<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-2022-jp"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:$B^b%4%7%C%/(B;
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:"$B#M#S(B $B#P%4%7%C%/(B";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@$B^b%4%7%C%/(B";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@$B#M#S(B $B#P%4%7%C%/(B";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0mm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0mm;
mso-margin-bottom-alt:auto;
margin-left:0mm;
font-size:12.0pt;
font-family:"$B#M#S(B $B#P%4%7%C%/(B";}
span.18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.20
{mso-style-type:personal-reply;
font-family:$B^b%4%7%C%/(B;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026">
<v:textbox inset="5.85pt,.7pt,5.85pt,.7pt" />
</o:shapedefaults></xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=JA link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><a name="_MailEndCompose"><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>Dear Bruce,<o:p></o:p></span></a></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>Thank you for preparing the Ballot.<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>Could you let me make sure of a couple of things about <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>"16.3 Subscriber Private Key Protection"?<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>I suppose that the first half of this section is quoted <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>from the BRs for Non-EV Code Signing Certificates, and<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>the latter part is quoted from the Guidelines for EV <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>Code Signing Certificates. If so, when I see current <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>description, it seems me little difficult to distinguish<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>the requirements for EV Code Signing Certificates.<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>I feel it's better to edit the item 4 as follows;<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>------------------------------------------------------------<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>16.3 Subscriber Private Key Protection<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>For Non-EV Code Signing Certificates, the CA MUST obtain<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>a representation from the Subscriber that the Subscriber<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>will use one of the following options to generate and <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>protect their Code Signing Certificate private keys:<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>1. A Trusted Platform Module (TPM) that generates and <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> secures a key pair and that can document the Subscriber$B!G(Bs <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> private key protection through a TPM key attestation.<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>2. A hardware crypto module with a unit design form factor <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> certified as conforming to at least FIPS 140 Level 2, <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> Common Criteria EAL 4+, or equivalent.<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>3. Another type of hardware storage token with a unit design <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> form factor of SD Card or USB token (not necessarily <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> certified as conformant with FIPS 140 Level 2 or Common <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> Criteria EAL 4+). The Subscriber MUST also warrant that it <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> will keep the token physically separate from the device that <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> hosts the code signing function until a signing session is begun.<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>For Non-EV Code Signing Certificates, a CA MUST recommend that <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>the Subscriber protect Private Keys using the method described in <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>Section 16.3(1) or 16.3(2) over the method described in Section <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>16.3(3) and obligate the Subscriber to protect Private Keys in <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>accordance with 10.3.2(2).<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>For EV Code Signing Certificates, CAs SHALL ensure that the <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>Subscriber$B!G(Bs private key is generated, stored and used in a <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>crypto module that meets or exceeds the requirements of FIPS <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>140-2 level 2. Acceptable methods of satisfying this requirement <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>include (but are not limited to) the following: <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>4. The CA ships a suitable hardware crypto module, with a <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> preinstalled key pair, in the form of a smartcard or USB <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> device or similar;<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>5. The Subscriber counter-signs certificate requests that can be <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> verified by using a manufacturer$B!G(Bs certificate indicating that <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> the key is managed in a suitable hardware module;<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>6. The Subscriber provides a suitable IT audit indicating that its <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> operating environment achieves a level of security at least <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'> equivalent to that of FIPS 140-2 level 2.<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>----------------------------------------------------------------------<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>P.S.<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>Please forgive me if I missed the points.<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>Best regards,<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'>Atsushi Inaba<o:p></o:p></span></span></p><div><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B$B!=!=!=!=!=!=!=(B<span lang=EN-US><o:p></o:p></span></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>GMO GlobalSign K.K.<o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>Business Planning<o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>Atsushi Inaba<o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>1-2-3, Dogenzaka, Shibuya Ku, Tokyo, Japan<o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>150-0043<o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>TEL: +81-3-6370-6671<o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>FAX: +81-3-6370-6505<o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>E-MAIL: atsushi.inaba@globalsign.com<o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>URL:https://jp.globalsign.com/<o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B<span lang=EN-US><o:p></o:p></span></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>THANK YOU 24 YEARS Internet for Everyone<o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B<span lang=EN-US><o:p></o:p></span></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>$B"#(B<span lang=EN-US> GMO INTERNET GROUP </span>$B"#(B <span lang=EN-US>http://www.gmo.jp/<o:p></o:p></span></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B<span lang=EN-US><o:p></o:p></span></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>This e-mail message is intended to be conveyed only to the <o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>designated recipient(s). If you are NOT the intended <o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>recipient(s) of this e-mail, please kindly notify the sender <o:p></o:p></span></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-size:10.5pt;font-family:$B^b%4%7%C%/(B;color:#1F497D'>immediately and delete the original message from your system.<o:p></o:p></span></span></p></div><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span lang=EN-US style='font-family:$B^b%4%7%C%/(B;color:#1F497D'><o:p> </o:p></span></span></p><span style='mso-bookmark:_MailEndCompose'></span><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0mm 0mm 0mm'><p class=MsoNormal><b><span lang=EN-US>From:</span></b><span lang=EN-US> Cscwg-public <cscwg-public-bounces@cabforum.org> <b>On Behalf Of </b>Bruce Morton via Cscwg-public<br><b>Sent:</b> Wednesday, July 15, 2020 6:36 AM<br><b>To:</b> cscwg-public@cabforum.org<br><b>Subject:</b> [Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'>Here is the ballot to the public list for discussion. The discussion period will be extended to minimum 7 days from today, so will end no earlier than 21 July 2020, 22:00 UTC.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'>Thanks, Bruce.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0mm 0mm 0mm'><p class=MsoNormal><b><span lang=EN-US>From:</span></b><span lang=EN-US> Bruce Morton <br><b>Sent:</b> Thursday, July 9, 2020 8:58 AM<br><b>To:</b> cscwg-management@cabforum.org<br><b>Subject:</b> Ballot CSC-2: Consolidate Baseline and EV CSCWG Document<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>This begins the discussion period for the Ballot CSC-2: Consolidate Baseline and EV CSCWG Document<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Purpose of Ballot:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>The CA/Browser Forum currently has two code signing requirements documents: 1) Baseline Requirements for the Issuance and Management of Publicly$B!>(BTrusted Code Signing Certificates and 2) Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates. The two documents are in similar format and cover many of the same requirements. CAs which issue both types of certificates must adhere to both documents and must be audited to two sets of criteria. CA/Browser Forum members also need to manage two sets of criteria. Auditors need to manage two sets of audit criteria.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>The greater goal is to 1) migrate the documents into one document which will manage the requirements of both EV and non-EV code signing certificates, 2) reformat the document to be in the RFC 3647 format which will be in line with CPS format requirements and 3) change and manage the requirements in an ongoing process.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>This ballot addresses item 1 of the process. The migration started with using the Baseline Requirements for Code Signing and adding in the EV Code Signing Requirements. The process was to minimize technical change although there was some change to allow merging. The process was not to correct issues, but a $B!H(Bparking lot$B!I(B list was created to capture changes to be addressed in the future.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>The following motion has been proposed by Bruce Morton of Entrust and endorsed by Mike Reilly of Microsoft and Dean Coclin of DigiCert.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>--- MOTION BEGINS ---<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>This ballot modifies the $B!H(BBaseline Requirements for the Issuance and Management of Publicly$B!>(BTrusted Code Signing Certificates$B!I(B based on Version 1.2 and removes the requirements for $B!H(BGuidelines For The Issuance And Management Of Extended Validation Code Signing Certificates$B!I(B based on Version 1.4. A redline update is attached.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Be it resolved that the CA / Browser Forum adopts the attached CA/B Forum Baseline Requirements for the Issuance and Management of Publicly$B!>(BTrusted Code Signing Certificates version 2.0 effective upon adoption.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>--- MOTION ENDS ---<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>This ballot proposes a Final Maintenance Guideline.<br><br>The procedure for approval of this ballot is as follows:<br><br>Discussion (7+ days)<br><br>Start Time: 9 July 2020 17:00:00 UTC<br><br>End Time: 16 July 2020 17:00:00 UTC<br><br>Vote for approval (7 days)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Start Time: TBD<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>End Time: TBD<o:p></o:p></span></p></div></body></html>