[cabfpub] Ballot Forum-11: Creation of S/MIME Certificates Working Group

Wayne Thayer wthayer at gmail.com
Thu Feb 6 12:05:25 MST 2020


Ryan - Thank you for pointing out the past discussions. it's unfortunate
that this ballot has lingered for so long and as a result it's possible
that some of your feedback from a year ago was (unintentionally, I believe)
"ignored". In reviewing [12], I observe the following:
 * As noted, most, but not all of your comments relate to identity, an
issue that is intended to be decided via ballot.
 * You state "I'll also duplicate them as suggested edits on the doc after
sending this, to provide more concrete and hopefully productive guidance."
Did you share a redline with suggested changes?
 * Your comment "Finally, regarding membership criteria, I'm curious
whether it's necessary to consider WebTrust for CAs / ETSI at all." was
discussed in the thread without reaching agreement.
 * Regarding membership, you also commented "There's also a bootstrapping
issue for membership, in that until we know who the accepted Certificate
Consumers are, no CA can join as a Certificate Issuer. I'm curious whether
it makes sense to explicitly bootstrap this in the charter or how we'd like
to tackle this." I agree with this concern but is it something that can be
easily worked around by having Certificate Consumers such as Microsoft and
Mozilla become the first members of the WG?

What other important issues have we "ignored"?

- Wayne


On Wed, Feb 5, 2020 at 4:35 PM Ryan Sleevi <sleevi at google.com> wrote:

> Just to make sure the timing is accurate:
>
> 2018-05 - Tim Hollebeek circulates a draft charter, largely modeled after
> the code signing charter [1].
> 2018-06 - F2F 44 provides significant discussion on this issue and the
> potential concerns. [2]
> 2018-07 - Ballot 208 [3] is finalized, which sets forth the requirements
> for creating new CWG charters.
> 2018-10 - F2F 45 reiterates the concerns previously raised [4], with the
> conclusion being
>
>
>>    - Ben – It sounds like the initial charter should focus on three
>>    aspects: profile, identity validation of email and identity (host and local
>>    part), and private key protection.
>>    - Kirk Hall, Entrust – Is that enough to start drafting a charter?
>>    - Ben – Yes, I can start a charter based on those three principles.
>>
>> 2019-01 - Ben Wilson circulates an updated draft for feedback [5]. This
> draft is substantially more expansive, due to the changes in Ballot 206.
> 2019-03 - F2F 46 is held in Cupertino. While the minutes show [6] there is
> still scope issue, a clear and viable path forward, previously raised, is
> reiterated.
>
> Dean – We have a blank slate here and it seems the reluctance was to make
>> it a narrow scope and then focus on either one aspect of SMIME. First task
>> might be how to validate an email, and then focus on identity validation.
>> Some comments were to make the chart narrow to focus on one task while
>> others say to include all proposed tasks to not have to recharter which has
>> caused issues in the past.
>>
>
> 2019-06 - F2F 47 is held in Thessaloniki [7], where again we discuss the
> same topic.
> 2019-12 - Tim circulates the first draft version [8], the week before
> Christmas. This is the first version that has been circulated since Ben
> Wilson's 2019-01 version. Feedback is provided by Wayne [9] to be addressed.
> 2019-01 - Tim starts the discussion period for this ballot [10]
>
> I highlight this timeline, because it does seem somewhat concerning that
> after significant good faith effort to discuss the issues, these are
> seemingly intentionally ignored in forcing a vote that intentionally
> ignores feedback during the discussion period [11]. For example, [10]
> represents the first time of seeing any draft on how the concerns were
> raised. Given the significant beneficial edits proposed by Apple, for
> example, Google did not submit its many procedural and practical concerns
> with the draft language, on the hope that there would be a good faith
> effort to engage with and discuss these issues.
>
> It's equally concerning that the effort and time spent in communicating on
> the previous draft, in [5], was entirely ignored in [8], which entirely
> precipitated the issues in [9]. Substantive issues, such as those raised in
> [12], were entirely ignored, and are largely orthogonal to the debate about
> identity but to the very core of the charter.
>
> I can understand that, if the view is we are at an impasse, then rough
> consensus is a path forward. However, it remains deeply disappointing that
> it seems that virtually all feedback, from a variety of participants, has
> been ignored, as shown through the minutes and the past proposed changes.
> That does not seem to be in the spirit of what you've suggested the intent
> is.
>
> [1] https://cabforum.org/pipermail/public/2018-May/013400.html
> [2]
> https://cabforum.org/2018/06/06/minutes-for-ca-browser-forum-f2f-meeting-44-london-6-7-june-2018/
> [3]
> https://cabforum.org/2018/04/03/ballot-206-amendment-to-ipr-policy-bylaws-re-working-group-formation/
>
> [4]
> https://cabforum.org/2018/10/18/minutes-for-ca-browser-forum-f2f-meeting-45-shanghai-17-18-october-2018/#6-Creation-of-additional-Working-Groups---Secure-Mail-Other
> [5] https://cabforum.org/pipermail/public/2019-January/014517.html
> [6]
> https://cabforum.org/2019/05/03/minutes-for-ca-browser-forum-f2f-meeting-46-cupertino-12-14-march-2019/#Creation-of-additional-Working-Groups---Secure-Mail
> [7]
> https://cabforum.org/2019/08/16/minutes-for-ca-browser-forum-f2f-meeting-47-thessaloniki-12-13-june-2019/#Creation-of-Additional-Groups---Secure-Mail
> [8] https://cabforum.org/pipermail/public/2019-December/014838.html
> [9] https://cabforum.org/pipermail/public/2019-December/014839.html
> [10] https://cabforum.org/pipermail/public/2020-January/014852.html
> [11] https://cabforum.org/pipermail/public/2020-February/014865.html
> [12] https://cabforum.org/pipermail/public/2019-January/014521.html
>
> On Wed, Feb 5, 2020 at 5:45 PM Wayne Thayer <wthayer at gmail.com> wrote:
>
>> Based on my recollection of the Guangzhou discussion, and supported by
>> the minutes, the "path forward agreed to in Guangzhou" was that we would
>> take this charter to a ballot without further attempts to resolve the issue
>> of including identity in the charter's scope. There does not appear to be a
>> path to consensus on this issue, despite the considerable amount of time
>> spent discussing it. I'm unhappy with this approach, but as one of the
>> endorsers, I don't see an alternative other than "take it to a vote" that
>> gets this much-needed WG formed any time soon.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20200206/5071dda2/attachment.html>


More information about the Public mailing list