CAB Forum openness

[Gervase Markham]

Members of this list may be interested in the following motion just
passed by the CAB Forum, and the consequent visibility they will be able
to get into the CAB Forum's doings via the mailing list
"pub...@cabforum.org".

There was some opposition to publishing the details of who exactly voted
which way, and so I did not include that in this motion. A future motion
may address the question.

Gerv

-------- Original Message --------
Subject: Re: [cabfpub] Ballot[79] - Mailing list usage
Date: Thu, 26 Jul 2012 15:02:58 +0000
From: Tim Moses <tim....@entrust.com>
To: CABFPub <pub...@cabforum.org>

Mailing list usage

Vote
Yes: 15
No: None
Abstain: None
Result: Approved


*From:*managemen...@cabforum.org
[mailto:managemen...@cabforum.org] *On Behalf Of *Tim Moses
*Sent:* Wednesday, July 11, 2012 4:07 PM
*To:* manag...@cabforum.org
*Subject:* [cabfman] Ballot[79] - Mailing list usage



Gervase Markham made the following motion and Chris Palmer and Eddy Nigg
endorsed it:

Wishing to establish guidelines for the use of the new public mailing list,

.... Motion begins....

Effective immediately, the Forum resolves that:

1) Draft and final agenda for Forum meetings (both virtual and
in-person, and including any sub-groups or committees) will be posted to
the public list.

2) Draft minutes of Forum meetings (both virtual and in-person, and
including any sub-groups or committees) will be posted to the private
list to allow members to make sure they are being correctly reported.

Minutes will be considered Final when approved at a subsequent Forum
meeting, or after 2 weeks have elapsed since publication of the draft if
no meeting is imminent. Final minutes will then be posted to the public
list. The Chair will, upon request, make redactions of any part of the
public copy of the minutes identified as private or sensitive by either
the information discloser or a member mentioned or affiliated with the
subject of the information.

3) Messages formally moving a Forum motion and announcing ballot
outcomes, including vote and quorum counts, will be posted to the public
list. The details of who voted for what will continue to be posted, now
as a separate message, to the private list.

4) In other cases, individuals have discretion about which mailing list
they use, but are strongly encouraged to use the public mailing list for
matters other than security incidents or those which require commercial
confidentiality.

Members are strongly discouraged from posting the text of private-list
messages to the public list without the permission of the author.

If this motion passes, the ballot outcome message will be posted to the
public list under 3) above.

The ballot review period comes into effect at 21:00 UTC on 11 July 2012
and will close at 21:00 UTC on 18 July 2012. Unless the motion is
withdrawn during the review period, the voting period will start
immediately thereafter and will close at 21:00 UTC on 25 July 2012.
Votes must be cast by “reply all” to this message.

A vote in favour of the motion must indicate a clear 'yes' in the
response. A vote against must indicate a clear 'no' in the response. A
vote to abstain must indicate a clear 'abstain' in the response. Unclear
responses will not be counted. The latest vote received from any
representative of a voting member before the close of the voting period
will be counted.

.... Motion ends ...

Voting members are listed here:

http://www.cabforum.org/forum.html

with the addition of TrendMicro
<https://www.cabforum.org/wiki/TrendMicro> and E-TUGRA.

In order for the motion to be adopted, two thirds or more of the votes
cast by members in the CA category and one half or more of the votes
cast by members in the browser category must be in favour. Also, at
least eight members must participate in the ballot, either by voting in
favour, voting against or abstaining.



T: +1 613 270 3183

[Gervase Markham]

On 26/07/12 16:00, Gervase Markham wrote:
> Members of this list may be interested in the following motion just
> passed by the CAB Forum, and the consequent visibility they will be able
> to get into the CAB Forum's doings via the mailing list
> "pub...@cabforum.org".

Someone noted that the mechanism for joining the list isn't immediately
obvious. It's a standard mailman list; see here:

http://cabforum.org/mailman/listinfo/public

Gerv

[ianG]

(apologies, been off barcamping for a few days)

From CABForum's pov this is probably a welcome if painful and
controversial step forward.

From Mozilla's pov however it remains a tiny step on a long journey.
Mitchell recently posted elsewhere that this new policy is now operative:

http://www.mozilla.org/about/policies/participation.html

As it stands, according to that document, CABForum and Mozilla cannot
mix. My reading at least.

I recently wrote to Mitchell and Deborah expressing my concern about how
Mozilla continues to participate on the one hand in an exclusionary
organisation, and on the other, to promote an inclusionary agenda and
see itself as part of the open web community.

To attempt to be constructive, only when CABForum permits the joining of
their organisations, without restrictions currently in place to maintain
the power of the incumbents to set self-serving standards, will CABForum
be in any way compatible with the open web. Especially, Mozilla's
statement (found in their active policy):

------
Some Mozillians may identify with activities or organizations that do
not support the same inclusion and diversity standards as Mozilla. When
this is the case:

(a) support for exclusionary practices must not be carried into
Mozilla activities.
(b) support for exclusionary practices in non-Mozilla activities
should not be expressed in Mozilla spaces.
(c) when if (a) and (b) are met, other Mozillians should treat this
as a private matter, not a Mozilla issue.
-------




iang

On 27/07/12 05:00 AM, Gervase Markham wrote:
> Members of this list may be interested in the following motion just
> passed by the CAB Forum, and the consequent visibility they will be able
> to get into the CAB Forum's doings via the mailing list
> "pub...@cabforum.org".
>

> Votes must be cast by �reply all� to this message.

>
> A vote in favour of the motion must indicate a clear 'yes' in the
> response. A vote against must indicate a clear 'no' in the response. A
> vote to abstain must indicate a clear 'abstain' in the response. Unclear
> responses will not be counted. The latest vote received from any
> representative of a voting member before the close of the voting period
> will be counted.
>
> .... Motion ends ...
>
> Voting members are listed here:
>
> http://www.cabforum.org/forum.html
>
> with the addition of TrendMicro
> <https://www.cabforum.org/wiki/TrendMicro> and E-TUGRA.
>
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and one half or more of the votes
> cast by members in the browser category must be in favour. Also, at
> least eight members must participate in the ballot, either by voting in
> favour, voting against or abstaining.
>
>
>
> T: +1 613 270 3183
>
>
>
>
>
>
>

> _______________________________________________
> dev-security-policy mailing list
> dev-secur...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>

[Gervase Markham]

On 02/08/12 03:47, ianG wrote:
> From Mozilla's pov however it remains a tiny step on a long journey.
> Mitchell recently posted elsewhere that this new policy is now operative:
>
> http://www.mozilla.org/about/policies/participation.html
>
> As it stands, according to that document, CABForum and Mozilla cannot
> mix. My reading at least.
>
> I recently wrote to Mitchell and Deborah expressing my concern about how
> Mozilla continues to participate on the one hand in an exclusionary
> organisation, and on the other, to promote an inclusionary agenda and
> see itself as part of the open web community.

While I share your implied concern about the definition in that document
of "exclusionary", and your concerns about the governance of the CAB
Forum, I don't think that the document you reference was intended to
cover Mozilla being a member of an organization which is not open to
all-comers where they have an equal say in its activities.

> To attempt to be constructive, only when CABForum permits the joining of
> their organisations, without restrictions currently in place to maintain
> the power of the incumbents to set self-serving standards, will CABForum
> be in any way compatible with the open web. Especially, Mozilla's
> statement (found in their active policy):

The CAB Forum is currently engaged in the reform of its governance; the
four proposals on the table have been put up on the website. I would be
very interested in the input of this group as to which proposal or
proposals Mozilla should support. (We are going to be asked to rank them
in order, and there will be a run-off ballot.)

Gerv

[Daniel Veditz]

On 8/1/12 7:47 PM, ianG wrote:
> http://www.mozilla.org/about/policies/participation.html
>
> As it stands, according to that document, CABForum and Mozilla
> cannot mix. My reading at least.

I imagine this is just snark since your quote of that document
starts immediately after two sentences that set important context.
However, if CABForum is an organization that excludes people based
on "age, culture, ethnicity, gender, gender-identity, language,
race, sexual orientation, geographical location and religious views"
(which I am of course sorry to hear) it is not necessarily
incompatible with Mozilla as long as the Mozillians who identify
with CABForum neither carry that discrimination into Mozilla
activities nor express support for CABForum's discriminatory
policies in a Mozilla setting.

Since I've never heard any of Mozilla's CABForum representatives
express support for CABForum's exclusion of the public--quite the
contrary!--I think we're in good standing with respect to the new
anti-discrimination policy.

-Dan Veditz

[ianG]

On 2/08/12 21:08 PM, Gervase Markham wrote:
> On 02/08/12 03:47, ianG wrote:

>> From Mozilla's pov however it remains a tiny step on a long journey.
>> Mitchell recently posted elsewhere that this new policy is now operative:
>>
>> http://www.mozilla.org/about/policies/participation.html
>>
>> As it stands, according to that document, CABForum and Mozilla cannot
>> mix. My reading at least.
>>
>> I recently wrote to Mitchell and Deborah expressing my concern about how
>> Mozilla continues to participate on the one hand in an exclusionary
>> organisation, and on the other, to promote an inclusionary agenda and
>> see itself as part of the open web community.
>

> While I share your implied concern about the definition in that document
> of "exclusionary", and your concerns about the governance of the CAB
> Forum, I don't think that the document you reference was intended to
> cover Mozilla being a member of an organization which is not open to
> all-comers where they have an equal say in its activities.

I don't quite understand - are you saying that the document only covers
people who contribute to Mozilla and not Mozilla itself? To somewhat
agree, I did find that aspect of the document very confusing - who are
Mozillians and where do we find them? Are we Mozillians on this group?

Back to CABForum - of course, it could be that Mozilla Foundation
believes it could be a member of an exclusionary group. But as a
leading open source organisation promoting an inclusionary agenda, it
sells its credibility for a hill of beans.

>> To attempt to be constructive, only when CABForum permits the joining of
>> their organisations, without restrictions currently in place to maintain
>> the power of the incumbents to set self-serving standards, will CABForum
>> be in any way compatible with the open web. Especially, Mozilla's
>> statement (found in their active policy):
>

> The CAB Forum is currently engaged in the reform of its governance; the
> four proposals on the table have been put up on the website. I would be
> very interested in the input of this group as to which proposal or
> proposals Mozilla should support. (We are going to be asked to rank them
> in order, and there will be a run-off ballot.)

Ha! It is indeed nice to be notified of these things before they happen
;) Here are some comments on a quick reading of the 4 documents at:
http://cabforum.org/ skip down to "Governance Proposals Published,
Advancing Toward Adoption"




Digicert - no as it blocks users from effectively participating.

Microsoft - no, as they brought the lawyers in and slapped an NDA over
the whole thing. But at least they understood what the game was :)
Associate members have no final vote.

Paypal - close, because they recognise that CABForum has to have proper
user representation to earn any credibility. Although the devil might
be in the details, some of the wording is a little ... less hopeful.
E.g., "Fees for individual participants in this group are low, but they
may only vote for the “At Large” reserved Board seat." Thus, it somehow
perpetuates the fear that only vested companies / organisations can
contribute 'wisely' to the future of the PKI. In contrast to later
comments that "The Members are committed to fostering open competition."

Trend Micro - maybe. They have promoted open working groups, but left a
veto with the Forum, which is closed. They have suggested no fees, but
left the door open to blocking individuals from (expensive) physical
presence meetings - this is akin to the IETF circuit where everyone more
or less has to have a job that has a vested interest. At least however
it is an exogenous barrier that relates to the process.

Also, Trend Micro's C-5 is a big plus. I noticed Microsoft liked that too.


On the whole, the game appears to be to buy in some open non-affiliated
members, but makes sure that these members do not upset the apple cart.
Well, can't have it both ways folks - either in or out, open or closed.



The mentions of IPR are confusing. Is this some secret agreement that
already exists? One paper suggested that it had to remain as is (for
motives that appeared self-serving). Another suggested that users could
join for free if they assigned IPR.

> Gerv



iang, chief snark

[Hill, Brad]

Ian,

On a close examination, you'll find that PayPal's is the only proposal that gives equal voting representation to the certificate using public in a reformed CABF. All of the other proposals preserve the effective decision making power of the organization entirely in the hands of the current browser/CA constituencies.

In trying to create a balanced proposal that provides good governance as well as an organization that can fund and sustain its own activities, we propose different classes of voting and dues-paying membership for organizations and individuals. This is a matter of practicality, not of principle. The ability of individual contributors to participate in the discussion is no less than for anyone else.

It's quite difficult to even articulate, let alone realize, perfect notions of fairness and openness in a multi-stakeholder organization like this. We tried to create a reasonable compromise that allows all voices to be heard, provides meaningful representation for everyone in the ecosystem, and has a chance of getting adopted by the existing voting membership of the CABF.

I will also note that while individuals have a limited status, it is perfectly possible for non-profit organizations like Mozilla, the EFF, the ACLU, EPIC or the like to participate as CABF members under PayPal's proposal, at a very reasonable fee structure, and to be elected to a board seat.

-Brad Hill

> -----Original Message-----
> From: dev-security-policy-bounces+bhill=paypal-...@lists.mozilla.org
> [mailto:dev-security-policy-bounces+bhill=paypal-...@lists.mozilla.org]
> On Behalf Of ianG
> Sent: Friday, August 03, 2012 12:05 AM
> To: dev-secur...@lists.mozilla.org
> Subject: Re: CAB Forum openness
>
> On 2/08/12 21:08 PM, Gervase Markham wrote:
> > On 02/08/12 03:47, ianG wrote:

> >> From Mozilla's pov however it remains a tiny step on a long journey.
> >> Mitchell recently posted elsewhere that this new policy is now operative:
> >>
> >> http://www.mozilla.org/about/policies/participation.html
> >>
> >> As it stands, according to that document, CABForum and Mozilla cannot
> >> mix. My reading at least.
> >>
> >> I recently wrote to Mitchell and Deborah expressing my concern about
> >> how Mozilla continues to participate on the one hand in an
> >> exclusionary organisation, and on the other, to promote an
> >> inclusionary agenda and see itself as part of the open web community.
> >

> > While I share your implied concern about the definition in that
> > document of "exclusionary", and your concerns about the governance of
> > the CAB Forum, I don't think that the document you reference was
> > intended to cover Mozilla being a member of an organization which is
> > not open to all-comers where they have an equal say in its activities.
>
>
> I don't quite understand - are you saying that the document only covers
> people who contribute to Mozilla and not Mozilla itself? To somewhat agree,
> I did find that aspect of the document very confusing - who are Mozillians and
> where do we find them? Are we Mozillians on this group?
>
> Back to CABForum - of course, it could be that Mozilla Foundation believes it
> could be a member of an exclusionary group. But as a leading open source
> organisation promoting an inclusionary agenda, it sells its credibility for a hill
> of beans.
>
>

> >> To attempt to be constructive, only when CABForum permits the joining
> >> of their organisations, without restrictions currently in place to
> >> maintain the power of the incumbents to set self-serving standards,
> >> will CABForum be in any way compatible with the open web.
> >> Especially, Mozilla's statement (found in their active policy):
> >

[Gervase Markham]

On 03/08/12 00:05, ianG wrote:
> I don't quite understand - are you saying that the document only covers
> people who contribute to Mozilla and not Mozilla itself? To somewhat
> agree, I did find that aspect of the document very confusing - who are
> Mozillians and where do we find them? Are we Mozillians on this group?
>
> Back to CABForum - of course, it could be that Mozilla Foundation
> believes it could be a member of an exclusionary group. But as a
> leading open source organisation promoting an inclusionary agenda, it
> sells its credibility for a hill of beans.

The CAB Forum is not a "Mozilla-based activity" - we don't run it.

The CAB Forum is also not an "activity or organization that does not
support the same inclusion and diversity standards as Mozilla". It does
not exclude people due to their "age, culture, ethnicity, gender,

gender-identity, language, race, sexual orientation, geographical

location [or] religious views". I agree that it says that the list of
characteristics is "including but not limited to", but I'm fairly sure
that "not being a browser or a CA" was not what that was intended to cover!

Mozilla does not think that being a member of an organization which does
not open up its membership to everyone is, by necessity, a violation of
our inclusion and diversity policy.

> The mentions of IPR are confusing. Is this some secret agreement that
> already exists? One paper suggested that it had to remain as is (for
> motives that appeared self-serving). Another suggested that users could
> join for free if they assigned IPR.

The IPR agreement is something that's just been approved, although it is
currently the subject of some controversy, as some members felt unable
to sign it and have therefore left. What to do about this, if anything,
is a topic of current discussion.

Gerv

[Phillip Hallam-Baker]

The position I would like to see evolve is that anyone has input but
only organizations whose participation is necessary to put a decision
into effect have a vote.

While this might sound exclusionary, it is merely a recognition of the
fact that CABForum has no decision making power whatsoever. Only the
Browser providers and the CAs can actually put decisions into effect
and they can't do so unilaterally.

I don't think Mozilla wants to be taking orders from CABForum any more
than anyone else does. The significance of a vote comes from the fact
that a substantial portion of the industry has voted for it and will
presumably implement.

CABForum is not the IETF, we don't need a second one either. IETF
process is good for making certain decisions, it is lousy for getting
the industry to move in a particular direction. When the Cisco
employee is speaking at IETF he might or might not be representing a
corporate position, officially it is just his opinion. The process
does not require Cisco to put a position on the table either.

CABForum was designed to force the industry players whose
participation was necessary to make EV happen to put their position on
the table. Now we want to do other things with CABForum we need a
different structure.

I would much prefer to have had IPv6 designed in a venue where the
parties whose participation was necessary for deployment were
represented at the start. That way we might have started deployment
fifteen years ago rather than waiting till after the IPv4 pool ran out
to get serious.

On Thu, Aug 2, 2012 at 7:08 AM, Gervase Markham <ge...@mozilla.org> wrote:
> On 02/08/12 03:47, ianG wrote:

>> From Mozilla's pov however it remains a tiny step on a long journey.
>> Mitchell recently posted elsewhere that this new policy is now operative:
>>
>> http://www.mozilla.org/about/policies/participation.html
>>
>> As it stands, according to that document, CABForum and Mozilla cannot
>> mix. My reading at least.
>>
>> I recently wrote to Mitchell and Deborah expressing my concern about how
>> Mozilla continues to participate on the one hand in an exclusionary
>> organisation, and on the other, to promote an inclusionary agenda and
>> see itself as part of the open web community.
>

> While I share your implied concern about the definition in that document
> of "exclusionary", and your concerns about the governance of the CAB
> Forum, I don't think that the document you reference was intended to
> cover Mozilla being a member of an organization which is not open to
> all-comers where they have an equal say in its activities.
>

>> To attempt to be constructive, only when CABForum permits the joining of
>> their organisations, without restrictions currently in place to maintain
>> the power of the incumbents to set self-serving standards, will CABForum
>> be in any way compatible with the open web. Especially, Mozilla's
>> statement (found in their active policy):
>

> The CAB Forum is currently engaged in the reform of its governance; the
> four proposals on the table have been put up on the website. I would be
> very interested in the input of this group as to which proposal or
> proposals Mozilla should support. (We are going to be asked to rank them
> in order, and there will be a run-off ballot.)
>

> Gerv

> _______________________________________________
> dev-security-policy mailing list
> dev-secur...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy

--
Website: http://hallambaker.com/

[ianG]

On 7/08/12 09:55 AM, Gervase Markham wrote:
> On 03/08/12 00:05, ianG wrote:

>> I don't quite understand - are you saying that the document only covers
>> people who contribute to Mozilla and not Mozilla itself? To somewhat
>> agree, I did find that aspect of the document very confusing - who are
>> Mozillians and where do we find them? Are we Mozillians on this group?
>>
>> Back to CABForum - of course, it could be that Mozilla Foundation
>> believes it could be a member of an exclusionary group. But as a
>> leading open source organisation promoting an inclusionary agenda, it
>> sells its credibility for a hill of beans.
>

> The CAB Forum is not a "Mozilla-based activity" - we don't run it.

No, but running CABForum's documents through "open meetings" in this
maillist, prior to them becoming Mozilla standards is a "Mozilla-based
activity."

==========

Some Mozillians may identify with activities or organizations that do
not support the same inclusion and diversity standards as Mozilla. When
this is the case:

(a) support for exclusionary practices must not be carried into
Mozilla activities.
(b) support for exclusionary practices in non-Mozilla activities
should not be expressed in Mozilla spaces.
(c) when if (a) and (b) are met, other Mozillians should treat this
as a private matter, not a Mozilla issue.

==========

> The CAB Forum is also not an "activity or organization that does not
> support the same inclusion and diversity standards as Mozilla". It does
> not exclude people due to their "age, culture, ethnicity, gender,
> gender-identity, language, race, sexual orientation, geographical
> location [or] religious views". I agree that it says that the list of
> characteristics is "including but not limited to", but I'm fairly sure
> that "not being a browser or a CA" was not what that was intended to cover!

Thank you for spotting the flaw :) For those who didn't understand the
trick:

a. do not discriminate
b. including but not limited to
c. <insert current popular California political correctness list>

Ignore a & b - it says that Mozilla doesn't discriminate.

CABForum quite clearly discriminates against users - Mozilla's
stakeholders but not CABForum's stakeholders - on commercial &
organisational grounds. You will see that the proposals are all trying
to dance around that essential fact.

This is why Paypal - all kudos to them - is found standing almost alone
as a user organisation, alleged beneficiary of certificates, and
therefore representative of that forgotten stakeholder.

Simply put, the discrimination on commercial grounds - whether ability
to pay or the style of commercial organisation - is an effective
discrimination to preserve the power of the franchise. That's why you
use it. If you want to test that, simply put a $1000 fee on
contributions to this very email list and see how the discrimination feels.

We know it. You know it. Mozilla knows it.

> Mozilla does not think that being a member of an organization which does
> not open up its membership to everyone is, by necessity, a violation of
> our inclusion and diversity policy.

OK, thanks for that clarification. There are ways to deal with this,
but it starts by recognising the apparent discord.

>> The mentions of IPR are confusing. Is this some secret agreement that
>> already exists? One paper suggested that it had to remain as is (for
>> motives that appeared self-serving). Another suggested that users could
>> join for free if they assigned IPR.
>

> The IPR agreement is something that's just been approved, although it is
> currently the subject of some controversy, as some members felt unable
> to sign it and have therefore left. What to do about this, if anything,
> is a topic of current discussion.

Thanks.

iang

[Phillip Hallam-Baker]

There is a fundamental difference between an organization coming to
agree on a course of action and a collection of organizations.

It is not possible to change the Internet without buy in from certain
parties that are expected to act. Mozilla is one of those veto
stakeholders.

Mozilla is only willing to accept W3C and IETF proposals to the extent
that they make sense to Mozilla. Neither W3C nor IETF have plenary
power. Nor does CABForum. The only reason the proposals have effect is
that the participants take care to ensure they have buy in from a
sufficient number of veto stakeholders.

When the participants decide to take matters into their own hands the
veto stakeholders can and do revolt, as happened over HTML5 / WHTWG.

On Thu, Aug 9, 2012 at 12:45 AM, ianG <ia...@iang.org> wrote:
> On 7/08/12 09:55 AM, Gervase Markham wrote:
>>
>> On 03/08/12 00:05, ianG wrote:
>>>

>>> I don't quite understand - are you saying that the document only covers
>>> people who contribute to Mozilla and not Mozilla itself? To somewhat
>>> agree, I did find that aspect of the document very confusing - who are
>>> Mozillians and where do we find them? Are we Mozillians on this group?
>>>
>>> Back to CABForum - of course, it could be that Mozilla Foundation
>>> believes it could be a member of an exclusionary group. But as a
>>> leading open source organisation promoting an inclusionary agenda, it
>>> sells its credibility for a hill of beans.
>>
>>

>> The CAB Forum is not a "Mozilla-based activity" - we don't run it.
>
>
> No, but running CABForum's documents through "open meetings" in this
> maillist, prior to them becoming Mozilla standards is a "Mozilla-based
> activity."
>
> ==========
>

> Some Mozillians may identify with activities or organizations that do not
> support the same inclusion and diversity standards as Mozilla. When this is
> the case:
>
> (a) support for exclusionary practices must not be carried into Mozilla
> activities.
> (b) support for exclusionary practices in non-Mozilla activities should
> not be expressed in Mozilla spaces.
> (c) when if (a) and (b) are met, other Mozillians should treat this as a
> private matter, not a Mozilla issue.

>>> The mentions of IPR are confusing. Is this some secret agreement that
>>> already exists? One paper suggested that it had to remain as is (for
>>> motives that appeared self-serving). Another suggested that users could
>>> join for free if they assigned IPR.
>>
>>

>> The IPR agreement is something that's just been approved, although it is
>> currently the subject of some controversy, as some members felt unable
>> to sign it and have therefore left. What to do about this, if anything,
>> is a topic of current discussion.
>
>
>
> Thanks.
>
> iang
>
>

> _______________________________________________
> dev-security-policy mailing list
> dev-secur...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy

--
Website: http://hallambaker.com/

[ianG]

>>> The mentions of IPR are confusing. Is this some secret agreement that
>>> already exists? One paper suggested that it had to remain as is (for
>>> motives that appeared self-serving). Another suggested that users could
>>> join for free if they assigned IPR.
>>

>> The IPR agreement is something that's just been approved, although it is
>> currently the subject of some controversy, as some members felt unable
>> to sign it and have therefore left. What to do about this, if anything,
>> is a topic of current discussion.
>
>
> Thanks.

http://www.darkreading.com/security/news/240005230/ca-browser-forum-s-mandated-royalty-free-intellectual-property-policy-change-spurs-entrust-to-withdraw-from-organization.html


"you read it here first" :)

iang

[Phillip Hallam-Baker]

The lesson people should draw from this is don't wait 6 years before
trying to get your IPR scheme right.

On Fri, Aug 10, 2012 at 10:12 AM, ianG <ia...@iang.org> wrote:
>
>>>> The mentions of IPR are confusing. Is this some secret agreement that
>>>> already exists? One paper suggested that it had to remain as is (for
>>>> motives that appeared self-serving). Another suggested that users could
>>>> join for free if they assigned IPR.
>>>
>>>

>>> The IPR agreement is something that's just been approved, although it is
>>> currently the subject of some controversy, as some members felt unable
>>> to sign it and have therefore left. What to do about this, if anything,
>>> is a topic of current discussion.
>>
>>
>>
>> Thanks.
>
>
>
> http://www.darkreading.com/security/news/240005230/ca-browser-forum-s-mandated-royalty-free-intellectual-property-policy-change-spurs-entrust-to-withdraw-from-organization.html
>
>
> "you read it here first" :)
>
>
> iang
>

> _______________________________________________
> dev-security-policy mailing list
> dev-secur...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy

--
Website: http://hallambaker.com/

[Eddy Nigg]

On 08/10/2012 05:12 PM, From ianG:

> http://www.darkreading.com/security/news/240005230/ca-browser-forum-s-mandated-royalty-free-intellectual-property-policy-change-spurs-entrust-to-withdraw-from-organization.html
>
>
>
> "you read it here first" :)
>

And you better read the policy before you comment on something you don't
know about: http://www.cabforum.org/IPR_Policy_V1.pdf

It allows to exclude IP.

--
Regards

Signer: Eddy Nigg, StartCom Ltd.
XMPP: star...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg