A number of months ago, PayPal approached the CA/Browser Forum with a proposal that that it restructure its governance model to become a more mature and capable organization, able to take on the growing threats and challenges to the CA and HTTPS ecosystem in a more comprehensive manner. We felt that key features of such a reform included openness, transparency, and an equal seat at the table for site operators and the relying party public that depends on the trustworthiness of the global consumer PKI.
After several months of consideration and discussion, the CABF has now published four governance proposals on their website: https://cabforum.org/. We are pleased that all four proposals include a much greater degree of transparency than has historically been the case at the Forum, as well as some ability to accept public input and contributions. Unfortunately, while all also consider a role for users of certificates, CAs and Browsers remain “more equal” than their customers in the other proposals. The distinguishing feature of PayPal’s proposal remains equal and proportional representation for constituency groups representing Certification Authorities, Browsers and Users.
Balloting among the current voting members of the Forum to complete the governance reform process will begin shortly. If you have an interest in the future of secure communications and commerce on the Internet – and we believe everybody does – we encourage you to review the proposals and submit comments to email@example.com.
PayPal’s proposal can be found here: http://cabforum.org/governance/PayPal_Governance_Proposal.pdf
-Brad Hill, Ecosystem Security Team, PayPal Information Risk Management