<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>The language in Section 9.2.1 permits MDCs containing separate registered domains if the owner of the registered domains are the same. In that case, the owner of the domain doesn’t need to be listed in the certificate. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>For example, if digicert.com and example.com are both owned by DigiCert, then subject information is not required because relying parties can readily identify a single entity as controlling the private keys for all of the listed domains.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Jeremy<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> management-bounces@cabforum.org [mailto:management-bounces@cabforum.org] <b>On Behalf Of </b>Eddy Nigg (StartCom Ltd.)<br><b>Sent:</b> Friday, November 16, 2012 3:52 PM<br><b>To:</b> public@cabforum.org<br><b>Cc:</b> 'CABForum Management'<br><b>Subject:</b> Re: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><br>On 11/16/2012 07:42 PM, From Jeremy Rowley: <o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'>I would say the intent is to ensure that there is a legitimate party behind each certificate and reduce the risks associated with what we consider a high risk practice (as shown in the example I previously provided). OV is not required if the owner of the domain names listed in the certificate is the same.</span><o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><br>I've just come across your reply here and probably the last sentence doesn't make any sense.<br><br>If the owner of the domain names is listed in the certificate, it's probably and IV or OV certificate. So it's there already... :S<br><br><o:p></o:p></span></p><div><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0><tr><td colspan=2 style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Regards <o:p></o:p></span></p></td></tr><tr><td colspan=2 style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'> <o:p></o:p></span></p></td></tr><tr><td style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Signer: <o:p></o:p></span></p></td><td style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Eddy Nigg, COO/CTO<o:p></o:p></span></p></td></tr><tr><td style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'> <o:p></o:p></span></p></td><td style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><a href="http://www.startcom.org">StartCom Ltd.</a><o:p></o:p></span></p></td></tr><tr><td style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>XMPP: <o:p></o:p></span></p></td><td style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a><o:p></o:p></span></p></td></tr><tr><td style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Blog: <o:p></o:p></span></p></td><td style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><a href="http://blog.startcom.org">Join the Revolution!</a><o:p></o:p></span></p></td></tr><tr><td style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Twitter: <o:p></o:p></span></p></td><td style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><a href="http://twitter.com/eddy_nigg">Follow Me</a><o:p></o:p></span></p></td></tr><tr><td colspan=2 style='padding:0in 0in 0in 0in'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'> <o:p></o:p></span></p></td></tr></table></div><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p></div></body></html>