[cabfpub] Draft SMIME Working Group Charter

[Wayne Thayer]

I agree that we should exclude identity validation from the initial scope
of this working group.

On Fri, Jan 25, 2019 at 10:04 AM Ryan Sleevi via Public <public at cabforum.org>
wrote:

>
> Finally, regarding membership criteria, I'm curious whether it's necessary
> to consider WebTrust for CAs / ETSI at all. For work like this, would it
> make sense to merely specify the requirements for a CA as one that is
> trusted for and actively issues S/MIME certificates that are accepted by a
> Certificate Consumer. This seems to be widely inclusive and can be iterated
> upon if/when improved criteria are developed, if appropriate.
>
> This would allow a CA that is not eligible for full Forum membership to
join this WG as a full member. How would that work? Would we require such
an organization to join the Forum as an Interested Party? If the idea is
that such an organization wouldn't be required to join the Forum, then I
don't believe that was anticipated or intended in the design of the current
structure. It's not clear to me that we should permit membership in a CWG
without Forum membership. For instance, allowing this may create loopholes
in the IPR obligations that are defined and administered at the Forum level.

There's also a bootstrapping issue for membership, in that until we know
> who the accepted Certificate Consumers are, no CA can join as a Certificate
> Issuer. I'm curious whether it makes sense to explicitly bootstrap this in
> the charter or how we'd like to tackle this.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20190125/42ad5b34/attachment.html>