[cabfpub] FW: Associate member of the CA/B Forum

Thu Apr 7 23:38:55 UTC 2016

On Thu, Apr 7, 2016 at 2:39 PM, Dean Coclin <Dean_Coclin at symantec.com>
wrote:

> Basically because they would like to be more active in meetings and one
> benefit of Associate membership is the ability to attend F2F meetings.
>

So can Interested Parties

> As a representative of 5000 members, ETA can better communicate things
> they learn from the forum and our meetings to a wide audience of theirs.
> Traditionally, associations have been granted Associate member status,
> rather than Interested Party.
>

So that seems to be two arguments:
- So they can talk to members
- Because it's what we did in the past

The first can be accomplished by Interested Parties, and the Second is...
more complicated.

The notion of Associate Members is actually relatively new - they were
introduced in Bylaws v1.1, rather than the original version. Contributions,
such as PayPal's, which arguably occupies a similar niche as ETA, were
under the Interested Party contribution. The introduction of the notion in
v1.1 (via Ballot 116 -
https://cabforum.org/2014/03/24/ballot-116-bylaw-amendment-for-associate-member-category/
) was to align our practices and inconsistencies with following our bylaws,
but I don't know if we can argue they were associate members.

Given that https://cabforum.org/liaisons/ is now, seemingly, considerably
out of date due to non-renewal of the IPR policy, I don't know how much we
can argue on that basis either. In terms of membership tracking,
unfortunately, the Wiki is not very helpful in determining who, of the
parties that have executed IPR agreements (and are thus members in good
standing) are Interested Parties vs Associate Members, but it seems that
there are entities comparable to ETA that are as Interested Parties.

I would also note that the Associate Member status seems to have been
granted to the SDOs directly involved in the Web PKI operations - that is,
WebTrust and ETSI stand out as participants. To what degree ETA is an SDO
is unclear to me; my understanding is they are merely a trade association,
and not responsible for the standards themselves (compared to, say, the PCI
SSC)

While I fully welcome greater participation in the Forum, and that's a
topic that we've advocated for rather hard in the past, my feeling and
suspicion is that many potential members needs will be met as an Interested
Party. A concern, of course, has been raised by many CAs in the past, which
is that the larger the F2F meetings get, the less likely we'll be able to
accomplish anything productive, and the more expensive it will be to host.
However, my concern is that the F2F's are notoriously "smoke-filled rooms",
in that minutes fail to capture the many nuances of discussions, due to
their subtleties, and thus provide much less transparency or accountability
to discussions on the list.

That's why I favor greater Interested Party participation, because it
encourages greater participation on the list, and greater transparency of
what was said and why decisions were made.

While I'm uncertain as to whether "oppose" the application would be the
right position I'm advocating, I would like to strongly encourage an
Interested Party membership, which should confer almost all of the benefits
- except for that of secrecy (the ability to post on the management list,
and the ability to routinely hold discussions that aren't well or
completely minuted during the F2F). That seems certainly in everyone's best
interests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160407/b45f2e69/attachment-0003.html>