[cabfpub] Potential F2F Topics

Gervase Markham gerv at mozilla.org
Mon Oct 3 14:26:23 UTC 2016


On 01/10/16 17:00, Peter Bowen wrote:
> I haven’t seen much recent activity on topics for the F2F.  It looks
> like we still have most of the second day with placeholders to be
> filled in.

I would like to discuss the following topics:

1) IPR process. Is there any appetite in the Forum for changing the IPR
rules to allow post-vote review (and, if the review turns up something,
having the ballot be put in abeyance) rather than the current pre-vote
review? I feel this would make the work of the Forum proceed much faster
(as IPR review can happen in parallel with CAs preparing to implement
the change), and it optimises for the common case, which is that no IPR
declarations are filed.

This could be discussed in the IPR WG but perhaps it would be better
discussed in the whole forum to see if there was sufficient interest in
making this change. Perhaps members could consult their legal counsel
before the meeting to see what issues this might raise and how they
could be solved.

2) CAA. Again. I think that we need to get to a place where we decide to
have a ballot on CAA, and it should be the ballot with the greatest
chance of passing. If it fails, it fails, but at the moment we just keep
revisiting the issue and having to have the discussion again from
scratch. So I'd like to have some time with the explicit goal of working
out what form of CAA ballot is most likely to command the support of the
forum. (TBH, if only 20 sites in the Alexa top 1M are using it, I doubt
any CA should worry that it will end up being a restraint of trade!)

3) I'd like to hear from Google if they have any update on the timing of
their plans for requiring CT in other parts of the ecosystem. As they
are the ones running a large proportion of the servers, and whose
browser has the most advanced implementation, we expect them to be the
first to make such a requirement. I'd also, for my own interest, love to
hear about their and others' experiences running CT logs, how difficult
it has proved to be in practice to run one with 99%+ uptime, whether
people are meeting various performance criteria and so on.


Of course, saying I'd like these matters discussed doesn't necessarily
mean I'm the right person to be responsible for the discussion. I'd be
happy to lead 1), but 2) and 3) would be someone else.

It's good that we now have an established practice of nominating
discussion leaders for each slot. It would be good if the discussion
leader for each slot could, _before_ we assemble, state in a couple of
sentences what the goal of that slot is. If the chairman could perhaps
try and elicit such statements from the relevant people, I feel sure
that would enhance our efficiency.

I would also note that there is currently an item on the agenda
"Potential change to browser UI for Subject DN". It is a long-accepted
truth that the CAB Forum does not place requirements on browser UI. It
may be worth making that clear again now, so that we can use that time
for other items.

Gerv




More information about the Public mailing list