<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-2022-jp"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"\@MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"MS PGothic","sans-serif";
mso-fareast-language:JA;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"MS PGothic","sans-serif";
mso-fareast-language:JA;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:JA;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"MS PGothic","sans-serif";
mso-fareast-language:JA;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
mso-fareast-language:JA;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Wen-Cheng Wang,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Back when I was at CyberSafe and Valicert (mid to late 90s) I saw stuff like that too, I do not doubt there are a handful of people out there running stuff from this era still but thank goodness it’s just a handful.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>One of the coolest parts of the Internet in 2012 is we now have real and accurate <a href="http://gs.statcounter.com/#browser-ww-monthly-201104-201204-bar">statistics</a> on what is out there (we really did not back then), for example in the case of browsers on the Internet (which is what “publicly trusted” certificates are about) we know that less than .7% of the internet uses “Other” types (not Firefox, Safari, Opera, Chrome IE).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><a name="_MailEndCompose"><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I am sure some of that .7% is from an age where the stuff you’re talking about still was common; but we also have to remember why people put SSL on websites – to secure them. I would argue anything from nearly two decades ago has a near zero chance of being “secure”.<o:p></o:p></span></a></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>So to the point of if we are guaranteed that there will be no hosts that “explode” when they see a certificate with a Name Constraints extension, you are right -- there are no guarantees in life. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>What we do know is statistically the chances of finding one such client is very small and when we do they will have larger security problems than the one we are trying to address.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Ryan<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span><span lang=JA style='font-size:10.0pt'>王瘢雹文正</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> [mailto:wcwang@cht.com.tw] <br><b>Sent:</b> Friday, May 25, 2012 11:08 PM<br><b>To:</b> Ryan Hurst; 'Rob Stradling'<br><b>Cc:</b> 'Steve Roylance'; 'Chris Palmer'; public@cabforum.org<br><b>Subject:</b> RE: [cabfpub] More changes to proposed policy update<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><span style='color:black'>Ryan,</span><o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Times New Roman","serif"'>At my early stage of developing CA systems, I made some experiments aboout tolerance of various browsers on differnet certificate extensions. At that time, at least some versions of Netscape Navigator will crach if some unfamiliar certificate extensions encountered even they are marked non-critical. I know there are people out there still using Netscape Navigator. Of course, its market share is negligible. In recent years, I had ever encountered some VPN devices of which tolerance on differnet certificate extensions were weak. I believe those VPN devices are still online out there, and there is no path to upgrate their firmware.</span><o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Times New Roman","serif"'>The point is that marking the Name Constraints extension non-critical does not solve the problem if you want 100% of clients not getting explode.</span><o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><div><div><p class=MsoNormal><span style='color:black'>Wen-Cheng Wang</span><span style='font-size:10.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.0pt'> <o:p></o:p></span></p></div></div></div><div id=divRpF621317><div class=MsoNormal align=center style='text-align:center'><hr size=2 width="100%" align=center></div><p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Ryan Hurst [ryan.hurst@globalsign.com]<br><b>Sent:</b> Saturday, May 26, 2012 2:15 AM<br><b>To:</b> </span><span lang=JA style='font-size:10.0pt'>王瘢雹文正</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>; 'Rob Stradling'<br><b>Cc:</b> 'Steve Roylance'; 'Chris Palmer'; <a href="mailto:public@cabforum.org">public@cabforum.org</a><br><b>Subject:</b> RE: [cabfpub] More changes to proposed policy update</span><o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>In environments where such clients exist you can go through the work and costs to :<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-.25in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>1)</span><span style='font-size:7.0pt;font-family:"Times New Roman","serif";color:#1F497D'> </span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Fix/replace such clients<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-.25in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>2)</span><span style='font-size:7.0pt;font-family:"Times New Roman","serif";color:#1F497D'> </span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Use a private (non-public) CA<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-.25in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>3)</span><span style='font-size:7.0pt;font-family:"Times New Roman","serif";color:#1F497D'> </span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Meet the full requirements of a public CA.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Are you aware of such clients? Do they represent a statistically significant % of the clients on the internet?<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Ryan<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span><span lang=JA style='font-size:10.0pt'>王瘢雹文正</span><span lang=JA style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><a href="mailto:[mailto:wcwang@cht.com.tw]">[mailto:wcwang@cht.com.tw]</a> <br><b>Sent:</b> Friday, May 25, 2012 10:33 AM<br><b>To:</b> Rob Stradling<br><b>Cc:</b> Ryan Hurst; Steve Roylance; 'Chris Palmer'; <a href="mailto:public@cabforum.org">public@cabforum.org</a><br><b>Subject:</b> RE: [cabfpub] More changes to proposed policy update<o:p></o:p></span></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><o:p> </o:p></p><div id=divRpF211966><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Rob,<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Times New Roman","serif"'>Believe it or not. Even the Name Constraints extension is marked non-critical, there still exist dumb clients that will explode when encountering it.</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Times New Roman","serif"'>Dumb clients might explode simply because they never saw this kind of extensions rather than because they are marked critical.</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Times New Roman","serif"'>In that situations, what can you do?</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Times New Roman","serif"'>Currently, if major browsers/operating systems all can live peacefully with "Critical" Name Constraints extensions, why bother making the BR inconsistent with RFC5280?</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Wen-Cheng Wang<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><div class=MsoNormal align=center style='text-align:center'><hr size=2 width="100%" align=center></div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Rob Stradling [rob.stradling@comodo.com]<br><b>Sent:</b> Friday, May 25, 2012 9:56 PM<br><b>To:</b> </span><span lang=JA style='font-size:10.0pt'>王瘢雹文正</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br><b>Cc:</b> Ryan Hurst; Steve Roylance; 'Chris Palmer'; <a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a><br><b>Subject:</b> Re: [cabfpub] More changes to proposed policy update</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt'>On 25/05/12 14:41, <span lang=JA>王瘢雹文正</span> wrote:<br><snip><br> > On the contrary, I think marking the Name Constraints extension<br> > critical is the way to provide the motive power. If dumb clients<br> > explode, their users will ask the implementers to support it.<br><br>I don't think that that is what would happen. I think the actual <br>scenario would be closer to this...<br><br>Dumb client explodes when encountering a Critical Name Constraints <br>extension. User complains to the Certificate Holder that the <br>certificate is broken. Certificate Holder complains to the CA. CA <br>blames the dumb client software, but neither the Certificate Holder nor <br>the User accepts this explanation (even though the explanation is <br>correct!) Certificate Holder asks for a refund and then obtains a new <br>certificate from a different CA that doesn't use the Name Constraints <br>extension. Very quickly every CA realizes that it is not commercially <br>viable to use Critical Name Constraints. Back to square one.<br><br>On 25/05/12 14:41, <span lang=JA>王瘢雹文正</span> wrote:<br>> Dear Rob, Steve, Ryan and Chris,<br>><br>> Thank you all for your patience in explain your logic.<br>><br>> Now I understand your rationale goes like this: If we turn the Name Constraints extension into an 'informative' extension first by marking it non-critical, hopefully it will become a real constraint-type extension in the end.<br>><br>> Making it as an informative extension is better than nothing. Maybe you are right. However, my guess is it will stay as an informative extension forever. I do not believe allowing the non-critical Name Constraints extension can help pushing the world to reach the desired end state (I mean all clients become supporting the critical Name Constraints extension.). Since it is non-critical, it will not provide the motive power to push those dumb clients to change themselves because they can simply ignore it. On the contrary, I think marking the Name Constraints extension critical is the way to provide the motive power. If dumb clients explode, their users will ask the implementers to support it. Otherwise, the users will switch to more smart clients. I do understand that if we goes this way, the process to reach the desired end state might be bloody. If your goal is to reach the desired end state, this is the way that can really accelerate the process.<br>><br>> If the forum finally decide to approve the motion of allowing non-critical Name Constraints extension, then we should ask ourselves a question: when will we turn back to change the BR to require marking the Name Constraints extension as critical? Until 100% of clients become smart? Or 95% (whatever) is acceptable? Can we really reach the so-called "desired end state" in this way?<br>><br>> Wen-Cheng Wang<br>><br>> -----Original Message-----<br>> From: Rob Stradling [<a href="mailto:rob.stradling@comodo.com" target="_blank">mailto:rob.stradling@comodo.com</a>]<br>> Sent: Friday, May 25, 2012 7:12 PM<br>> To: <span lang=JA>王瘢雹文正</span><br>> Cc: Ryan Hurst; 'Chris Palmer'; <a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a><br>> Subject: Re: [cabfpub] More changes to proposed policy update<br>><br>> On 25/05/12 11:43, <span lang=JA>王瘢雹文正</span> wrote:<br>>> I do not get the logic here.<br>><br>> I think Ryan's post explained the logic clearly and succinctly.<br>><br>> You're looking only at the "desired end state". Please consider the "transition problem".<br>><br>> Security versus Usability. If we can't ever Use it in practice, we won't ever benefit from the Security it offers.<br>><br>> Today, Critical Name Constraints are considered undeployable by many CAs, because too much relying party software would break. Therefore, using the Name Constraints extension _at all_ is not an option for us.<br>><br>> Non-critical Name Constraints are better than No Name Constraints!<br>><br>> The "desired end state" is...<br>> 1. Name Constraints always Critical.<br>> 2. Name Constraints actually used!<br>><br>> If you can suggest an alternative way to solve the "transition problem"<br>> so that we can reach the "desired end state", we would love to hear it!<br>><br>> Nobody is suggesting that CAs should be prohibited from setting the Name Constraints extension to Critical. All we are saying is that CAs should be allowed to use non-critical Name Constraints instead of No Name Constraints at all.<br>><br>>> Since the purpose of adding the Name Constraints extension is to technically constrain the name space the externally-operated subordinate CA is allowed to issue subsequent certificates, I do not see how this purpose can be accomplished if we allow clients to ignore the Name Constraints extension (by marking it non-critical).<br>>><br>>> To those smart clients, marking the Name Constraints extension critical cause no problem because that extension is recognized. To those dumb clients, if they do not understand the meaning of the Name Constraints extension, it is dangerous for them to blindly accept the certificate. It comes naturally that those dumb clients should reject constrained certificate they do not understand. I do not see why allowing clients to blindly accept certificates which may be out of the allowed name space can materially reduce the risk of those that rely on us.<br>>><br>>> I do not oppose the use of the Name Constraints extension, but I want that extension to be used in the correct way.<br>>><br>>> Wen-Cheng Wang<br>>><br>>> -----Original Message-----<br>>> From: Ryan Hurst [<a href="mailto:ryan.hurst@globalsign.com" target="_blank">mailto:ryan.hurst@globalsign.com</a>]<br>>> Sent: Friday, May 25, 2012 6:15 AM<br>>> To: 'Chris Palmer'; <span lang=JA>王瘢雹文正</span><br>>> Cc: <a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a><br>>> Subject: RE: [cabfpub] More changes to proposed policy update<br>>><br>>> I agree with Chris and others on this topic.<br>>><br>>> The intent of a standard is to document the desired end state, only sometimes do they bother themselves with the transition problem (which is why so many never really get fully deployed IMHO).<br>>><br>>> In this case the only downside of doing this is not complying with a clause in some document, the upside is materially reducing the risk of those that rely on us.<br>>><br>>> We are actively moving our customers to this model.<br>>><br>>> Ryan<br>>><br>>> -----Original Message-----<br>>> From: <a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org" target="_blank">mailto:public-bounces@cabforum.org</a>]<br>>> On Behalf Of Chris Palmer<br>>> Sent: Thursday, May 24, 2012 1:38 PM<br>>> To: <span lang=JA>王瘢雹文正</span><br>>> Cc: <a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a><br>>> Subject: Re: [cabfpub] More changes to proposed policy update<br>>><br>>> On Thu, May 24, 2012 at 6:42 AM, <span lang=JA>王瘢雹文正</span><<a href="mailto:wcwang@cht.com.tw" target="_blank">wcwang@cht.com.tw</a>> wrote:<br>>><br>>>> For the criticality of the Name Constraints extension, the text in<br>>>> the ITU-T X.509 standard reads "It is recommended that it be flagged critical; otherwise, a certificate user may not check that subsequent certificates in a certification path are located in the constrained name spaces intended by the issuing CA."<br>>><br>>> Sure, but otherwise-acceptable certificate chains fail in some clients when the client sees critical fields it doesn't understand. That effectively stops us from deploying name-constrained certificates without an Internet Flag Day where everyone fixes their clients. Since that is not going to happen, the way to get incremental improvement is to allow non-critical name constraints, and for the vendors of smart clients to enforce them where present.<br>>><br>>> That is, to smart clients they will be effectively critical, but dumb clients at least won't explode. That's not ideal, but it is significantly Better Than Nothing. Name constraints are so wonderfully good that it's still very nice to get their benefits in some clients, even if not in all clients.<br>>><br>>> So Google would most likely vote for it and implement it.<br>>><br>>><br>>> --<br>>> If it's not safe, is it really usable?<br>>> _______________________________________________<br>>> Public mailing list<br>>> <a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br>>> <a href="http://cabforum.org/mailman/listinfo/public" target="_blank">http://cabforum.org/mailman/listinfo/public</a><br>>> _______________________________________________<br>>> Public mailing list<br>>> <a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br>>> <a href="http://cabforum.org/mailman/listinfo/public" target="_blank">http://cabforum.org/mailman/listinfo/public</a><br>><br>> --<br>> Rob Stradling<br>> Senior Research& Development Scientist<br>> COMODO - Creating Trust Online<br>> Office Tel: +44.(0)1274.730505<br>> Office Fax: +44.(0)1274.730909<br>> <a href="http://www.comodo.com/" target="_blank">www.comodo.com</a><br>><br>> COMODO CA Limited, Registered in England No. 04058690 Registered Office:<br>> 3rd Floor, 26 Office Village, Exchange Quay,<br>> Trafford Road, Salford, Manchester M5 3EQ<br>><br>> This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by COMODO for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software.<br><br>-- <br>Rob Stradling<br>Senior Research & Development Scientist<br>COMODO - Creating Trust Online<br>Office Tel: +44.(0)1274.730505<br>Office Fax: +44.(0)1274.730909<br><a href="http://www.comodo.com/" target="_blank">www.comodo.com</a><br><br>COMODO CA Limited, Registered in England No. 04058690<br>Registered Office:<br> 3rd Floor, 26 Office Village, Exchange Quay,<br> Trafford Road, Salford, Manchester M5 3EQ<br><br>This e-mail and any files transmitted with it are confidential and <br>intended solely for the use of the individual or entity to whom they are <br>addressed. If you have received this email in error please notify the <br>sender by replying to the e-mail containing this attachment. Replies to <br>this email may be monitored by COMODO for operational or business <br>reasons. Whilst every endeavour is taken to ensure that e-mails are free <br>from viruses, no liability can be accepted and the recipient is <br>requested to use their own virus checking software.<o:p></o:p></span></p></div></div></div></div></div></body></html>