Intellectual property rights squabble erupts in industry group

The little-known industry group Certification Authority Browser (CA/B) Forum is suddenly becoming better known, as the bickering of the powerful companies associated with it gets louder as they squabble over intellectual property rights, part of a process in redefining how the group functions.

CA/B Forum, which takes up complex technology issues associated with public-key infrastructure (PKI) and digital certificates, a few years ago came up with what's called the "Extended Validation certificate," which requires a much tighter verification process to prove the identity of the entity requesting the certificate. That was certainly a crowning achievement. But since August, CA/B Forum, comprised mainly of browser makers and CAs that issue certificates, has melted down from 49 to 33 members as only those companies willing to sign off on the intellectual property rights (IPR) agreement document the group devised are allowed to stay on as members.
RELATED: New NIST encryption guidelines may force feds to replace old websites
According to members quarrelling over it, the new IPR document basically stipulates that members must disclose all patents related to PKI and digital certificates they have in order to retain the right to claim licensing royalties for any technologies the CA/B Forum comes up with in the future around it. In other words, the idea is put your cards on the table before new technology gets developed.
"Legally, we can't comply with it," Jon Callas, chief technology officer at Entrust, says about the IPR document. Entrust felt it had to resign from the CA/B Forum because its internal legal department couldn't approve the CA/B legal document it was asked to sign.
The problem, according to Callas, is that Entrust, privately owned by private equity firm Thoma Bravo, can't make assurances about everything affiliated with the private-equity firm, much of which it might not even know about. Entrust, a founding member that played a big role in creating the EV certificate, "wants to be involved" in the CA/B Forum, Callas says.
Besides Entrust, other companies known to have resigned their memberships include IdenTrust, RSA, RIM and Verizon Cybertrust. These declined to sign the IPR agreement, acknowledges Dean Coclin, senior director of business development at Symantec. He says T-Systems, based in Germany, had also balked at the IPR agreement but now appears likely to sign it.
Symantec is believed to have about 38% global share of the general SSL certificate market, and about 65% of the EV certificate market; for its part, Entrust is believed to have 1.2% and 2.47% respectively, according to Netcraft. The year-over-year overall market growth in SSL certificates is said to be more than 20%, with the EV certificate market growing at about 33%.
"We all want Entrust back in the Forum," says Coclin. "They had a problem with the way 'affiliate' is defined." He adds that an attempt at reconciliation is being made. Entrust had chaired the group, but with the departure of Entrust, the group now has two acting co-chairs, Symantec and DigiCert.