<html><body><span style="font-family:Verdana; color:#000000; font-size:10pt;"><div>No, not less assurance. But no more protection from anyone but an inept attacker, while creating additional cost and effort for the rest of the user base.<br></div><div><br></div><div>Thanks,</div><div><br></div><div>Wayne</div><div><br><br></div>
<blockquote id="replyBlockquote" webmail="1" style="border-left: 2px solid blue; margin-left: 8px; padding-left: 8px; font-size: 10pt; color: black; font-family: verdana;">
<div id="wmQuoteWrapper">
-------- Original Message --------<br>
Subject: RE: [cabfpub] [cabfman] Ballot 92 - Subject Alternative Names<br>
From: "Jeremy Rowley" <<a href="mailto:jeremy.rowley@digicert.com">jeremy.rowley@digicert.com</a>><br>
Date: Fri, November 16, 2012 11:34 am<br>
To: "'Wayne Thayer'" <<a href="mailto:wthayer@godaddy.com">wthayer@godaddy.com</a>>, "'CABForum Management'"<br>
<<a href="mailto:management@cabforum.org">management@cabforum.org</a>>, <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br>
<br>
<!--[if !mso]><style>
#wmQuoteWrapper v\:* {behavior:url(#default#VML);}
#wmQuoteWrapper o\:* {behavior:url(#default#VML);}
#wmQuoteWrapper w\:* {behavior:url(#default#VML);}
#wmQuoteWrapper .shape {behavior:url(#default#VML);}
</style><![endif]--><style>
#wmQuoteWrapper /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;}
#wmQuoteWrapper @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;}
#wmQuoteWrapper @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;}
#wmQuoteWrapper @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4;}
#wmQuoteWrapper @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4;}
#wmQuoteWrapper /* Style Definitions */ p.MsoNormal, #wmQuoteWrapper li.MsoNormal, #wmQuoteWrapper div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman","serif";}
#wmQuoteWrapper p.MsoPlainText, #wmQuoteWrapper li.MsoPlainText, #wmQuoteWrapper div.MsoPlainText {mso-style-priority:99; mso-style-link:"Plain Text Char"; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:"Times New Roman","serif";}
#wmQuoteWrapper pre {mso-style-priority:99; mso-style-link:"HTML Preformatted Char"; margin:0in; margin-bottom:.0001pt; font-size:10.0pt; font-family:"Courier New";}
#wmQuoteWrapper p.MsoAcetate, #wmQuoteWrapper li.MsoAcetate, #wmQuoteWrapper div.MsoAcetate {mso-style-priority:99; mso-style-link:"Balloon Text Char"; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:"Times New Roman","serif";}
#wmQuoteWrapper span.PlainTextChar {mso-style-name:"Plain Text Char"; mso-style-priority:99; mso-style-link:"Plain Text"; font-family:"Calibri","sans-serif";}
#wmQuoteWrapper span.BalloonTextChar {mso-style-name:"Balloon Text Char"; mso-style-priority:99; mso-style-link:"Balloon Text"; font-family:"Tahoma","sans-serif";}
#wmQuoteWrapper p.msochpdefault, #wmQuoteWrapper li.msochpdefault, #wmQuoteWrapper div.msochpdefault {mso-style-name:msochpdefault; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:"Times New Roman","serif";}
#wmQuoteWrapper span.plaintextchar0 {mso-style-name:plaintextchar;}
#wmQuoteWrapper span.balloontextchar0 {mso-style-name:balloontextchar;}
#wmQuoteWrapper span.HTMLPreformattedChar {mso-style-name:"HTML Preformatted Char"; mso-style-priority:99; mso-style-link:"HTML Preformatted"; font-family:Consolas;}
#wmQuoteWrapper span.EmailStyle26 {mso-style-type:personal-reply; font-family:"Calibri","sans-serif"; color:#1F497D;}
#wmQuoteWrapper .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;}
#wmQuoteWrapper @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;}
#wmQuoteWrapper div.WordSection1 {page:WordSection1;}
</style><div class="WordSection1"><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">Are you trying to assert that requiring a photo ID and address document provides less assurance than checking the WHOIS to see if it matches the applicant’s name? I strongly disagree.<o:p></o:p></span></div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">Jeremy <o:p></o:p></span></div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></div><div><div style="border-right: medium none; border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; padding: 3pt 0in 0in;"><div class="MsoNormal" style="font-size:12pt;"><b><span style="font-size: 10pt; font-family: "Tahoma","sans-serif";">From:</span></b><span style="font-size: 10pt; font-family: "Tahoma","sans-serif";"> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Wayne Thayer<br><b>Sent:</b> Friday, November 16, 2012 11:26 AM<br><b>To:</b> 'CABForum Management'; <a href="mailto:public@cabforum.org">public@cabforum.org</a><br><b>Subject:</b> Re: [cabfpub] [cabfman] Ballot 92 - Subject Alternative Names<o:p></o:p></span></div></div></div><div class="MsoNormal" style="font-size:12pt;"><o:p> </o:p></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">The question is not if it's "acceptable to continue", but if there is evidence to show that banning a wide swath of DV issuance is an effective improvement that merits the increased cost and effort that it requires of customers.<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">The "evidence" shown so far has been a hypothetical threat that a relying party would trust a DV certificate in a situation where an OV certificate would be distrusted due to the additional information contained in the O field. In addition, it has been stated that the validation process for an OV cert provides better traceability and presents an overall "higher bar" to deter a malicious applicant.<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">The first assertion assumes that the relying party is going to drill into the certificate details to examine the O field before trusting the cert. The second assertion implies that the standard for getting an "individual" OV cert is a significantly higher bar. That requires the applicant to submit a copy of a photo ID and a copy of a utility bill. That's our idea of raising the bar?<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">I think we'd all be better off if we focus on educating our customers about the benefits of different types of certs and then letting them choose, rather than continuing to try to mandate their behavior.<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">Meanwhile, if this ballot is approved, a lot of people relying on publicly trusted certs for completely private systems will have been misled by the CAB Forum's original 2015 deadline and be immediately forced to buy OV.<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">Thanks,<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">Wayne<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;margin-bottom: 12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><blockquote style="border-width: medium medium medium 1.5pt; border-style: none none none solid; border-color: -moz-use-text-color -moz-use-text-color -moz-use-text-color blue; padding: 0in 0in 0in 6pt; margin-left: 6pt; margin-top: 5pt; margin-bottom: 5pt;" id="replyBlockquote"><div id="wmQuoteWrapper"><div class="MsoNormal" style="font-size:12pt;margin-bottom: 12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">-------- Original Message --------<br>Subject: Re: [cabfpub] [cabfman] Ballot 92 - Subject Alternative Names<br>From: Steve Roylance <<a target="_blank" href="mailto:steve.roylance@globalsign.com"><span style="color: windowtext;">steve.roylance@globalsign.com</span></a>><br>Date: Fri, November 16, 2012 10:33 am<br>To: "<a target="_blank" href="mailto:kirk_hall@trendmicro.com"><span style="color: windowtext;">kirk_hall@trendmicro.com</span></a>" <<a target="_blank" href="mailto:kirk_hall@trendmicro.com"><span style="color: windowtext;">kirk_hall@trendmicro.com</span></a>><br>Cc: 'CABForum Management' <<a target="_blank" href="mailto:management@cabforum.org"><span style="color: windowtext;">management@cabforum.org</span></a>>,<br>"<a target="_blank" href="mailto:public@cabforum.org"><span style="color: windowtext;">public@cabforum.org</span></a>" <<a target="_blank" href="mailto:public@cabforum.org"><span style="color: windowtext;">public@cabforum.org</span></a>><o:p></o:p></span></div><div><div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">Kirk,<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">It is NOT meant to prohibit all types of DV SANs<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">It is meant to prohibit DV SANs under certain conditions i.e. where non unique information is contained, or Public IPs are used, or there is a mixture of owners as detailed by the domain registration.<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">If you own <b><a target="_blank" href="http://kirk.com"><span style="color: windowtext;">kirk.com</span></a></b> and <b><a target="_blank" href="http://finewineexpert.com"><span style="color: windowtext;">finewineexpert.com</span></a></b> then you can have both inside if they are registered to you.<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">Please read the text again carefully and highlight which situation you specifically don't agree with and why you feel it's acceptable to continue.<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">Steve<o:p></o:p></span></div></div></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div style="border-right: medium none; border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; padding: 3pt 0in 0in;"><div class="MsoNormal" style="font-size:12pt;"><b><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: black;">From: </span></b><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: black;">"<a href="mailto:kirk_hall@trendmicro.com" target="_blank"><span style="color: windowtext;">kirk_hall@trendmicro.com</span></a>" <<a href="mailto:kirk_hall@trendmicro.com" target="_blank"><span style="color: windowtext;">kirk_hall@trendmicro.com</span></a>><br><b>Date: </b>Friday, 16 November 2012 17:24<br><b>To: </b>CABForum Management <<a href="mailto:management@cabforum.org" target="_blank"><span style="color: windowtext;">management@cabforum.org</span></a>>, "<a href="mailto:public@cabforum.org" target="_blank"><span style="color: windowtext;">public@cabforum.org</span></a>" <<a href="mailto:public@cabforum.org" target="_blank"><span style="color: windowtext;">public@cabforum.org</span></a>><br><b>Subject: </b>Re: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><o:p> </o:p></span></div></div><div><div><div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">To help members evaluate Ballot 92 we are attaching a side-by-side comparison of current Baseline Requirements language with the proposed new language. As before, the intent of this ballot is to prohibit DV SANs certificates, which we will oppose.<o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"> <o:p></o:p></span></div></div><div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">Trend Micro does not issue DV certificates, but we think they serve a valuable security function in increasing the use of SSL. Forcing customers to buy OV certs instead is anti-competitive and will likely lead to less use of SSL to secure sites.<o:p></o:p></span></div></div></div></div></div><table class="MsoNormalTable" border="0" cellpadding="0"><tbody><tr><td style="background: none repeat scroll 0% 0% white; padding: 0.75pt;"><table class="MsoNormalTable" border="0" cellpadding="0"><tbody><tr><td style="padding: 0.75pt;"><divre>TREND MICRO EMAIL NOTICE<o:p></o:p></pre><pre>The information contained in this email and any attachments is confidentialand may be subject to copyright or other intellectual property protection.<o:p></o:p></pre><pre>If you are not the intended recipient, you are not authorized to use or<o:p></o:p></pre><pre>disclose this information, and we request that you notify us by reply mail or<o:p></o:p></pre><pre>telephone and delete the original message from your mail system.<o:p></o:p></pre></td></tr></tbody></table></td></tr></tbody></table><p class="MsoNormal"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">_______________________________________________ Management mailing list <a href="mailto:Management@cabforum.org" target="_blank"><u><span style="color: blue;">Management@cabforum.org</span></u></a> <a href="https://cabforum.org/mailman/listinfo/management" target="_blank"><u><span style="color: blue;">https://cabforum.org/mailman/listinfo/management</span></u></a> <o:p></o:p></span></div><div class="MsoNormal" style="font-size:12pt;text-align: center;" align="center"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;"><hr size="2" width="100%" align="center"></span></div><div class="MsoNormal" style="font-size:12pt;"><span style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: black;">_______________________________________________<br>Public mailing list<br><a target="_blank" href="mailto:Public@cabforum.org"><u><span style="color: blue;">Public@cabforum.org</span></u></a><br><a target="_blank" href="https://cabforum.org/mailman/listinfo/public"><u><span style="color: blue;">https://cabforum.org/mailman/listinfo/public</span></u></a><o:p></o:p></span></div></div></blockquote></div>
</div>
</blockquote></span></body></html>