<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Apple Color Emoji";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 2 6 3 5 4 5 2 3 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Apple SD Gothic Neo \;";
panose-1:2 0 3 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@Apple SD Gothic Neo \;";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.hoenzb
{mso-style-name:hoenzb;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Georgia",serif;
color:windowtext;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:822282579;
mso-list-type:hybrid;
mso-list-template-ids:-699769326 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:1717003001;
mso-list-type:hybrid;
mso-list-template-ids:-2045739432 1673929674 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;
font-family:"Georgia",serif;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman \(Body CS\)";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.75in;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.75in;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-family:"Georgia",serif'>Looking at the Bylaws, the definition of an Associate Member in 3.1 establishes some important criteria:<o:p></o:p></span></p><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='margin-left:0in;mso-list:l0 level1 lfo1'><span style='font-family:"Georgia",serif'>Becoming an Associate Member is “by invitation only”. Note that there is no establishment of <i>who</i> does the inviting, or what the process is for requesting or obtaining an invitation.<o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l0 level1 lfo1'><span style='font-family:"Georgia",serif'>To become an Associate Member, an organization “must sign a mutual letter of intent, understanding, or other agreement”. The contents of the letter aren’t specified here.<o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l0 level1 lfo1'><span style='font-family:"Georgia",serif'>The Associate Member must <i>also</i> sign “the Forum’s IPR Agreement, unless this latter requirement is waived in<i> </i>writing<i> by the Forum based on overriding policies of the Associate Member’s own organization IPR rules</i>.” (Emphasis added)<o:p></o:p></span></li></ul><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Georgia",serif'>It seems like in the past, the waiving of IPR requirements and the invitation of Associate Members has been done informally, on the basis of, “Well of course we’d want them to participate and of course we wouldn’t make them sign that.” Further, I’d guess the requirements for becoming an Associate Member were based on what we were already doing with groups like ETSI. That’s not an issue per se—it makes sense to create requirements that you already know you’ll pass!—but I think the loose requirements we have are no longer one-size-fits-all. <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Georgia",serif'>Perhaps it would help for us to remove the informality from the Bylaws and define a specific process for inviting organizations and for determining whether an org is required to sign the IPR or not, much the way we have a specific process for applying to be a normal Member?<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><p class=MsoNormal style='text-indent:.5in'><span style='font-family:"Georgia",serif'>-- Jos<o:p></o:p></span></p><div><p class=MsoNormal><span style='font-size:9.0pt;font-family:Consolas;color:black'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:Consolas;color:black'>-- <br>Jos Purvis (jopurvis@cisco.com)<br>.:|:.:|:. cisco systems | Cryptographic Services<br>PGP: 0xFD802FEE07D19105 | +1 919.991.9114 (desk)</span><o:p></o:p></p></div><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Georgia",serif'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'>Govreform <govreform-bounces@cabforum.org> on behalf of CA/BF Governance Reform List <govreform@cabforum.org><br><b>Reply-To: </b>Dimitris Zacharopoulos <jimmy@it.auth.gr>, CA/BF Governance Reform List <govreform@cabforum.org><br><b>Date: </b>Thursday, 14 June, 2018 at 14:35 <br><b>To: </b>CA/BF Governance Reform List <govreform@cabforum.org><br><b>Subject: </b>Re: [cabf_governance] Who Must Sign the IPR?<o:p></o:p></span></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'>Just to clarify, ACAB-c is comprised of Accredited CABs only, not TSPs.<br><br>Dimitris.<o:p></o:p></p><div><p class=MsoNormal>On 14/6/2018 9:19 μμ, Virginia Fournier via Govreform wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Hi Ryan, <o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Would you please also summarize the ETSI issue you raised on the call today? I’m not sure whether you were objecting to the discussion of the issue on today’s call, the MOU previously signed with ETSI, not discussing the issue directly with ETSI, having ETSI sign the IPR agreement, or something else. Is it just what you’ve mentioned below? I’d appreciate your summary so the Governance Reform WG can determine how to address it. Thank you. <o:p></o:p></p><div><div><div><div><div><div><div><div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Helvetica;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Helvetica;color:black'>Best regards,<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Helvetica;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Helvetica;color:black'>Virginia Fournier<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Helvetica;color:black'>Senior Standards Counsel<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Helvetica;color:#717171'></span><span style='font-size:10.5pt;font-family:Helvetica;color:black'> Apple Inc.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Apple SD Gothic Neo \;";color:black'>☏</span><span class=apple-converted-space><span style='font-size:10.5pt;font-family:Helvetica;color:black'> </span></span><span style='font-size:10.5pt;font-family:Helvetica;color:black'>669-227-9595<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Apple Color Emoji";color:#0433FF'>✉</span><span style='font-size:10.5pt;font-family:Helvetica;color:#0433FF'>︎ <a href="mailto:vmf@apple.com">vmf@apple.com</a><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Helvetica;color:#579DFF'><o:p> </o:p></span></p></div></div></div></div></div></div></div></div></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On Jun 14, 2018, at 9:11 AM, Ryan Sleevi via Govreform <<a href="mailto:govreform@cabforum.org">govreform@cabforum.org</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>(I'm not sure if I have posting rights on govreform, so this may only go to the named parties) <o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thanks for this summary Ben. To capture the other part of the F2F discussion and this and the previous call, it sounds like there's two separate-but-highly-related challenges.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>First is confusion about who must sign the IPR, whether participating as an Interested Party, an Associate Member, or a full Forum member. Examples of this confusion have manifest in several discussions, in which some members expressed confusion as to how to best handle it, such as:<o:p></o:p></p></div><div><p class=MsoNormal>- For interested parties, whether an individual signature is sufficient or whether that individuals employer(s) must also sign<o:p></o:p></p></div><div><p class=MsoNormal>- For associate members, the process for waiving the IPR agreement, as covered in Section 3.1 of the Bylaws<o:p></o:p></p></div><div><p class=MsoNormal>- For associate members, how to handle various industry groups, such as:<o:p></o:p></p></div><div><p class=MsoNormal> - CPA Canada's WebTrust TF, which is comprised of volunteers from firms such as KPMG, Deloitte, and BDO, but also has representatives from CPA Canada itself<o:p></o:p></p></div><div><p class=MsoNormal> - ACAB-c, which has a number of European conformance assessment bodies (auditors) and European CAs (which themselves may be members of the Forum)<o:p></o:p></p></div><div><p class=MsoNormal> - ETSI, which is comprised of Member Organizations that may meet any of our other definitions, and which may have individuals that are employed by ETSI member organizations, but are not representing their Member Organization<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Second, there is confusion about the nature and scope of participation in CA/Browser Forum calls and F2Fs. This confusion roughly follows the examples illustrated above, but to more firmly document.<o:p></o:p></p></div><div><p class=MsoNormal> - WebTrust is administered by CPA Canada, and thus we'd expect CPA Canada employees and consultants to be able to participate (e.g. Don Sheehy, Gord Beal). However, the Task Force is made up of volunteers from auditing firms, and whether or not the recognition of AM also extends to those members and their employees. Jeff Ward, as Chair of the TF, while employed by BDO, has been a steady participant in Forum F2F, but whether this invitation extends to the entire TF, or their member organizations, was a point of confusion.<o:p></o:p></p></div><div><p class=MsoNormal> - ACAB-c is an organization made up of many European TSPs and CABs. Does recognition of ACAB-c as an Associate Member extend invitations to all of these organizations, and their employees, to also participate in the F2F<o:p></o:p></p></div><div><p class=MsoNormal> - ETSI, as a member organization, is made up of a large number of members. Does invitation only extend to those employeed directly by ETSI, or does it also include those who participate in or lead the various focus groups within ETSI?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Note that there was a separate discussion on that second point related to Members (such as whether any employee of an organization can be in charge of voting or participate in Forum F2F, or whether there should be a notion of designated representatives), but that's not nearly as urgent or pressing as these above matters are.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>My hope is that through discussion in the Governance Reform WG and telecons, there can be a mutually agreed upon and documented understanding as to:<o:p></o:p></p></div><div><p class=MsoNormal>- A common understanding of the 'complex' cases (the above may be woefully insufficient)<o:p></o:p></p></div><div><p class=MsoNormal>- Who signs the IPR Agreements for these complex cases<o:p></o:p></p></div><div><p class=MsoNormal>- What concerns, if any, exist with those guidelines by the member organizations (e.g. concerns of Proviti / US Government, or of ETSI and its members)<o:p></o:p></p></div><div><p class=MsoNormal>- Agreement on the process and procedures for any exceptions that might be granted under the Bylaws Section 3.1, such as:<o:p></o:p></p></div><div><p class=MsoNormal> - The chair decides<o:p></o:p></p></div><div><p class=MsoNormal> - Assent on a meeting (F2F or telecon), the same as done for members that meet the requirements<o:p></o:p></p></div><div><p class=MsoNormal> - Full Forum votes<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Hopefully that accurately and appropriately captures the discussions to date, in order to frame possible work items.<o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On Thu, Jun 14, 2018 at 11:46 AM, Ben Wilson <<a href="mailto:ben.wilson@digicert.com" target="_blank">ben.wilson@digicert.com</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Group,<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>An issue from the London face-to-face meeting resurfaced today on the CABF call. That is, who must sign the IPR agreement? I believe that many members of the CABF would like a recommendation from this working group.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I think it has been pretty clear, at least in practice, that someone with authority for an organization that is a member must sign the IPR agreement. For Interested Parties who are individuals, their signature on the IPR Agreement is pretty straightforward. But things get a little fuzzy when we deal with other scenarios. The most unclear situation is when we are dealing with associations of other organizations and individuals – viz. ETSI and WebTrust who send representatives to our meetings. Another example is where an entity appoints another entity as its agent (recognized representative) for discussions/votes. For this latter situation, a side issue is what should we require as evidence of the agency relationship.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Cheers,<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#888888'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#888888'>Ben<o:p></o:p></span></p></div></div></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>_______________________________________________<br>Govreform mailing list<br><a href="mailto:Govreform@cabforum.org">Govreform@cabforum.org</a><br><a href="https://cabforum.org/mailman/listinfo/govreform">https://cabforum.org/mailman/listinfo/govreform</a><o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><br><br><br><o:p></o:p></p><pre>_______________________________________________<o:p></o:p></pre><pre>Govreform mailing list<o:p></o:p></pre><pre><a href="mailto:Govreform@cabforum.org">Govreform@cabforum.org</a><o:p></o:p></pre><pre><a href="https://cabforum.org/mailman/listinfo/govreform">https://cabforum.org/mailman/listinfo/govreform</a><o:p></o:p></pre></blockquote><p class=MsoNormal><br><br><o:p></o:p></p></div></body></html>