Join the PKI Consortium

These Bylaws are intended to supplement the provisions of the Articles of Incorporation for the PKI Consortium, Inc. (Public Key Infrastructure Consortium or PKIC), a Utah, USA non-profit corporation. In the event of any conflict between the Articles of Incorporation and these Bylaws, the Articles of Incorporation shall prevail.

1. Purpose of PKI Consortium

The primary purpose of the consortium is to realize our vision, stating:

Trusted digital assets and communication for everyone and everything

This is supported by, but is not limited to:

• (a) Sharing industry knowledge and information, including the work of other relevant fora;
• (b) Engaging with users, regulators, supervisory bodies, standard defining organizations, and other interested parties to exchange developments, challenges, issues, and ideas in relation to Public Key Infrastructure (PKI);
• (c) Development and improvement of:
  • a. generic, industry or use-case specific policies, procedures, best practices and standards;
  • b. linters targeting PKI-related services and artifacts such as, but not limited to certificates, timestamps, and revocation services.
• (d) Managing or linking Trust Lists of CA Certificates for shared and special-purpose-built hierarchies;
• (e) Doing all things which a corporation of like character is or may be authorized or permitted to do to accomplish the primary purposes stated in its Articles of Incorporation.

This consortium will not:

• (a) Favor convenience, performance and/or commercial interest of anyone over security;
• (b) Promote specific products and/or services of its members or interested parties.

2. Membership:

Eligibility

Organizations are eligible to join the PKI Consortium as members if they can demonstrate expert PKI knowledge or another significant value for the consortium and meet any of the following categories:

• (a) Certification Authorities / Trust Service Providers included on the list of trust lists maintained by the PKI Consortium;
• (b) Entities that supervise and maintain a list contained in the list of trust lists maintained by the PKI Consortium;
• (c) Industry regulators, supervisory bodies;
• (d) Conformity assessment bodies and auditors;
• (e) Standards Developing Organizations (SDOs);
• (f) Organizations that build PKI or cryptographic software or devices;
• (g) Organizations that build software used by relying parties;
• (h) Interested parties (Members in this category are not eligible to vote or to be elected for the Executive Council or Board of Directors).
  • 1. Government entities with a general interest in PKI or cryptography, but who do not fall under category (c);
  • 2. Organizations providing PKI or cryptography consultancy services;
  • 3. Organizations conducting PKI or cryptography-related research;
  • 4. Universities offering academic programs in PKI or cryptography;
  • 5. PhD students actively researching PKI or cryptography;
  • 6. Independent consultants with PKI or cryptography expertise, evidenced by relevant certifications, publications, or project experience, unaffiliated with any organization;
  • 7. Independent researchers with PKI or cryptography expertise, evidenced by relevant certifications, publications, or project experience, unaffiliated with any organization.

All members will be listed on the PKIC website with name and logo (if any). Individuals will be listed by name and can be linked to a personal website or profile such as on LinkedIn. Profile pages (for organizations) and brief descriptions are optional but recommended and can help to describe the organization and the objective of the membership.

The member page or footer of the site can contain a disclaimer in substantially this form:

Decisions within the PKI Consortium are taken by substantial consensus of the members as specified in our bylaws. Substantial consensus among members does not necessarily mean that all members share the same view or opinion.

From time to time the PKIC may create a position paper or public letter on matters of interest to the PKIC. Approval of such a paper or letter will follow the PKIC’s rules on discussion and reaching substantial consensus among members as described in Article 10, or upon final approval by vote of the Executive Council if substantial consensus cannot be achieved among the members.

Process for Admitting New Members

In order to admit new Members, all membership applications must agree to follow these Bylaws (including the Antitrust Policy), the PKI Consortium Code of Conduct located at https://pkic.org/code-of-conduct and the PKI Consortium Intellectual Property Rights Agreement located at https://pkic.org/ipr.

Applications must be approved by the Executive Council after feedback from the Members. Feedback and approval on a membership application by each Member and the Executive Council shall be based solely on a determination of whether or not the applicant meets the stated membership criteria, and not on any other basis including competitive considerations.

Maintaining Membership status

Members may withdraw at any time upon providing written or email notice to the Executive Council. A Member who fails to meet the membership criteria stated, or fails to adhere to any part of the Bylaws (including the Antitrust Policy), Code of Conduct, or IPR Policy, may be subject to consequences such as a warning, reprimand, or suspension by the Executive Council, or the Member may lose its membership status following a written or email proposal by at least three (3) Members to withdraw membership status from the Member and approval of the proposal by an affirmative vote of two-thirds (⅔) of the Executive Council (not including the Member who is the subject of the proposal to withdraw membership, who is not entitled to vote on the proposal).

Changes in Membership Criteria: The membership eligibility criteria may be changed from time to time upon an affirmative vote of two-thirds (⅔) of the Executive Council after consultation withof the Members.

3. Membership Fees

There are no membership fees. We encourage (but do not require) all Members to become a sponsor.

4. Sponsors

To support the activities of the PKI Consortium we accept sponsors and donations. Sponsors will be listed on the PKIC website but do not gain any other special treatment or rights. Sponsors and donations can support the development of specific projects but will never be permitted to influence the outcome of a policy.

• Single donations can be made at any amount.
• The PKIC’s public list of sponsors will be updated as soon as feasible, but at least within three (3) months.
• A 10% discount is given when a sponsor commits a sponsorship for three (3) or more years.

PKIC may establish a bank account or may deposit funds with a third-party company (e.g., a support company providing services to PKIC) to hold without interest and apply to invoices approved by the Chair or the Vice-Chair and the Executive Council on PKIC’s behalf.

5. Board of Directors

PKIC shall maintain a Board of Directors with an odd number of at least three (3) Directors but not more than seven (7). Directors will be elected for a two (2) year term commencing on July 1 and may be reelected. The Board of Directors may elect its own officers and approve amendments to the Articles of Incorporation and take such other actions as the Articles of Incorporation provide.

When the term of a Director expires, the Board of Directors may nominate a new Director (or re-nominate the existing Director for a new term), and the nomination will be subject to approval by the voting Members.

The Board of Directors shall meet at least annually to discuss PKIC activities and future plans.

6. Officers

The officers of PKIC shall be a Chair and a Vice Chair (who will act as Chair when the Chair is absent). Each officer will be elected for a two (2) year term commencing on July 1 and may be elected to successive terms. Prior to election, the voting Member representatives will be asked who is interested in being elected to the positions. If there is only one candidate for an officer position, the election will occur by consensus. Otherwise, the election will be held by vote (one vote per Member). If there are only two candidates, then the candidate with the most votes wins. If there are more than two candidates, then there will be successive ballots (with the candidate with the fewest votes eliminated each time) until an officer is elected by at least 50% of the votes plus one vote.

7. Executive Council

The Board of Directors shall nominate an Executive Council with an odd number of up to fifteen (15) Member representatives from those voting Members who have been most active on PKIC projects, giving priority to those Member representatives who are active on PKIC activities and meetings. Executive Council members will be elected for a two (2) year term starting on July 1 and may be reelected. Directors may serve on the Executive Council. Executive Council nominations are subject to approval by the Members. The Executive Council may elect a chair to conduct its meetings. Member representatives may not serve on the Executive Council after they are no longer associated with the Member.

8. Indemnification

PKIC will indemnify its directors, officers, employees, fiduciaries, and agents to the maximum extent permitted under Utah Code Annotated Sec. 16-6a-902, 16-6a-903, and 16-6a-907 from the corporation’s resources.

9. Working Groups

For relevancy and efficiency, the PKI Consortium may select topics for Member-specific Working Groups. Eligibility to join a Working Group can be restricted to certain types of Members. Working Groups define if their mailing list(s) and/or meetings are public (i.e., publicly available on the Internet), restricted (i.e., available to Members of the Working Group and others who are invited to participate) or private (i.e., limited to the Members of the Working Group).

Working Groups may be created in two ways:

• (a) After consultation with the Members of PKIC, the Chair may create a new Working Group and establish its goals, objectives, and any limitations (e.g., as to who may participate, what materials will be made public, etc.). Working group members may choose their own Chair and Vice Chair. After consultation with the Members of PKIC, the PKIC Chair may dissolve the Working Group if its work is complete or cannot be completed.
• (b) Any ten (10) Members may propose the creation of a new Working Group and establish its goals, objectives, and any limitations (e.g., as to who may participate, what materials will be made public, etc.). Approval of the proposal shall be by substantial consensus of the Members of PKIC and by the Executive Council Committee. Working group members may choose their own Chair and Vice Chair. After consultation with the Members of PKIC, the PKIC Chair may dissolve the Working Group if its work is complete or cannot be completed.

All decisions in a Working Group shall be made by substantial consensus as determined by the Working Group Chair. If substantial consensus cannot be reached (or upon the request of any three Working Group Members), the matter will be submitted for decision by the Executive Council.

10. Voting

Except as otherwise required by these Bylaws, PKIC will attempt to reach all decisions by substantial consensus (as determined by the Chair) of all Members including interested parties. In the event that substantial consensus cannot be reached (or upon the request of any three Members), PKIC will submit the matter for a vote to the Executive Council (except as to approval of officers and members of the Executive Council, who must be approved by vote of the Members). Unless otherwise required by these Bylaws, the matter will be decided by majority vote of the members of the Executive Council who cast a vote. In the case of a tie vote, the matter will not be approved.

11. Antitrust Policy

From time to time, members will be informed on the following antitrust policy. All Members agree to follow this policy at all times.

“As you know, this consortium includes companies that compete against one another. This consortium is intended to discuss activities relating to the Purposes of the Public Key Infrastructure Consortium without restricting competition in developing and marketing such products and/or services. This consortium is not intended to share competitively-sensitive information among competitors, and therefore all participants agree not to discuss or exchange information related to:

• (a) Pricing policies, pricing formulas, prices or other terms of sale;
• (b) Costs, cost structures, profit margins,
• (c) Pending or planned service offerings,
• (d) Customers, business, or marketing plans; or
• (e) The allocation of customers, territories, or products in any way.”

9. Amendments to Bylaws

These Bylaws may be amended by a two-third (⅔) vote of the Board of Directors and a two-third (⅔) vote of the Executive Council after consulting with the Members.

Code of Conduct for Participants

Introduction

The PKI Consortium (the “PKIC”) is comprised of a global group of professionals with differences in language, skills, expertise, experience, and backgrounds. Participants include PKIC Members and third parties (non-members). To maintain a professional and productive environment, it is necessary Participants of the PKIC to follow the letter and spirit of this Code. This Code applies to all official PKIC activities, such as meetings, teleconferences, mailing lists, conferences, and other PKIC functions. The PKIC is committed to maintaining a professional and respectful environment.

All Participant representatives are expected to behave in a collegial and professional manner in accordance with this Code. Participants will familiarize their representatives with this Code and require them to comply with the letter and spirit of this Code.

Conduct.

The PKIC is committed to providing a friendly, safe, and welcoming environment for all, regardless of gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, nationality, or other similar characteristic. The PKIC recognizes and appreciates that its participants have diverse languages, backgrounds, experience, and expertise, and expects that all participants will be treated with respect by all other participants.

1. In connection with official PKIC activities, all PKIC participants shall:

• Be polite, kind, and courteous to other participants, refraining from insulting remarks on the perceived intelligence or ability of others.
• Treat fellow PKIC participants with respect, professionalism, courtesy, and reasonableness.
• Respect that people have differences of opinion, and that there is seldom unanimous agreement on a single “correct” answer. Be willing to compromise and agree to disagree.

2. In connection with official PKIC activities, all PKIC participants shall refrain from conduct such as:

• Threatening violence towards anyone.
• Discriminating against anyone on the basis of personal characteristics or group membership.
• Harassing or bullying anyone verbally, physically, or sexually.
• Launching barbs at others. [Note: a “barb” is an obviously or openly unpleasant or carping remark.]
• Touching another person in a physically inappropriate way.
• Deliberately intimidating or stalking another person (in-person, online, or by other means).
• Inappropriately disrupting or impeding official PKIC events, including meetings, talks, and presentations. For purposes of this Code, “inappropriate disruption” would include aggressive, violent, and abusive conduct that prevents an official PKIC event from occurring or proceeding.
• Spamming, trolling, flaming, baiting, and other similar behavior inappropriately directed towards an individual.
• Advocating for, or encouraging, any of the above behavior.

3. All PKIC participants should promote the rules of this Code and take action to bring discussions back into compliance with the Code whenever violations are observed.

4. PKIC participants should stick to ideological, conceptual discussions and avoid engaging in offensive or sensitive personal discussions, particularly if they’re off topic; such personal discussions can lead to unnecessary arguments, hurt feelings, and damaged trust.

Moderation

These are the policies for upholding the Code.

1. Resist the urge to be defensive. Remember that it’s your responsibility to clearly communicate your message to your fellow participants. Everyone wants to get along and we are all in the PKIC first and foremost because we want to talk about PKI and everything that involves. Other participants will be eager to assume good intent and forgive as long as you have earned their trust.

2. Participants should inform the Chair, Vice Chair, and/or a subcommittee or working group Chair immediately if they feel they have been, or are being, harassed or made uncomfortable by a PKIC participant. Intimidation, personal attacks, and retaliation of any kind will not be tolerated.

3. Any PKIC participant may report, in good faith, a perceived violation of the Code to the PKIC Chair or Vice Chair, or to a subcommittee or working group Chair (each, a “Code Liaison”). One or more Code Liaison(s) will work with the reported PKIC participant to determine whether a violation of the Code has occurred and, if so, how to resolve it. Resolution may also include appropriate executives from the PKIC participant’s company, as appropriate. If the reported PKIC participant, Participant executives, and the Code Liaison(s) are unable to resolve the issue, any of the foregoing may request the assistance of a reasonably acceptable independent third party to assist with the resolution.

4. Participants agree to take appropriate action in the event any of their representatives violate the Code. Such action could include warning, reprimanding, suspending, removing or replacing the representative who has violated the Code, depending on the severity of the violation. Depending on the number and severity of violations, the PKIC may impose consequences such as excluding a representative from certain meetings, removing or banning a representative from a (online) discussion, and suspending a representative from certain PKIC activities.

Maintaining Civil Discourse Among Participants

Members of the PKI Consortium (PKIC) wish to promote the organizations success by maintaining a constructive character in all PKIC discussions. They observe the character of some of the (online) discussions and at meetings, and conclude that sarcasm and ad hominem attacks impede progress by discouraging the sharing of ideas and encouraging the entrenchment of positions. For these reasons, the participants want to take active steps to avoid these behaviors in their own communications. It is recognized that it will be difficult to find the right balance between the need for free expression of ideas and the desire to conduct discussions with civility. Nevertheless, the members want to seek that balance.

Members have instructed the Chair and Vice Chair to monitor the character of PKIC online discussions and during virtual and in-person meetings and to admonish those who conduct themselves in a way that works against this goal.

Without exception, PKIC participants are world-class experts in many aspects of the PKIC’s work. But, none are completely informed in ALL aspects of the PKIC’s work. It is to be expected that from time to time statements may be made by participants that are either incompletely informed, are a matter of personal opinion but presented as a matter of fact, or are only be valid in a limited (but unstated) context.

Other participants should not assume the statements are the result of intellectual impairment or bad faith, and any response by a participant to such statements should make a good faith attempt to uncover the source of the misunderstanding and maintain civility.

Whenever a response from a participant clearly deviates from this objective, the Chair and Vice Chair are instructed to publicly remind the participant of the PKIC’s attitude in this regard.

Adapted from:

• WHATWG Code of Conduct (https://whatwg.org/code-of-conduct),
• W3C Code of Ethics and Professional Conduct (https://www.w3.org/Consortium/cepc/),
• Citizen Code of Conduct(https://github.com/stumpsyn/policies/blob/master/citizen_code_of_conduct.md)

Code of Conduct for Publications

Opinions

Any opinions expressed at pkic.org or any other publication of the PKI Consortium, except as specifically noted, are those of the individual author(s) and do not necessarily represent the views or policies of the PKI Consortium.

Authors are not responsible for the accuracy of information supplied by authors or by third-party sources.

Comments

Comments are welcome and moderated by the PKI Consortium. Commentary, opinions, and reactions to all comment posts are welcome. The PKI Consortium reserve the right to delete comments to their respective articles deemed uncivil, off-topic, spam, or inappropriate advertisements and/or promotion. Under no conditions will comments be edited.

Editorial commitment

In order to ensure accuracy and that every side to each issue is explored in detail, any individual or person officially representing an organization featured in an pkic.org article is allowed to submit a response which will be published, unedited.

Responses must address the issues at hand and the individuals and/or organizations must also be willing to maintain an open dialog for continued discussion. In lieu of this option, individuals may opt for submitting a comment, which is subject to the terms above.

Code of conduct

PKI Consortium is committed to providing content that promotes public enlightenment by way of principles rooted in the exchange of information that is accurate, fair, and thorough. To that end, PKI Consortium abides by the general rules of decency and manners, which serve as a guide for providing insight that not only benefits from an insider’s knowledge but helps establish responsibility for the content published via the following principles (items with emphasis are those the author feels are especially applicable for culture blogging):

Seek truth and report it

Ethical content writing should be accurate and fair. The content writers should be honest and courageous in gathering, reporting and interpreting information.

Content writers should:

• Take responsibility for the accuracy of their work. Verify information before releasing it. Use original sources whenever possible.
• Remember that neither speed nor format excuses inaccuracy.
• Provide context. Take special care not to misrepresent or oversimplify in promoting, previewing or summarizing a story.
• Gather, update and correct information throughout the life of a post.
• Be cautious when making promises, but keep the promises they make.
• Identify sources clearly. The public is entitled to as much information as possible to judge the reliability and motivations of sources.
• Consider sources’ motives before promising anonymity. Reserve anonymity for sources who may face danger, retribution or other harm, and have information that cannot be obtained elsewhere. Explain why anonymity was granted.
• Diligently seek subjects of news coverage to allow them to respond to criticism or allegations of wrongdoing.
• Avoid undercover or other surreptitious methods of gathering information unless traditional, open methods will not yield information vital to the public.
• Be vigilant and courageous about holding those with power accountable. Give voice to the voiceless.
• Support the open and civil exchange of views, even views they find repugnant.
• Recognize a special obligation to serve as watchdogs over public affairs and government. Seek to ensure that the public’s business is conducted in the open, and that public records are open to all.
• Provide access to source material when it is relevant and appropriate.
• Boldly tell the story of the diversity and magnitude of the human experience. Seek sources whose voices we seldom hear.
• Avoid stereotyping. Content writers should examine the ways their values and experiences may shape their reporting.
• Label advocacy and commentary.
• Never deliberately distort facts or context, including visual information. Clearly label illustrations and re-enactments.
• Never plagiarize. Always attribute.

Minimize harm

Ethical content writing treats organizations, sources, subjects, colleagues and members of the public as human beings deserving of respect.

Content writers should:

• Balance the public’s need for information against potential harm or discomfort. Pursuit of the news is not a license for arrogance or undue intrusiveness.
• Show compassion for those who may be affected by posts. Consider cultural differences in approach and treatment.
• Recognize that legal access to information differs from an ethical justification to publish or broadcast.
• Avoid pandering to lurid curiosity, even if others do.
• Consider the long-term implications of the extended reach and permanence of publication. Provide updated and more complete information as appropriate.

Act independently

The highest and primary obligation of ethical content writing is to serve the public and the community.

Content writers should:

• Avoid conflicts of interest, real or perceived. Disclose unavoidable conflicts.
• Refuse gifts, favors, fees, free travel and special treatment, and avoid political and other outside activities that may compromise integrity or impartiality, or may damage credibility.
• Be wary of sources offering information for favors or money; do not pay for access to news. Identify content provided by outside sources, whether paid or not.
• Deny favored treatment to advertisers, donors or any other special interests, and resist internal and external pressure to influence coverage.
• Distinguish content from advertising and shun hybrids that blur the lines between the two. Prominently label sponsored content.

Be accountable and transparent

Ethical journalism means taking responsibility for one’s work and explaining one’s decisions to the public.

Content writers should:

• Explain ethical choices and processes to audiences. Encourage a civil dialogue with the public about journalistic practices, coverage and news content.
• Respond quickly to questions about accuracy, clarity and fairness.
• Acknowledge mistakes and correct them promptly and prominently. Explain corrections and clarifications carefully and clearly.
• Expose unethical conduct in journalism, including within their organizations.
• Abide by the same high standards they expect of others.

Adapted from:

• The Society of Professional Journalists’ Code of Ethics

To report an issue or concern under the Code of Conduct, contact feedback (at) pkic.org.

I recognize that my participation in PKIC activities and projects may involve the contribution of intellectual property that may be incorporated into the PKIC activities, projects, standards, products, or services, including copyrights, patents, and other intellectual property belonging to my Organization (if applicable) or to me (together, “ Intellectual Property”).

I wish to make such contributions of Intellectual Property on behalf of my Organization (if applicable) and myself, and all such Intellectual Property is contributed together with a world-wide, perpetual, non-exclusive license (“License”) to use the Intellectual Property by PKIC, its Members, and the public worldwide in connection with such PKIC activities, projects, standards, products, or services. I warrant that I have the authority to make this IPRA and grant of License on behalf of my Organization (if applicable).

I agree not to disclose or contribute any intellectual property owned or claimed by my Organization (if applicable) or by me during my participation in PKIC activities and projects unless the disclosure or contribution is intended to be contributed with the License as described in the previous paragraph.

If any PKIC activities, projects, standards, products, or services includes any Intellectual Property contributed by my organization (if applicable) or by me and my organization (if applicable) or I do not want to grant the License described above, I understand that it is my organization’s (if applicable) and my obligation to immediately notify the Chair of that fact or else the License will be granted.

From time to time (e.g., on major PKIC activities, projects, standards, products, or services that involve enforceable or auditable standards), the Chair may give notice (“Notice”) before the publication or contextual change becomes effective. The Notice will call for a statement from each Member and Member representative of any Intellectual Property for which the Member or Member Representative does not want to contribute the License described above.

I accept that each time such Notice is given my Organization (if applicable) and I have thirty (30) days to disclose any Intellectual Property contained in such PKIC activities, projects, standards, products, or services that involve enforceable or auditable standards for which my Organization (if applicable) or I do not want to contribute a License as described above. I further accept that failing to do so will result in the grant of the License as described above.