[cabfpub] Ballot 89 Rewrite

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Wed Aug 14 02:51:21 UTC 2013 

I agree with Ryan.  I'm not sure we need a formal Ballot to remove the current EV developer guidelines from our website -- did we use a ballot to post the guidelines in the first place?

Ben, you could have said "By consensus, the old guidelines are out of date so they will be removed from the CABF website unless someone objects in the next seven days-- does anyone object?"  If there are not objections, then I'd say remove.

At that point, Rick, I think your Ballot 89 could/should simply say "Adopt the attached as new EV developer guidelines, and post it on the CABF website".  If you do that, Trend  Micro would be an endorser.

So Ben, why not try a "Does anyone object to removing the old EV developer guidelines from the CABF website?  If yes, respond within seven days" and see if you get any objections.

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Tuesday, August 13, 2013 7:08 PM
To: ben at digicert.com
Cc: Rick Andrews; CABFPub
Subject: Re: [cabfpub] Ballot 89 Rewrite

Ben,

The downside to this approach is that voting for either Part A or Part B presumably serves towards quorum, much in the same way an explicit abstention would (as opposed to a non-voting party).

I'm not trying to mire things in procedural nits, but as has been seen in the past, I'm particularly nervous when it comes to setting precedents in harmless/benign situations that might be used to justify more problematic practices in the future.

Cheers,
Ryan

On Tue, Aug 13, 2013 at 4:02 PM, Ben Wilson <ben at digicert.com> wrote:
> Here is some alternative ballot language:
>
> --- Motion begins ---
>
> Ballot 89 Part A - Be it resolved that we remove the 2009 Version 1.0 
> of "GUIDELINES for the PROCESSING of EXTENDED VALIDATION CERTIFICATES" 
> from the public CA Browser Forum website."
>
> Yes / No
>
> Ballot 89 Part B - Be it further resolved that we post the attached 
> "RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION 
> CERTIFICATES" to the public CA Browser Forum website.
>
> Yes / No
>
>
> ... Motion ends ...
>
>
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] 
> On Behalf Of Ben Wilson
> Sent: Tuesday, August 13, 2013 4:58 PM
> To: 'Ryan Sleevi'; 'Rick Andrews'
> Cc: public at cabforum.org
> Subject: Re: [cabfpub] Ballot 89 Rewrite
>
> It was my idea to combine the vote.  We can split the language to 
> express two yes/no decisions.
>
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] 
> On Behalf Of Ryan Sleevi
> Sent: Tuesday, August 13, 2013 4:44 PM
> To: Rick Andrews
> Cc: public at cabforum.org
> Subject: Re: [cabfpub] Ballot 89 Rewrite
>
> Rick,
>
> It appears you're actually proposing two ballots here. While I 
> appreciate the desire for efficiency, it does seem against the spirit 
> of the forum where a vote for "No" is in fact a vote "Yes", simply for 
> a different motion. Abstaining is possible, but equally seems counter 
> to the purpose of abstentions.
>
> It does appear that, like so many other work products of the CA/B 
> Forum, our bylaws are ambiguous with respect to the expected form of 
> motions. The closest interpretation would be Section 2.2 (e) of the 
> bylaws, which suggestions all Ballot Questions shall be Yes/No - 
> indicating a ballot question is needed here.
>
> Rather than positioning your latest proposal as "all or nothing", 
> perhaps it would be more prudent to first discuss whether or not the 
> membership agrees to withdraw the present guidelines. It would seem 
> that if such a vote passed, it would give a clear signal whether there 
> was sufficient and strong enough interest for updating it.
>
> Regards,
> Ryan
>
> On Tue, Aug 13, 2013 at 3:22 PM, Rick Andrews 
> <Rick_Andrews at symantec.com>
> wrote:
>> I am withdrawing the current Ballot 89 language and replacing it as 
>> outlined below.  A while back, I volunteered to update the Guidance 
>> to Application Developers (version 1, dated 2009, at
>>
> https://www.cabforum.org/Guidelines_for_the_processing_of_EV_certifica
> tes%20
> v1_0.pdf).
>> Based on comments received, edits were made to both the guideline 
>> document and the ballot.  However, more recently I began to 
>> understand that none of the browser vendors were supportive of my 
>> changes.  Of particular note, I received objections to some 
>> provisions in version 2, but then I saw that the same language 
>> currently exists in the 2009 version on the CABF website (i.e., that 
>> a browser should drop EV treatment for certificates that don't meet 
>> crypto requirements (Section 10) and that browsers should adjust 
>> their Root Embedding Programs accordingly (Section 7)).  So my 
>> conclusion is that browser vendors might not be supportive of version 
>> 1 either.  However, as a final
> effort, I have edited the document again and renamed it to:
>> "Recommendations for the Processing of EV SSL Certificates."  You can 
>> view changes from version 1 in the attached documents.
>>
>> Therefore, I am proposing that Ballot 89 go forward as follows, if I 
>> can get two endorsers:
>>
>> Ballot 93 - Reasons for Revocation (BR issues 6, 8, 10, 21)
>>
>> Rick Andrews (Symantec) made the following motion, endorsed by ? and ?:
>>
>> --- Motion begins ---
>>
>> A "YES" vote on Ballot 89 means that the member votes to remove the
>> 2009 Version 1.0 of "GUIDELINES for the PROCESSING of EXTENDED 
>> VALIDATION CERTIFICATES" from the public CA Browser Forum website and 
>> replace it with the attached "RECOMMENDATIONS for the PROCESSING of 
>> EXTENDED VALIDATION CERTIFICATES".
>>
>> A "NO" vote on the ballot means that the member votes to remove the
>> 2009 Version 1.0 of "GUIDELINES for the PROCESSING of EXTENDED 
>> VALIDATION CERTIFICATES" on the public CA Browser Forum website and 
>> not
> replace it.
>>
>> ... Motion ends ...
>>
>> -Rick
>>
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>

More information about the Public mailing list