<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 12px; font-family: Arial, sans-serif; "><div><div><div>Hi Brian,</div><div><br></div><div>Yes. One option is to not have the details included if they are all the same. This is to ensure individuals or entities that would fail to be validated to OV standards can still obtain a multi-domain DV so long as all the domains to be included are consistent and owned by that individual/entity. This was changed from the previous ballot text in order to find middle ground and not deprecate a legitimate business case.</div><div><br></div><div>Details are only required if it's a mix of owners for each domain that are not affiliated in any way. It's up to the CA, the party holding the private key and each of the entities that own the domains to decide what information is presented to relying parties.</div><div><br></div><div>I hope that helps.</div><div><br></div><div>Steve</div><div><div><div><p></p><font class="Apple-style-span" style="color: rgb(0, 0, 0); "><font class="Apple-style-span"><p style="font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-size: 14px; "></p></font></font></div></div></div></div></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Brian Trzupek <<a href="mailto:BTrzupek@trustwave.com">BTrzupek@trustwave.com</a>><br><span style="font-weight:bold">Date: </span> Friday, 16 November 2012 22:31<br><span style="font-weight:bold">To: </span> Eddy Nigg <<a href="mailto:eddy_nigg@startcom.org">eddy_nigg@startcom.org</a>><br><span style="font-weight:bold">Cc: </span> CABForum Management <<a href="mailto:management@cabforum.org">management@cabforum.org</a>>, "<a href="mailto:public@cabforum.org">public@cabforum.org</a>" <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br><span style="font-weight:bold">Subject: </span> Re: [cabfpub] [cabfman] Ballot 92 - Subject Alternative Names<br></div><div><br></div><div><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"><div dir="auto"><div>So, is it a fair summary to say:</div><div><br></div><div>A) with the baselines we have blessed methods to validate domains. </div><div><br></div><div>B) we can have multiple domains (San) in those certs. </div><div><br></div><div>C) when we try an issue an OV cert, now there is a perceived confusion of the relying party in instances where there are multiple organizations for the included domains?</div><div><br></div><div>Maybe this is over simplifying, but with baseline Multi org DV is just fine because the cert presents no org, but we are trying to nail down who the org "should" be in the OV equivalent? </div><div><br></div><div>(I know there are other potential items in this ballot, but this is of the most interest to me)</div><div><br></div><div>Brian-<br><br>Sent from my iPhone</div><div><br>
On Nov 16, 2012, at 3:57 PM, "Eddy Nigg (StartCom Ltd.)" <<a href="mailto:eddy_nigg@startcom.org">eddy_nigg@startcom.org</a>> wrote:<br><br></div><blockquote type="cite"><div><br>
On 11/16/2012 11:36 PM, From Eddy Nigg (StartCom Ltd.):
<blockquote type="cite"><br>
As long as there are CAs that will sign just anything and everything (for pay), what does it matter if there are revocation capabilities?<br><br>
Don't make EV weaker than it is already, we have enough trouble earning some credibility in the other settings, we don't need more of that.<br></blockquote><br>
Having said that, even though I'm in disagreement with Gerv about his perception regarding OV certificates, it's still troubling to hear that there is still no confidence in the work and diligence most of us probably do.
<br><br>
If we can change this perception by raising the bar with serious and reasonable improvements, we probably should do it. We certainly should eliminate well known risk first.<br><br><br><div class="moz-signature"><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td colspan="2">Regards </td></tr><tr><td colspan="2"> </td></tr><tr><td>Signer: </td><td>Eddy Nigg, COO/CTO</td></tr><tr><td> </td><td><a href="http://www.startcom.org">StartCom Ltd.</a></td></tr><tr><td>XMPP: </td><td><a href="">startcom@startcom.org</a></td></tr><tr><td>Blog: </td><td><a href="http://blog.startcom.org">Join the Revolution!</a></td></tr><tr><td>Twitter: </td><td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td></tr><tr><td colspan="2"> </td></tr></tbody></table></div></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Management mailing list</span><br><span><a href="mailto:Management@cabforum.org">Management@cabforum.org</a></span><br><span><a href="https://cabforum.org/mailman/listinfo/management">https://cabforum.org/mailman/listinfo/management</a></span><br></div></blockquote><br><hr><font face="Arial" color="Gray" size="1"><br>
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information
contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.<br></font></div></div>
_______________________________________________
Public mailing list
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</span></body></html>