<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin-top:0in;
        margin-right:0in;
        margin-bottom:8.0pt;
        margin-left:0in;
        line-height:105%;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:8.0pt;
        margin-left:.5in;
        mso-add-space:auto;
        line-height:105%;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        mso-add-space:auto;
        line-height:105%;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        mso-add-space:auto;
        line-height:105%;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:8.0pt;
        margin-left:.5in;
        mso-add-space:auto;
        line-height:105%;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.EmailStyle18
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:770246525;
        mso-list-type:hybrid;
        mso-list-template-ids:-936886306 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l1
        {mso-list-id:1001589271;
        mso-list-type:hybrid;
        mso-list-template-ids:1869410196 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l1:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l1:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l1:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l1:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l1:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l1:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l1:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l1:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l2
        {mso-list-id:1411075934;
        mso-list-type:hybrid;
        mso-list-template-ids:221961392 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l2:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l2:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l2:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l2:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l2:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l2:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l2:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l2:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l2:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>I also put together the attached after our call yesterday.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Regarding Oracle, here is what they said in 2014:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-IE>Oracle will not be participating in the CAB forum. &nbsp;I received some closure from execs but I&#8217;m not at liberty to explain further. &nbsp;Even so, we would like to keep a communication path open for technical issues\concerns on both sides and for CAB Form members should they arise from time to time<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>In private conversation, they were concerned about the IPR policy and the vastness of Oracle which would require a ton of research on patents.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Adobe&#8217;s concern was similar.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Dean<o:p></o:p></span></p><p class=MsoNormal align=center style='text-align:center'><b><span style='font-size:16.0pt;line-height:105%'>Governance Review Outline<br><br></span></b><b><span style='font-size:16.0pt;line-height:105%'><o:p></o:p></span></b></p><p class=MsoListParagraphCxSpFirst style='text-indent:-.25in;line-height:106%;mso-list:l2 level1 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Why are we making this change? <o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;line-height:106%;mso-list:l2 level2 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>a.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Increased participation in Forum topics outside of SSL<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;line-height:106%;mso-list:l2 level2 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>b.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Discussion of topics outside of SSL: Code Signing, SMIME, IoT, doc signing<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;line-height:106%;mso-list:l2 level2 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>c.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Value to doing it in the same org/structure/IPR as CABF<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto'><span style='font-size:12.0pt;line-height:105%'><o:p>&nbsp;</o:p></span></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;line-height:106%;mso-list:l2 level1 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>What are the issues why people won&#8217;t participate?<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;line-height:106%;mso-list:l2 level2 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>a.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Lack of voting rights</span><span style='font-size:12.0pt;line-height:106%'><o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;line-height:106%;mso-list:l2 level2 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>b.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Issues in signing current IPR (RAND-Z vs. RAND)</span><span style='font-size:12.0pt;line-height:106%'><o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto'><span style='font-size:12.0pt;line-height:105%'><o:p>&nbsp;</o:p></span></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;line-height:106%;mso-list:l2 level1 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>3.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Who should be able to vote?<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;line-height:106%;mso-list:l2 level2 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>a.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Need &#8220;skin in the game&#8221;<o:p></o:p></span></p><p class=MsoListParagraphCxSpLast style='margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;line-height:106%;mso-list:l2 level2 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>b.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>No skin, no vote<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;line-height:105%'><o:p>&nbsp;</o:p></span></p><p class=MsoListParagraphCxSpFirst style='text-indent:-.25in;line-height:106%;mso-list:l2 level1 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>4.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Common Ground so far:<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;line-height:106%;mso-list:l2 level2 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>a.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Find a forum/format for added scope<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;line-height:106%;mso-list:l2 level2 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>b.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Common IP policy for all groups?<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto'><span style='font-size:12.0pt;line-height:105%'><o:p>&nbsp;</o:p></span></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;line-height:106%;mso-list:l2 level1 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>5.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Issues<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;line-height:106%;mso-list:l2 level2 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>a.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Defining voting structure outside of SSL<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.5in;mso-add-space:auto;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;line-height:106%;mso-list:l2 level3 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>i.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Current CA/Browser makeup would be different if &#8220;browser&#8221; side included many more parties such as in Doc signing. <o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;line-height:106%;mso-list:l2 level1 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>6.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Considerations<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;line-height:106%;mso-list:l2 level2 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'>a.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>W3C model?<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:1.5in;mso-add-space:auto;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;line-height:106%;mso-list:l2 level3 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>i.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Separation into working groups<o:p></o:p></span></p><p class=MsoListParagraphCxSpLast style='margin-left:1.5in;mso-add-space:auto;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;line-height:106%;mso-list:l2 level3 lfo5'><![if !supportLists]><span style='font-size:12.0pt;line-height:106%'><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>ii.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span style='font-size:12.0pt;line-height:106%'>Participation based IPR<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p>&nbsp;</o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;line-height:normal'><b>From:</b> govreform-bounces@cabforum.org [mailto:govreform-bounces@cabforum.org] <b>On Behalf Of </b>Kirk Hall<br><b>Sent:</b> Wednesday, July 20, 2016 2:46 PM<br><b>To:</b> 'Govreform@cabforum.org' &lt;Govreform@cabforum.org&gt;<br><b>Subject:</b> [cabf_governance] New ideas after Governance WG meeting yesterday<o:p></o:p></p></div></div><p class=MsoNormal><o:p>&nbsp;</o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>After our Governance WG call yesterday, I had a few more ideas.<o:p></o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><o:p>&nbsp;</o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>First, I think we heard the following comments from Andrew Whalley about Google&#8217;s past concerns (with some suggested solutions from me following in the right column).&nbsp; Andrew, if I misunderstood anything I apologize.<o:p></o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><o:p>&nbsp;</o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='border-collapse:collapse'><tr><td width=312 valign=top style='width:233.75pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal align=center style='margin-bottom:0in;margin-bottom:.0001pt;text-align:center;line-height:normal'><b>Google Concerns<o:p></o:p></b></p></td><td width=312 valign=top style='width:233.75pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal align=center style='margin-bottom:0in;margin-bottom:.0001pt;text-align:center;line-height:normal'><b>Kirk suggested solution / response<o:p></o:p></b></p></td></tr><tr><td width=312 valign=top style='width:233.75pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p class=MsoListParagraph style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:16.85pt;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><![endif]>The Code Signing WG went beyond the Forum&#8217;s Purpose as stated in Bylaw 1.1, which is limited to this: &#8220;Members of the CA/Browser Forum have worked closely together in defining the guidelines and means of implementation for best practices <u>as a way of providing a heightened security for Internet transactions</u> and <u>creating a more intuitive method of displaying secure sites to Internet users</u>.&#8221;<o:p></o:p></p></td><td width=312 valign=top style='width:233.75pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;line-height:normal'>CAs have an interest in all types of certificates, not just SSL server certificates, and it is very convenient to work on these other certificate issues at Forum meetings.&nbsp; The Purpose can be amended to allow a broader scope for the Forum.&nbsp; Browsers do not need to participate in any WG that does not interest them.<o:p></o:p></p></td></tr><tr><td width=312 valign=top style='width:233.75pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p class=MsoListParagraph style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:16.85pt;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><![endif]>The Code Signing WG&#8217;s product will only be used by a single application (here, Microsoft), and so does not belong as a Forum activity.<o:p></o:p></p></td><td width=312 valign=top style='width:233.75pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;line-height:normal'>Again, CAs have an interest in all types of certificates, not just SSL server certificates, and working on broader projects in the Forum&#8217;s WGs is very convenient.&nbsp; <o:p></o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;line-height:normal'>When CAs drafted the EVGL in 2006-2008, there were NO applications committed to implementing them &#8211; they were a &#8220;spec&#8221; project by CAs seeking to improve internet security by creating new, higher standards, and after the EVGL were completed all the major browsers signed on.&nbsp; <o:p></o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;line-height:normal'><o:p>&nbsp;</o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;line-height:normal'>Likewise, to date there have been no common, minimum standards for Code Signing certs, meaning bad guys who are blocked by one CA from getting a Code Signing cert can just go to another and get a Code Signing cert.&nbsp; This is an attempt by CAs to raise the bar, not an attempt to write a standard for one application (here, Microsoft).&nbsp; The CAs will now push other applications (e.g., Oracle, Adobe) to adopt the Code Signing requirements in the future, just as happened with the EVGL.<o:p></o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;line-height:normal'><o:p>&nbsp;</o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;line-height:normal'>CAs should be allowed to work on projects like this in the Forum.&nbsp; If a browser is not interested, it does not need to participate.<o:p></o:p></p></td></tr><tr><td width=312 valign=top style='width:233.75pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p class=MsoListParagraph style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:16.85pt;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>3.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><![endif]>Google had concerns that adoption of the Code Signing guidelines would trigger a requirement to disclose or license possible conflicting IP, which Google did not want to do.<o:p></o:p></p></td><td width=312 valign=top style='width:233.75pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;line-height:normal'>This can be fixed by amending our IPR agreement to a &#8220;participation&#8221; RAND-Z model, so those CAs or browsers who do not participate in a project do not have to make any IP disclosure.<o:p></o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;line-height:normal'>There is another easier fix discussed below &#8211; simply put non-SSL cert issues in WGs only, and only require IP disclosure by members of the WG (and do not require approval by the Forum itself of any non-SSL cert requirements created by a WG).<o:p></o:p></p></td></tr><tr><td width=312 valign=top style='width:233.75pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p class=MsoListParagraph style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:16.85pt;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>4.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><![endif]>[Unrelated issue] Google wants to be certain that voting on new requirements in a WG only occurs with people and organizations which have &#8220;skin in the game&#8221; &#8211; otherwise, requirements could be set by people and organizations who don&#8217;t have to live with the results.<o:p></o:p></p></td><td width=312 valign=top style='width:233.75pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;line-height:normal'>See solution below &#8211; allow anyone to participate in a WG if they sign the updated IPR, but only allow organizations involved in the industry to vote on adoption of new requirements.<o:p></o:p></p></td></tr></table><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><o:p>&nbsp;</o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>As to <u>point 3</u> &#8211; the current disclosure requirements of our current IPR policy &#8211; this can be resolved by moving to a &#8220;participation&#8221; based RAND-Z IPR.&nbsp; However, we have been told this is complicated and involves a lot of work.&nbsp; An easier solution would be to change our rules as follows:<o:p></o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><o:p>&nbsp;</o:p></p><p class=MsoListParagraphCxSpFirst style='margin-bottom:0in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l1 level1 lfo4'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>&middot;<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]>Work on SSL server certificate issues will occur in appropriate WGs and also at the Forum level, and will be adopted by votes of Forum members at the Forum level and trigger our current IP disclosure requirements.&nbsp; There would be no change to our current RAND-Z IPR agreement, and all members would have to make IP disclosures or licensing as in the past.<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='margin-bottom:0in;margin-bottom:.0001pt;mso-add-space:auto'><o:p>&nbsp;</o:p></p><p class=MsoListParagraphCxSpMiddle style='margin-bottom:0in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l1 level1 lfo4'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>&middot;<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]>However, <u>non</u>-SSL server certificate issues would be worked on ONLY in WGs created by the Forum for that purpose, and any requirements or guidelines would be approved <u>only</u> at the WG level.&nbsp; The output would <u>not</u> come to the Forum level for re-adoption.&nbsp; <o:p></o:p></p><p class=MsoListParagraphCxSpLast style='margin-bottom:0in;margin-bottom:.0001pt;mso-add-space:auto'><o:p>&nbsp;</o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt'>We would slightly modify our current IPR agreement so that the disclosure/licensing requirement would apply <u>only</u> to participants of the (non-SSL server certificate) WGs, but would not apply to any Forum members who were not members of the WG.&nbsp; We would also clarify that creation of a non-SSL server certificate WG at the Forum level would not itself trigger any disclosures/licensing under our current IPR policy.&nbsp; <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt'><o:p>&nbsp;</o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt'>Choosing this method would avoid the need to track &#8220;participation&#8221; on an issue or a new set of requirements &#8211; instead, we would only be required to track &#8220;membership&#8221; of non-SSL WGs &#8211; all non-SSL WG members would have to comply with the IPR disclosure requirements upon adoption of new requirements at the WG level.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt'><o:p>&nbsp;</o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>As to <u>point 4</u> &#8211; our current Bylaws allow anyone to participate as a Working Group Interested Party if they sign our IPR agreement (whether or not they have &#8220;skin in the game&#8221;).&nbsp; However, we have not specified any voting rules for WGs &#8211; it hasn&#8217;t been important in the past, as WG proposals today are only approved at the Forum level.&nbsp; <o:p></o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><o:p>&nbsp;</o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>We could solve the skin in the game problem by enacting new rules that the only WG members who can vote on adoption or approval of requirements or amendments are people representing organizations that either <u>issue</u> the types of certificates covered by the requirements or applications that <u>use</u> or <u>recognize</u> the certificates &#8211; other WG members can talk and suggest language in the WGs, but can&#8217;t vote on adoption.&nbsp; That allows full public participation at the WG level, but ensures that only parties who are issuing the certs in question or using the certs will be voting on requirements.&nbsp; We would need new voting rules for WGs, such as requiring approval of 2/3 of the &#8220;industry&#8221; members of a WG for adoption of requirements, as we can&#8217;t use the current voting rules (2/3 of CAs, 51% of browsers) at the WG level because there may not be any browsers working on some WGs.<o:p></o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><o:p>&nbsp;</o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Finally, we still don&#8217;t know exactly why Oracle and Adobe were unwilling to participate with the Code Signing WG &#8211; it seemed to relate to our IPR policy, but we don&#8217;t have specifics.&nbsp; We won&#8217;t be able to solve this problem by moving to a &#8220;participation&#8221; based IPR policy (or &#8220;membership&#8221; based IPR policy looking at WG membership), as Oracle and Adobe clearly would be participating as members of a WG and would have to comply with whatever our IPR policy is.&nbsp; If, for example, they prefer a RAND to a RAND-Z policy, we probably can&#8217;t satisfy them.<o:p></o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><o:p>&nbsp;</o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><u>Dean</u> &#8211; can you ask Oracle and Adobe for more information on their prior objections?<o:p></o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><o:p>&nbsp;</o:p></p><p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>In any event &#8211; please consider this new structure as a way to keep non-SSL certificate issues within the current Forum (albeit only at the WG level) and helping to bring in more participation by other organizations and the public.<o:p></o:p></p><p class=MsoNormal><o:p>&nbsp;</o:p></p></div></body></html>