[cabfpub] Ballot Forum-11: Creation of S/MIME Certificates Working Group

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Feb 6 12:37:28 MST 2020



On 2020-02-06 9:25 μ.μ., Ryan Sleevi via Public wrote:
>
[...]
>
>      * Regarding membership, you also commented "There's also a
>     bootstrapping issue for membership, in that until we know who the
>     accepted Certificate Consumers are, no CA can join as a
>     Certificate Issuer. I'm curious whether it makes sense to
>     explicitly bootstrap this in the charter or how we'd like to
>     tackle this." I agree with this concern but is it something that
>     can be easily worked around by having Certificate Consumers such
>     as Microsoft and Mozilla become the first members of the WG?
>
>
> Define "easily"? The membership definition is circular and intended to 
> protect CAs' interests, and that's a real problem. A Certificate 
> Consumer is one who accepts Certificate Issuers in the WG, meaning 
> that if a given Consumer moves to distrust a given issuer, such action 
> may result in their removal from the SMCWG, which would happen 
> automatically, while for CAs, they would merely be suspended.
>
> Beyond that, as suggested, Microsoft and Mozilla cannot qualify as 
> Certificate Consumers without Certificate Issuers, and CAs cannot 
> qualify as Certificate Issuers without the existence of Certificate 
> Consumers. There's no way, valid to the Bylaws, for members to declare 
> their interest, because they can't meet the qualification, so it's 
> incorrect to suggest that this is a first-mover problem. This is a 
> bootstrap problem, similar to the audit, that was flagged in the past.
>

This was not raised as an issue when the code signing WG was created. 
During the kick-off meeting, there was a Certificate Consumer present 
and Certificate Issuers that were trusted by this Certificate Consumer. 
So the WG was forged at that meeting without problems or concerns 
raised. I can only assume we will do the same thing at the kick-off 
meeting of the SMCWG.


Dimitris.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20200206/5d97aad6/attachment.html>


More information about the Public mailing list