Entrust withdraws from CA/B Forum

Entrust CTO

Entrust has a long history with the CA/Browser Forum. We are one of its founding members, and have worked closely with it since its founding. Sadly, we have had to leave the Forum along with nearly 40% of its membership including other companies such as IdenTrust, Network Solutions, RIM, RSA and T-Systems. Even worse, this comes at a time when the Forum is in the process of re-organizing to broaden its membership and engaging with other bodies such as the IETF to further increase participation.

Cooperative organizations that come up with standards, group decisions, and the like eventually need to have a policy for dealing with intellectual property, particularly patents. No one wants the cooperative decision to require people to license a patent, especially when that patent suddenly becomes more valuable because it’s a requirement by a cooperative organization.

The CA/Browser Forum recently enacted an intellectual property policy, and this policy is the reason that we and other members have had to leave. In particular, this policy affects not just the member itself, but any “affiliate” organization as well. Unfortunately, the policy’s definition of “affiliate” includes the whole of our parent equity company’s (Thoma Bravo) portfolio. We are simply not legally entitled to sign for those companies. That obligation would also apply to any new companies our owner purchases and would continue to the present partner companies once they leave Thoma Bravo.

Secondarily, the intellectual property licensing terms are too expansive for us. It requires us to agree to give free, world-wide licenses to all patents used in Forum documents, even if we did not participate in writing that document. Other standards bodies limit an obligation to license only to documents that a member participated in writing.

We, along with some other former members, are working with the Forum to come up with an alternate intellectual property policy that addresses these concerns. We hope that all of us will be able to resume participation soon.

Unfortunately, this is being complicated by some of the members who are competitors, who are claiming that we and the other members were somehow thrown out of the Forum, and that this will somehow affect whether our certificate roots will be in the various browsers. This is not true, the Forum is an independent organization and many CAs ship their roots in the major broswers that are not (and have never been) members of the Forum. We have relationships with all the browsers and this does not affect them. We will continue to be prompt in implementing the security requirements of those browsers.

The saddest thing of all is that this present problem is hurting the Forum far more than it hurts us. The Forum provides a needed space where Web PKI can be discussed among the people who implement it. The Forum has been working on expanding membership to relying parties and others concerned with Web PKI. That the present intellectual property policy excludes leaders in the field including us, IdenTrust, RIM, RSA, T-Systems, and others is bad enough. But that some of the present membership is using this current unfortunate state to spread lies about competitors transforms the Forum from a cooperative body into one that hinders fair competition in the industry. We hope that this will be resolved soon, and we hope that it does not damage the credibility of the Forum as a whole.

Entrust CTO
Entrust CTO
Chief Technology Officer


Add to the Conversation