, the Chair will distribute any Exclusion Notices submitted in accordance with Section 4.1 (Review of Draft Specifications) of the IPR Policy via the Public Mail List; provided, however, that the Chair may distribute such Exclusion Notices earlier.

  7. In addition to following the process for submitting Exclusion Notices set forth in Section 4 of the IPR Policy, Members shall also send Exclusion Notices to the Public Mail List as a safeguard.

  8. If no Exclusion Notices are filed during the Review Period with respect to a Draft Guideline Ballot, then the results of the Initial Vote are automatically deemed to be final, approved, and effective as of the end of the applicable Review Period. The Draft Guidelines then become either Final Guidelines or Final Maintenance Guidelines, as designated in the Draft Guidelines Ballot. The Chair will notify the Public Mail List of the results of the Review Period within three (3) business days, as well as update the Public Website of Final Guidelines and Final Maintenance Guidelines within ten (10) business days, of the close of the Review Period. The Chair or Vice-Chair of the Forum or of the CWG is allowed to perform changes to informative (non-normative) parts of a Final Guideline or Final Maintenance Guideline before it is published to the public web site and without requiring a ballot procedure. The set of changes are limited to:

    • The cover page,
    • The Table of Contents,
    • The year in the “Copyright” information,
    • Footers with page numbers,
    • Links to other sections within the document.

    The Chair or Vice-Chair of the Forum or of a CWG is also allowed to perform the following changes, unless the ballot explicitly updates this information:

    • The Guideline version number,
    • Headers/Footers with version numbers,
    • The table with document revisions or Document History,
    • The table with Relevant Dates.
  9. If Exclusion Notice(s) are filed during the Review Period (as described in Section 4.3 of the IPR Policy), then the results of the Initial Vote are automatically rescinded and deemed null and void, and;

    a. A Patent Advisory Group (PAG) will be formed, in accordance with Section 7 of the IPR Policy, to address the conflict. The PAG will make a conclusion as described in Section 7.3.2 of the IPR Policy, and communicate such conclusion to the rest of the Forum, using the Member Mail List and the Public Mail List; and

    b. After the PAG provides its conclusion, if the proposer and endorsers decide to proceed with the Draft Guidelines Ballot, and:

    1. The proposer and endorsers do not make any changes to the Draft Guidelines Ballot, such ballot must go through the steps described in Sections 2.4(2) through (4) above, replacing the “Initial Vote” with a “Second Vote.” If a Draft Guidelines Ballot passes the Second Vote, then the results of the Second Vote are deemed to be final and approved. Draft Guidelines then become either Final Guidelines or Final Maintenance Guidelines, as designated in the Draft Guidelines Ballot. The Chair will notify the Public Mail List of the approval, as well as update the public website of Final Guidelines and Final Maintenance Guidelines; or
    2. The proposer and endorsers make changes to the Draft Guidelines Ballot, a new Draft Guidelines Ballot must be proposed, and must go through the steps described in Sections 2.3(1) through (9) above.
  10. If a ballot is proposed to amend the same section of the Final Guidelines or the Final Maintenance Guidelines as one or more previous ballot(s) that has/have not yet been finally approved, the newly proposed ballot must include information about, and a link to, any such previous ballot(s), and may include provisions to avoid any conflicts relating to such previous ballots.

3. OTHER FORUM PARTICIPATION

3.1 Associate Members

Membership in the Forum or CWGs as an Associate Member may be by invitation when the CA/Browser Forum determines that maintaining such a relationship will be of benefit to the work of the Forum. In the past, entities qualifying as Associate Members have included the ACAB’c, AICPA/CICA WebTrust Task Force, the European Telecommunications Standards Institute (ETSI), the Internet Corporation for Assigned Names and Numbers, tScheme and the U.S. Federal PKI. In order to become an Associate Member, an organization must sign a mutual letter of intent/understanding, or other similar agreement, and the Forum’s IPR Policy Agreement, unless this latter requirement is waived in writing by the Forum based on overriding policies of the Associate Member’s own organization IPR rules.

Associate Members may attend face-to-face meetings, communicate with other Members on the Member Mail List and/or Public Mail List, and access the Member Wiki Website. Associate Members may not propose or endorse ballots or take part in any form of voting except on special straw polls of the Forum or CWGs (e.g. when selecting meeting dates, locations, etc.).

3.2 Interested Parties

Any person or entity that wishes to participate in the Forum as an Interested Party may do so by providing their name, affiliation (optional), and contact information, and by agreeing to the IPR Policy Agreement attached as Exhibit A (indicating agreement by signing the agreement).

Interested Parties may participate in Forum activities in the following ways:

  1. By becoming involved in CWGs,

  2. By posting to the Public Mail List, and

  3. By participating in those portions of Forum Teleconferences and Forum Meetings to which they are invited by the Forum or CWG Chair relating to their areas of special expertise or the subject of their CWG participation.

Interested Parties are required to comply with the provisions of the IPR Policy Agreement and these Bylaws. Interested Parties may lose their status as Interested Parties by vote of the Voting Members, in the Voting Members’ sole discretion.

Interested Parties apply by sending an e-mail to the Questions List, which includes:

  • The signed IPR Policy Agreement
  • The CWGs and any subcommittees in which they wish to join and Contribute.

3.3 Probationary Member

A Probationary Member is a Certificate Issuer or Certificate Consumer that does not meet all qualifying criteria of the Certificate Issuer or Certificate Consumer to be or become a Voting Member as defined in a CWG charter. Probationary membership is valid for twelve (12) months and may be renewed as decided by the CWG. A Probationary Member must sign the Forum’s IPR Policy Agreement. Probationary Members may attend face-to-face meetings, communicate with other Members on the Member Mail List and the Public Mail List, and access the Member Wiki Website. Probationary Members may not propose or endorse ballots or take part in any form of voting except on special straw polls of the Forum or CWGs (e.g. when selecting meeting dates, locations, etc.).

3.4 Other Parties

The public may follow the Forum’s activities by reading all postings on the Public Mail List and the Public Web Site. Questions or comments to the Forum may be sent to the Questions Mail List.

4. OFFICERS AND FINANCES

4.1 Officers

Elections for officers of the Forum and officers of Chartered Working Groups (CWGs) are coordinated in the Forum itself, not the CWGs. The Forum Chair and Vice Chair oversee all CWG elections before being replaced by the newly elected Forum Chair and Vice Chair. CWG officers are elected by vote of the corresponding CWG Voting Members while Forum-level officers are elected by vote of all Forum-level Voting Members.

  1. Term of office: The Forum will elect a Chair and Vice Chair, each to serve for a term of two (2) years. The Vice Chair has the authority of the Chair in the event of any absence or unavailability of the Chair, and in such circumstances, any duty delegated to the Chair herein may be performed by the Vice Chair. For example, the Vice Chair will preside at Forum Meetings and Forum Teleconferences in the Chair’s absence. The offices of Chair and Vice Chair may only be filled by Voting Representatives. No person may serve as Forum Chair for more than a two-year period or be elected to Forum Vice Chair upon expiration or termination of the person’s service as Forum Chair, but a person is eligible to be elected as Forum Chair again after having vacated the position as Chair for at least one (1) term. Elections of CWG Officers are also coordinated at the Forum level by the Forum Chair and Vice Chair, but voting for CWG officers is performed by the corresponding CWG Voting Members. No person may serve as Chair of a CWG for more than three (3) terms. However, in such a situation, they may be elected Vice Chair of the CWG and/or be elected as CWG Chair again after having vacated the position as CWG Chair for at least one term. Serving as an officer, or history of having served as an officer, in one CWG has no impact on eligibility to be elected as an officer of another CWG.

  2. Manner of conducting nominations: At least sixty (60) days prior to the expiration of the current Chair’s term or upon his/her early termination as Chair, the Chair or Vice Chair will announce through the Member Mail List that nominations are open for the office of Chair, and that the Vice Chair will be automatically nominated as a candidate for the next Chair. However, Forum Voting Members may nominate their own Voting Representatives or Voting Representatives of other Voting Members to be additional candidates for Chair. A Vice Chair may decline the nomination to the office of Chair and/or indicate an intent to seek nomination for re-election to the office of Vice Chair. The nomination period for Chair will last for at least one (1) week but no longer than four (4) weeks. Upon the close of the nominations for Chair, the nomination period for the office of Vice Chair shall immediately open. The nomination period for Vice Chair will last for at least one (1) week but no longer than four (4) weeks.

  3. Manner of holding officer elections: If a single individual is nominated for a position, the Forum will hold a ballot prepared and submitted by the Forum Chair, with the exception of not requiring endorsers and not requiring a discussion period, to confirm appointment of the nominee. For the confirmation ballot, each Voting Member is entitled to a single vote regardless of the number of Voting Representatives it may have or whether the Voting Member is categorized as a Certificate Issuer or a Certificate Consumer. Only Voting Representatives are allowed to cast votes on behalf of Voting Members. If multiple votes are received from a Voting Member, the last vote submitted during the voting period is considered the Voting Member’s vote. The single nominee is considered confirmed if a majority of the Voting Members who vote are in favor of the appointment, regardless of the number of votes cast and irrespective of whether 2/3 of the Certificate Issuers or fifty percent (50%) plus one (1) of the Certificate Consumers approve appointment of the nominee.

    If more than one candidate is nominated for Chair or Vice Chair, the Forum Chair will submit an election ballot, with the exception of not requiring endorsers or a discussion period, to determine which candidate will fill the position. Within two (2) weeks after the close of the nomination period, the Chair or Vice Chair will establish an election committee and announce the election ballot on the Member Mail List along with the ballot start date, ballot end date, and a description of the voting process. The Chair or Vice Chair will appoint the election committee by selecting at least two (2) volunteers who have a reputation for independence, preferably individuals without voting rights in the Forum and who participate as representatives of Associate Members. The election committee is responsible solely for tallying Voting Member votes from their Voting Representatives in connection with the election ballot. The description must include the email address(es) to where Voting Representatives will send their vote, which should be the email addresses of the members of the election committee.

    For election ballots, each Voting Member is entitled to a single vote regardless of the number of Voting Representatives it may have or whether the Voting Member is categorized as a Certificate Issuer or a Certificate Consumer. Only Voting Representatives are allowed to cast votes on behalf of Voting Members. The nominee organization(s) may also vote. If multiple votes are received from a Voting Member, the last vote submitted during the voting period by its Voting Representative is considered the Voting Member’s vote. Within two (2) weeks after the election ballot closes, the election committee will compile the votes, ensure that only one (1) vote is counted per Voting Member, confirm the results with other members of the election committee, and publish the ballot results by sending an email to the Public Mail List. The election committee will not include any votes submitted before or after the voting period when compiling the votes. The ballot results email will contain only the following information: a short description of the ballot purpose, the total number of votes submitted during the ballot period, and the name of the nominee receiving the most votes. The election committee may include other language as necessary to accurately describe the ballot and any concerns the election committee had with the ballot, provided that such language does not disclose how individual Voting Members voted. The election committee will treat the votes of individual Voting Members as confidential information. The nominee receiving the most votes is appointed to the applicable position, regardless of the number of votes cast and irrespective of whether two thirds (2/3) of the Certificate Issuers or fifty percent (50%) plus one (1) of the Certificate Consumers voted for the nominee. If the election ballot results in a tie among the candidates receiving the most votes, the Forum Chair or Forum Vice Chair will call for another election ballot that includes only the two tying candidates.

  4. Duties: The Chair and Vice Chair shall exercise their functions in a fair and neutral manner, allowing all Members equal treatment for their comments and proposals, and shall not favor one side over another in any matter (except that the Chair and Vice Chair may indicate their own position during discussion and voting on the matter). The Chair and Vice Chair shall have no personal liability for any activities of the Forum or its Members.

    The Chair or the Vice Chair may sign correspondence, applications, forms, Letters of Intent, and Memoranda of Understanding relating to projects with standards bodies, industry groups, and other third parties, but shall have no personal liability therefor.

4.2 Finances

Because the Forum has no corporate status, it will not maintain funds or banking accounts. The costs of operating Forum websites or mailing lists will be covered by voluntary contributions from Members (who may seek voluntary contributions from other Members to help defray such costs). Members may propose other group activities which they propose to sponsor (e.g., research projects, etc.) which require funding and may seek voluntary contributions from other Members for such activities.

Forum Meetings may be held from time to time upon the voluntary sponsorship of one or more Voting Members. The sponsor of a Forum Meeting may suggest a fixed cost per meeting participant as reimbursement to the sponsor to cover (a) the cost of meeting rooms and refreshments, and (b) the cost of any meeting dinner or other group activity. Sponsors will be encouraged to announce any suggested per-participant fixed cost reimbursement amount in advance of the Forum Meeting for participant planning purposes, and will provide a statement or invoice to each participant upon request after the Forum Meeting for submission to the participant’s accounting department. All per-participant reimbursements shall be paid directly to the sponsor.

Interested Parties will not be required to pay anything for their participation in Forum activities, but must cover their own expenses for participation in any CWG meetings.

5. FORUM AND WORKING GROUP ACTIVITIES

5.1 Forum Member Mail List and Member Web Site

The Forum shall maintain a Member Mail List and Member Web Site that are not accessible by the public. The following matters may be posted to the Member Mail List and Member Web Site:

  1. Draft minutes of Forum Meetings and Forum Teleconferences will be posted to the corresponding Member Mail List to allow Members to make sure they are being correctly reported. Sub-groups and committees may also post to a corresponding Member Mail List. Minutes will be considered final when approved at a subsequent Forum Meeting or Forum Teleconference, except if there is no Forum Meeting or Forum Teleconference scheduled within three (3) weeks of the publication of the draft minutes, in which case Minutes will be considered final three (3) weeks after publication of the draft minutes. Final minutes will then be posted to the corresponding Public Mail List or if it relates to a sub-group or committee, they will be posted to the corresponding Public Mail List of the sub-group or committee. Final minutes of Forum meetings or Forum Teleconferences will additionally be posted to the Public Web Site. The Chair will, upon request, make redactions of any part of the public copy of the minutes identified as private or sensitive by either the information discloser or a member mentioned or affiliated with the subject of the information.

  2. Nominations for officer positions, Forum Meeting and Forum Teleconference scheduling issues, and discussion of Forum financial issues.

  3. Security incidents if, in the opinion of the Members, discussion on the Public Mail List could reasonably be detrimental to the implementation of security measures by Members.

  4. Proposed responses to questions sent to the Questions Mail List.

  5. Matters which, in the opinion of the Members, require confidentiality.

Members have discretion about which mailing list they use, but are strongly encouraged to use the Public Mail List for matters other than those listed above.

Members are strongly discouraged from posting the text of Member Mail List messages to a Public Mail List without the permission of the author or commenter. Doing so may violate the Code of Conduct.

These activities should be followed by any Chartered Working Group. Chartered Working Groups shall use the Working Group’s Mail Lists instead of the Forum-level Mail Lists. Working Groups may use the Forum Member Web Site but they must maintain a separate section designated for material related to the specific Working Group.

5.2 Public Mail List and Public Web Site

The Forum Chair shall appoint a List Manager who shall maintain a Public Mail List. All Members may post messages to the Public Mail List in compliance with these Bylaws. Anyone else is allowed to subscribe to and receive messages posted to the Public Mail List, which may be crawled and indexed by Internet search engines.

The Forum Chair shall appoint a webmaster. The webmaster shall post instructions on the Public Web Site for subscribing to the Public Mail List.

The following materials shall be posted to the Forum Public Mail List, the applicable CWG Public Mail List, or designated area on the Public Web Site:

  1. Draft and final agendas for CWG meetings, Forum Meetings, and Forum Teleconferences (including any sub-groups or committees).

  2. Final minutes of CWG meetings, Forum Meetings, and Forum Teleconferences (including minutes of any sub- groups or committees).

  3. Messages formally proposing a ballot, including CWG ballots to establish or amend guidelines, to adopt or modify charters, and individual votes, vote and quorum counts, and messages announcing ballot outcomes and voting breakdowns.

  4. Initial and final drafts of requirements, guidelines, and recommendations after the drafter has had an opportunity to receive and respond to initial Member comments.

  5. Initial and final drafts of CWG charter documents, guidelines, and recommendations after the drafter has had an opportunity to receive and respond to initial comments from prospective Working Group members.

These activities shall be followed by any Chartered Working Group. Working Groups must maintain a separate Public Mail List. Working Groups may use the Forum Public Web Site but they must maintain a separate section designated for material related to the specific Working Group.

5.3 Working Groups

5.3.1 Formation of Chartered Working Groups

  1. (Referred to as Section 5.3.1(a) in the IPR Policy) Voting Members who desire to form a new “Chartered” Working Group (CWG) shall propose a charter by ballot pursuant to Section 2.3 above. A CWG shall:

    • Include Certificate Issuer participants or Certificate Consumer participants, and should typically include both.
    • Allow for the participation of Interested Parties, Associate Members and Probationary Members.

    Criteria for each category of membership in a CWG shall be clearly defined, and should consider:

    • Audit requirements, including acceptable audit schemes, duration and age of the report, and auditor qualifications.

    • Requirements for the Applicant to be actively issuing certificates or creating a software product that relies upon certificates.

    • Requirements that certificates are treated as valid by a CWG Certificate Consumer, or for the latest software produced by the Certificate Consumer to be intended for use by the general public.

  2. The charter shall outline the scope of the CWG’s activities and other important information. A template for Working Group charters is attached to these Bylaws as Exhibit C. A Working Group may deviate from the template, provided that the charter must include at least the following information:

    • Scope of the Working Group
    • Anticipated Working Group end date, if any
    • Initial chairs and contacts for the Working Group
    • Type(s) of Members eligible to participate in the Working Group (e.g., Voting Members, Interested Parties, Associate Members and Probationary Members)
    • Membership criteria as described in section 5.3.1
    • Criteria for ending membership for each category of participant
    • Voting structure for the WG
    • Summary of the work that the WG plans to accomplish
    • Summary of major deliverables and guidelines for the Working Group
    • Means of communication to be used by the Working Group (see subsection (4) below)
    • Applicability of the IPR Policy
  3. After the charter is approved, the CWG MAY elect a new Chair and Vice Chair elected by CWG members following the procedures of Bylaws Section 4.1 as closely as possible. However, unlike at the Forum level, CWG Chairs and Vice Chairs may run for re-election if they so choose. The initial term for CWG officers shall expire on November 30 of the next even-numbered year after the CWG is established in order to be synchronized with the terms of Forum officers. Proposing and voting on all CWG Ballots by CWG members shall follow the procedures stated in Bylaws sections 2.3 and 2.4, except that the nomination of officers does not require a proposer and endorsers. The CWG Chair will send an invitation to the Public Mail List for an initial CWG meeting and will solicit eligible Voting Members, Associate Members and Interested Parties (as specified in the charter) with expertise and interest in the CWG’s subject matter to participate in the CWG. In order to participate in a Working Group, a party must have agreed to the IPR Policy Agreement and formally declared participation. Each CWG Chair shall be responsible for ensuring that all parties attending the respective CWG meetings have signed the IPR Policy Agreement and have formally declared their participation in the CWG via the mechanism designated by the Forum prior to attending.

  4. Each CWG may establish its own means for their communications, as provided in the charter, but such means should be managed in the same fashion as the Public Mail List and employed by the CWG with a similar level of transparency as appropriate to their nature with public archives for written methods of communication. CWGs may meet by teleconference or have face-to-face meetings as provided in the charter, but the Forum shall not be responsible for the expenses of any such teleconferences or meetings.

  5. (Referred to as Section 5.3.1(e) in the IPR Policy) CWGs may establish any number of subcommittees within its own Working Group to address any of such CWG’s business (each, a “CWG Subcommittee”). A CWG-created Subcommittee needs to be approved by the CWG itself according to the approval process set forth in the CWG charter, but approval of the Forum is not necessary.

5.3.2 Rechartering, Extending and Dissolving Working Groups

  1. Rechartering: CWGs may only amend their charters via the ballot procedure described in Section 2.3 above. After Forum approval of an amended CWG charter, the new charter takes effect immediately, or as specified in the amending ballot. This amendment process does not itself require an Interim WG Chair to be appointed, unless specified in the amending ballot.

  2. Extending: Unless extended, a CWG will expire on the date specified in its charter, if any. To extend a CWG charter, the Forum Chair may, at the Forum Chair’s discretion, conduct a fourteen (14) day poll (yes/no regarding the extension) of the Forum, initiated through the Public List. If no objection is made to the extension during the poll, the extension is deemed approved. If an objection (“no” vote) is made during the poll, an extension shall be determined using the ballot procedure described in Section 2.3 above. This provision may only be used to continue the work of the CWG under the existing charter and scope.

  3. Dissolving: The Forum can dissolve a CWG via a ballot following the Forum’s regular voting rules in Section 2.3 above. The Forum may not dissolve a CWG prior to the end date specified in its charter, if any, without such a ballot.

5.3.3 Output of Working Groups

  1. CWGs may adopt Final Guidelines and Final Maintenance Guidelines within the scope of their charters and according to the provisions (including voting processes) of the CWG’s charter. All Final Guidelines and Final Maintenance Guidelines must be posted on the Public Mail List, or the CWG’s Public Mail List, and the Public Web Site.

  2. Final Guidelines and Final Maintenance Guidelines developed by a CWG do not need to be approved by the Forum at large.

5.3.4 Legacy Working Groups

No stipulation.

5.4 Forum Teleconferences and Forum Meetings

From time to time the Forum and CWGs will hold Teleconferences and Meetings among the Voting Members, Probationary Members and Associate Members, who may participate in person or (where feasible) by teleconference. Interested Parties and others may be invited by the Forum or CWG Chair, in the Chair’s discretion, to participate in those portions of Teleconferences and CWG Meetings that are relevant to their expertise or their participation.

5.5 IPR policies

As a requirement for membership, Voting Members must execute and return to the CWG Chair the IPR Policy Agreement attached as Exhibit A before participating in any CWG. As the IPR Policy is amended from time to time, Members will be required to execute and return a new IPR Agreement within ninety (90) days of the CWG Chair’s written request. If a Voting Member fails to execute and return the new IPR Policy Agreement within such 90-day period, then the Member’s CWG and Forum membership shall default to a Probationary Member until the agreement is signed and returned.

As a requirement for participation in any CWG as a Probationary Member, an Associate Member or Interested Party, the IPR Policy Agreement attached as Exhibit A must be executed and returned to the CWG Chair before participating in any CWG. As the IPR Policy is amended from time to time, Probationary Members, Associate Members and Interested Parties will be required to execute and return a new IPR Policy Agreement within ninety (90) days of the CWG Chair’s written request. If an Associate Member or Interested Party fails to execute and return the new IPR Policy Agreement within such 90-day period, its participation in Forum calls, meetings, activities, and events shall be suspended until the agreement is signed and returned.

5.6 Forum Subcommittees

The Forum may establish subcommittees of the Forum that are not designated by a CWG, by ballot, to address any of the Forum’s business as specified in the ballot (each, a “Forum Subcommittee”). Forum Subcommittees are open to all Forum Members. A Forum Subcommittee may work on and recommend Forum ballots, complete delegated Forum functions, or issue reports to the Forum that are within the Forum Subcommittee’s jurisdiction. Forum Subcommittees must post all agendas and minutes on a public mail list.

No actions taken by a Forum Subcommittee will implicate obligations under the IPR Policy. A Forum Subcommittee will not generate or discuss any Contributions, Draft Guidelines, Final Guidelines, or Final Maintenance Guidelines (as such terms are defined by the IPR Policy), or partake in any activity that would trigger obligations pursuant to the IPR Policy if such activity were undertaken by a CWG.

6. MISCELLANEOUS

6.1 Posting and Amendment of the Bylaws

The current version of the Bylaws shall be posted to the Public Web Site. These Bylaws may be amended by subsequent ballot(s) of the Voting Members.

6.2 Procedure for Dealing with Questions and Comments

The Forum procedure for dealing with questions and comments sent to the Questions Mail List shall be as follows. The Chair shall appoint a Questions List Coordinator. The responsibilities of the Questions List Coordinator are:

  1. If practical, within twenty four (24) hours send an acknowledgment to the questioner indicating that the question or comment has been received and that a response will provided as soon as is practical.

  2. Coordinate discussion using the Member Mail List until consensus has been achieved. Depending on the topic of the question, the Questions List Coordinator may choose to coordinate discussion on the appropriate CWG Member Mail List.

  3. Post the proposed response to the Member Mail List indicating that Members have twenty four (24) hours to object.

  4. If no objections are received before the deadline expires, then send the response to the questioner.

  5. If consensus cannot be achieved, or one or more objections are received, then the matter should be dealt with in the next Forum Meeting or Forum Teleconference.

6.3 Interpretation of Bylaws

Nothing in these Bylaws is intended to supersede or replace anything in the IPR Policy. In the event of a conflict between these Bylaws and the IPR Policy, the IPR Policy shall govern.

6.4 Code of Conduct

All Members shall abide by the CAB Forum Code of Conduct, which is attached to these Bylaws as Exhibit B.

6.5 Photography Policy

All Members shall abide by the CAB Forum Photography Policy, which is attached to these Bylaws as Exhibit D.

DEFINITIONS

Affiliate: An entity that directly or indirectly controls, is controlled by, or is under common control with, another entity. Control for the purposes of these Bylaws shall mean direct or indirect beneficial ownership of more than fifty percent of the voting stock, or decision-making authority in the event that there is no voting stock, in an entity.

Forum Meetings: Face-to-face plenary meetings of Voting Members, Probationary Members and Associate Members as scheduled from time to time, and does not include meetings such as Subcommittee, subgroup, committee, or PAG meetings.

Forum Member: See “Member”.

Forum Teleconferences: Teleconference plenary meetings of Voting Members, Probationary Members and Associate Members as scheduled from time to time, and does not include meetings such as Subcommittee, subgroup, committee, or PAG meetings.

Member: The total of “Voting Members”, “Probationary Members”, “Associate Members” and “Interested Parties”.

Member Mail List: The email list-serv maintained by the Forum or CWG for communications by and among Forum or CWG Voting Members, Probationary Members and Associate Members. The Member Mail List is not available to Interested Parties or Other Parties.

Member Web Site: The password-protected web site available only to Voting Members, Probationary Members and Associate Members (currently called the CA/Browser Forum Wiki).

Public Mail List: A public email list-serv maintained by the Forum or CWG for communications by and among Members. The Public Mail List may be read by other parties, but other parties may not post to the Public Mail List.

Public Web Site: A public web site available to Members, and other parties.

Voting Representative: A natural person designated by the Voting Member organization allowed to cast votes on behalf of the Voting Member organization. Each Voting Representative can extend the set of Voting Representatives. Voting Representatives can also be introduced or removed by a Voting Member’s legal (or properly delegated) representative.

Questions Mail List: The email list-serv currently located at questions@cabforum.org maintained by the Forum for communications from the public to the Forum.

Exhibit A: CAB Forum IPR Policy Agreement

This CAB Forum IPR Policy Agreement (the “Agreement”) constitutes a binding contract amongst all participants who make Contributions during the process of developing a Draft Guideline for the purpose of incorporating such material into a Draft Guideline or a Final Guideline of the CA / Browser Forum.

In consideration of the mutual promises herein, Participant agrees on his/her/its behalf, and on behalf of any Affiliates (as that term is defined in the CAB Forum Intellectual Property Rights Policy (the “IPR Policy”)), to abide by the terms of the IPR Policy, incorporated herein by reference. Participant acknowledges that some of its obligations under the IPR Policy may survive the termination of this Agreement, as more fully described in the IPR Policy.

The party signing this Agreement intends that it shall take effect as an instrument under seal. If such party is not a natural person, the individual signing this Agreement for the Participant represents and warrants that he or she has the authority to enter into this Agreement on behalf of the Participant.

The Participant represents and warrants that either: (a) it has the authority to enter into this Agreement on behalf of all of its Affiliates; or (b) it has no Affiliates; or (c) each of its Affiliates has executed and delivered to the CAB Forum a countersignature to this Agreement, indicating that it consents to this Agreement, and agrees to enforce this Agreement’s terms as to any of such Affiliate’s Intellectual Property, including such terms as may properly be changed by the CAB Forum by notice to the Participant under this Agreement.

PARTICIPANT

By: ________________________________

(Signature)

Print Name __________________________

Title: ____________________________

____________________________

Participant Organization Name (if entity)

Date: ______________________

Exhibit B: CAB Forum Code of Conduct (the “Code”)

The CAB Forum (the “Forum”) is comprised of a global group of professionals with differences in language, skills, expertise, experience, and backgrounds. To maintain a professional and productive environment, it is necessary for Members of the Forum to follow the letter and spirit of this Code. This Code applies to all official Forum activities, such as meetings, teleconferences, mailing lists, conferences, and other Forum functions. The Forum is committed to maintaining a professional and respectful environment.

All Member representatives are expected to behave in a collegial and professional manner in accordance with this Code. Honesty and integrity are also paramount in all of our actions and interactions. Members will familiarize their representatives with this Code and require them to comply with the letter and spirit of this Code.

I. Conduct. The Forum is committed to providing a friendly, safe, and welcoming environment for all, regardless of gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, nationality, or other similar characteristic. The Forum recognizes and appreciates that its participants have diverse languages, backgrounds, experience, and expertise, and expects that all participants will be treated with respect by all other participants.

  1. In connection with official Forum activities, all Forum participants shall:

    • Be polite, kind, and courteous to other participants, refraining from insulting remarks on the perceived intelligence or ability of others.
    • Treat fellow Forum participants with respect, professionalism, courtesy, and reasonableness.
    • Respect that people have differences of opinion, and that there is seldom unanimous agreement on a single “correct” answer. Be willing to compromise and agree to disagree.
    • Be truthful, sincere, forthright, and candid, unless professional duties require that they maintain confidentiality or exercise special discretion.
  2. In connection with official Forum activities, all Forum participants shall refrain from conduct such as:

    • Threatening violence towards anyone.
    • Discriminating against anyone on the basis of personal characteristics or group membership.
    • Harassing or bullying anyone verbally, physically, or sexually.
    • Launching barbs at others. [Note: a “barb” is an obviously or openly unpleasant or carping remark.]
    • Touching another person in a physically inappropriate way.
    • Deliberately intimidating or stalking another person (in-person, online, or by other means).
    • Inappropriately disrupting or impeding official Forum events, including meetings, talks, and presentations. For purposes of this Code, “inappropriate disruption” would include aggressive, violent, and abusive conduct that prevents an official Forum event from occurring or proceeding.
    • Spamming, trolling, flaming, baiting, and other similar behavior inappropriately directed towards an individual.
    • Lying, deceiving, or intentionally misleading by omission or half-truth.
    • Advocating for, or encouraging, any of the above behavior.
  3. All Forum participants should promote the rules of this Code and take action to bring discussions back into compliance with the Code whenever violations are observed.

  4. Forum participants should stick to ideological, conceptual discussions and avoid engaging in offensive or sensitive personal discussions, particularly if they’re off-topic; such personal discussions can lead to unnecessary arguments, hurt feelings, and damaged trust.

II. Moderation. These are the policies for upholding the Code.

  1. Resist the urge to be defensive. Remember that it’s your responsibility to clearly communicate your message to your fellow participants. Everyone wants to get along and we are all in the Forum first and foremost because we want to talk about standards and everything that involves. Other participants will be eager to assume good intent and forgive as long as you have earned their trust.

  2. Participants should inform the Chair, Vice Chair, and/or a Working Group Chair immediately if they feel they have been, or are being, harassed or made uncomfortable by a Forum member. Intimidation, personal attacks, and retaliation of any kind will not be tolerated.

  3. Any Forum participant may report, in good faith, a perceived violation of the Code to the Forum Chair or Vice Chair, or to a Working Group Chair (each, a “Code Liaison”). One or more Code Liaison(s) will work with the reported Forum participant to determine whether a violation of the Code has occurred and, if so, how to resolve it.Resolution may also include appropriate executives from the Forum participant’s Member company, as appropriate. If the reported Forum participant, Member executives, and the Code Liaison(s) are unwilling or unable to resolve the issue, any of the foregoing may request the assistance of an independent third party to assist with the resolution.

  4. Members agree to take appropriate action in the event any of their Member representatives violate the Code. Such action could include warning, reprimanding, suspending, removing or replacing the Member representative who has violated the Code, depending on the severity of the violation. Depending on the number and severity of violations, the Forum may impose consequences such as excluding a Member representative from certain meetings, removing a Member representative from a mailing list, suspending a Member representative from certain Forum activities, or suspending or terminating the Member’s right to vote or otherwise participate in the Forum.

Adapted from the WHATWG Code of Conduct [https://wiki.whatwg.org/wiki/Code_of_Conduct], the W3C Code of Ethics and Professional Conduct [https://www.w3c.org/Consortium/cepc/], and the Citizen Code of Conduct [citizencodeofconduct.org].

Exhibit C: CAB Forum Charter Template

[insert name] Working Group Charter

The mission of the [insert name] Working Group is to: [Insert short summary of what WG will do.] End date: (e.g., December 31, 2019)

Initial Working Group Chair(s):

Initial Team Contact(s):

Meeting Schedule: (e.g., conference call 1st Thursday of the month, F2F once per year)

Type(s) of Voting Members Eligible to Participate: (e.g., CAs and Browsers)

Optional: There is a waiting period of at least six (6) months for a Certificate Issuer or Certificate Consumer to become a voting member, during which representatives of the organization must attend at least X% of all Working Group meetings. During such waiting period they are considered Probationary Members.

Voting Structure for WG: (e.g., 2/3 of CAs, ½ of Browsers)

  1. Working Group Scope

    1.1 Summary of Working Group Goals and Objectives [Describe goals and objectives of WG. What is the purpose of the WG, what do you hope to accomplish, why is this group important/necessary? Will this group leverage any existing work or collaborate with other groups?]

    1.2 Success Criteria

    • Prepare a ballot to create guidelines for the [insert name] Working Group.
    • Order to advance to Final Guidelines or Final Maintenance Guidelines, each specification is expected to have [e.g., at least x independent implementations of each feature defined in the specification].
    • Work with Forum to have guidelines for the [insert name] Working Group be approved and adopted.

    1.3 Minimum Requirements Each WG must meet the following minimum requirements:

    • Comply with all applicable laws, rules and regulations.
    • Comply with the CAB Forum IPR Policy and Bylaws.
    • Follow RFC 3647 and other technical requirements regarding the preparation of minutes and the use of public mailing lists.
    • [Any other requirements applicable to this specific WG?]

    1.4 Out of Scope [What is out of scope for this WG, what are items that this WG will not work on? For example, solving world hunger, fixing global warming, boiling the ocean]

  2. Summary of Work

    2.1 Guidelines The Working Group will deliver the following: [Draft of guidelines for WG review] [Draft of ballot for approval of guidelines] [Ballot approval of guidelines] [Final or Final Maintenance] Guidelines: [describe] [describe]

    2.2 Other Deliverables The Working Group may work on related deliverables and non-normative documents, such as: [describe] [describe]

    2.3 Milestones The initial milestones for the [Final or Final Maintenance] Guidelines are as follows. Such milestones may be modified or replaced by consensus of the Working Group members. [developmental milestone 1] [developmental milestone 2] [developmental milestone 3] [developmental milestone 4]

  3. Membership

    3.1 Membership Criteria This Working Group shall have the following categories of membership: [specify]

Applicants must meet the following criteria: [specify membership rules for each category of membership]

[The following is a proposed text for new Chartered Working Groups that can be amend accordingly].

(a) The Working Group shall consist of two classes of voting members –Certificate Issuers and Certificate Consumers meeting the following criteria:

  1. Certificate Issuer: [specify]

  2. Certificate Consumer: [specify]

(b) Applicants must supply the following information: • [specify]

Applicants that qualify as Certificate Issuers must supply the following additional information: • [specify]

(c) Approval process: [specify]

The Working Group shall include Interested Parties, Associate Members, and Probationary Members, as defined in the Bylaws.

3.2 Ending Membership [Proposed text. New Chartered Working Groups may amend accordingly].

Members may resign from the Working Group at any time. Resignation does not prevent a Member from potentially having continuing obligations, under the Forum’s IPR Policy or any other document.

(a) Certificate Consumer: [specify]

(b) Certificate Issuer: [specify]

Any Voting Member who believes any of the above circumstances is true of any other Voting Member, that Voting Member may report it on the Working Group Public Mail List. The Working Group Chair will then investigate, including asking the reported Voting Member for an explanation or appropriate documentation. If evidence of continued qualification for membership is not forthcoming from the reported Voting Member within five (5) working days, the Working Group Chair will announce that such Voting Member is suspended and has become a Probationary Member, such announcement to include the clause(s) from the above list under which the suspension has been made.

A Probationary Member who believes it has now re-met the membership criteria under the relevant clauses shall post evidence to the Working Group Public Mail List. The Working Group Chair will examine the evidence, and if appropriate, reinstate the member to voting status, by public announcement.

A Probationary Member may participate in this Working Group and Forum Meetings, Teleconferences, and on this Working Group and the Forum’s discussion lists as set forth in the Bylaws.

Votes cast before a Voting Member’s suspension is announced will stand.

3.3 Application Process Applicants shall supply information and follow a process to become members. [specify]

  1. Dependencies and Liaisons

    4.1 CAB Forum Groups This Working Group will coordinate with, and seek guidance from, the following other CAB Forum Working Groups (if applicable): [specify] [specify]

    4.2 External Groups This Working Group will coordinate with, and seek guidance from, the following outside organizations: [IETF?] [W3C?] [specify]

  2. Participation

To be successful, the [insert name] Working Group is expected to have [insert #] or more active participants for its duration. The Working Group participants are expected to contribute an appropriate number of hours per week towards the Working Group’s activities.

  1. Communication

Most Working Group teleconferences will focus on discussion of particular specifications, and will be conducted on an as-needed basis. This group conducts its work primarily on [insert name of mailing list], which is available [to members only/to the public.] Information about the group will be available via the [CAB Forum website].

  1. Decision Process

This Working Group will seek to make decisions when there is consensus and with due process. The expectation is that, typically, the Working Group Chair or other participant makes an initial proposal, which is then refined in discussion with the Working Group participants, and consensus emerges with little formal voting being required. However, if a decision is necessary for timely progress, but consensus is not achieved after careful consideration of the range of views presented, the Working Group Chair should put the question out for voting within the WG (using email and/or web-based survey techniques) according to Section 2 (Forum Membership and Voting) of the Forum Bylaws and record a decision, along with any objections. The matter should then be considered resolved unless and until new information becomes available.

  1. IPR Policy

This Working Group is subject to the CAB Forum Intellectual Rights Policy v.1.3 Effective July 3, 2018 (the “IPR Policy”). To promote the widest adoption of the CAB Forum Guidelines, CAB Forum seeks to issue Final Guidelines and Final Maintenance Guidelines that can be implemented, according to the IPR Policy, on a CAB Forum Royalty-Free License basis. For information about exclusion of Essential Claims, see Section 4 of the IPR Policy.

  1. About this Charter

This charter for the [insert name] Working Group has been created according to Section 5.3.1 of the Bylaws of the CAB Forum. In the event of a conflict between this charter and any provision in either the Bylaws or the IPR Policy, the provision in the Bylaws or IPR Policy shall take precedence.

Exhibit D: CAB Forum Photography Policy

This policy is based on the IETF meetings photography policy published at https://www.ietf.org/about/groups/iesg/statements/meeting-photography-policy/.

The intent behind this policy is to balance people’s legitimate desire not to be photographed at Face-to-Face meetings with the CA/B Forum’s ability to document activities, enable remote participation and to promote active collaboration. The following policy applies to all CA/B and its Working Group face-to-face (F2F) meetings, events, plenaries and hackathons.

Labelling

F2F meeting participants will have the opportunity to label themselves as desiring not to be photographed by indicating “Photograph Privacy Requested” when they register at a F2F meeting. The list of participants will include a “Photograph Privacy Requested” next to the participant’s name and will be available to all F2F meeting participants.

Official Photography

Any photographer engaged on behalf of the CA/B Forum should not photograph individuals wearing the currently-designated RED lanyard that is provided to those that requested “Photograph Privacy”, should make reasonable efforts to avoid photographing small groups with one or more members wearing that lanyard, and should not publish small group photographs with such individuals in them. There are two important exceptions to this policy:

  • CA/B Forum, Working Group and Subcommittee officers (Chairs, Vice-Chairs) performing their official responsibilities may be photographed.
  • Photographs of large groups may contain incidental images of such individuals and we will not attempt to redact those. Specifically, photographs of panels and the like (e.g., plenaries) are expected to contain all individuals regardless of labelling.

F2F meetings are generally video recorded and streamed through video-conference, for remote participation and minute-taking purposes, and no attempt will be made to avoid recording individuals. However, if the CA/B Forum publishes still frames of these videos, individuals that indicated “Photograph Privacy” should not be shown.

Note: the use of “should” above is intended to reflect that although this is a CA/B Forum policy, it is a best effort service and some mistakes will likely be made, perhaps because someone’s lanyard color is not noticed or visible. Individuals can contact the CA/B Forum or Working Group Chair to arrange for redaction of their images or to report abuse.

In all cases and at every F2F meeting, if the host’s imagery (photos or videos) policy is more restrictive, it shall supersede this CA/B Forum photography policy and everyone attending will need to adapt to the host’s more restrictive policy.

Unofficial Photography

Many CA/B Forum F2F participants also engage in photography. We ask that those participants avoid photographing individuals who have asked not to be photographed or are wearing the “Photograph Privacy Requested” designated lanyard, except under the conditions listed above.

Voluntary Photo directory

F2F meetings usually have such a large number of participants that it is hard for representatives to remember faces and names. Having a picture next to a name for reference, is helpful in that respect. A voluntary photo directory is allowed but not required for F2F meetings. This voluntary photo directory will be stored in the Forum’s Member Web Site. Photos included in this directory shall be used and added next to the name of the attendee’s list in F2F meetings. Once a member is removed from the Forum or a member representative is asked to be removed from the Member Web Site, the photos shall be removed.

Representatives that voluntarily provide their photo for the photo directory are deemed to, consent to this photo being added to the attendee’s list for F2F meetings. Representatives may withdraw their consent and remove their photo from the directory and future attendee lists at any time.

Representatives that have their photo in the voluntary photo directory shall not indicate the “Photograph Privacy Requested” at F2F meetings. They must first withdraw their consent and remove their photo from the directory.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).