<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 12px; font-family: Arial, sans-serif; "><div><div><div>Hi Wayne, </div><div><br></div><div>This is not an Anti DV debate at all as the majority of certificates will be unaffected by this ballot. It simply accelerates the demise of those certificates that are dangerous and already on the path to be deprecated.</div><div><br></div><div>I too agree that we should continue to look at EV, but the proverb the "devil is in the detail" is useful here as SANs were not adequately covered in the original drafts.</div><div><br></div><div>Finally the title of the ballot is not misleading. It's entirely accurate as it clarifies what can be included in a Subject Alternative Name - i.e. The "detail" from my previous point.</div><div><br></div><div>Steve</div><div><div><div><p></p><font class="Apple-style-span" style="color: rgb(0, 0, 0); "><font class="Apple-style-span"><p style="font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-size: 14px; "></p></font></font></div></div></div></div></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Wayne Thayer <<a href="mailto:wthayer@godaddy.com">wthayer@godaddy.com</a>><br><span style="font-weight:bold">Date: </span> Friday, 16 November 2012 20:53<br><span style="font-weight:bold">To: </span> CABForum Management <<a href="mailto:management@cabforum.org">management@cabforum.org</a>>, "<a href="mailto:public@cabforum.org">public@cabforum.org</a>" <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br><span style="font-weight:bold">Subject: </span> Re: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names<br></div><div><br></div><div><div><span style="font-family:Verdana; color:#000000; font-size:10pt;"><div>Hi Steve,</div><div><br></div><div>I'm glad we agree on the market-drive approach. I'm also happy that you are so passionate about improving our industry, but I clearly disagree with your assessment of this particular proposal as being a valuable enhancement to the reliability of public SSL certificates. If only we could redirect all the energy being spent on this anti-DV debate on things like revocation enhancements and making EV more accessible.</div><div><br></div><div>Finally, the title of this ballot is still misleading with the latest addition of a ban on DV certs for internal names.</div><div><br></div><div>Thanks,<br></div><div><br></div><div>Wayne</div><div><br></div><blockquote id="replyBlockquote" webmail="1" style="border-left: 2px solid blue; margin-left: 8px; padding-left: 8px; font-size: 10pt; color: black; font-family: verdana;"><div id="wmQuoteWrapper">
-------- Original Message --------<br>
Subject: Re: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names<br>From: Steve Roylance <<a href="mailto:steve.roylance@globalsign.com">steve.roylance@globalsign.com</a>><br>
Date: Fri, November 16, 2012 12:28 pm<br>
To: Wayne Thayer <<a href="mailto:wthayer@godaddy.com">wthayer@godaddy.com</a>><br>
Cc: 'CABForum Management' <<a href="mailto:management@cabforum.org">management@cabforum.org</a>>,<br>
"<a href="mailto:public@cabforum.org">public@cabforum.org</a>" <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br><br><div><div><div style="font-family: Arial,sans-serif; font-size: 12px;">Hi Wayne,</div><div style="font-family: Arial,sans-serif; font-size: 12px;"><br></div><div style="font-family: Arial,sans-serif; font-size: 12px;">I'm behind you all the way on the education front. That's really important for all parties as certificates are difficult to understand and prone to mistakes by subscribers especially if it's not clear what they are agreeing to when they purchase. A consistent approach is promised by the Base Requirements however today the approach is not consistent as there are too many variables that were not adequately tied down in the final document. That is what this ballot attempts to fix.</div><div style="font-family: Arial,sans-serif; font-size: 12px;"><br></div><div style="font-family: Arial,sans-serif; font-size: 12px;">ICANN suggested improvements to their industry in 2002 (<a target="_blank" href="http://www.icann.org/en/news/announcements/announcement-03sep02-en.htm">http://www.icann.org/en/news/announcements/announcement-03sep02-en.htm</a> ) in 2012 it's still ongoing.</div><div style="font-family: Arial,sans-serif; font-size: 12px;"><br></div><div style="font-family: Arial,sans-serif; font-size: 12px;">In this ballot we are suggesting improvements to ours, so lets hope we can all find an accord that works.</div><div style="font-family: Arial,sans-serif; font-size: 12px;"><br></div><div style="font-family: Arial,sans-serif; font-size: 12px;">We listened to the feedback last time and amended the ballot accordingly to ensure we were not misleading anyone.</div><div style="font-family: Arial,sans-serif; font-size: 12px;"><br></div><div><div><div style="color: rgb(0, 0, 0); font-size: 12px;">Steve</div><div><font class="Apple-style-span"><font class="Apple-style-span"><div class="MsoNormal" style="font-size:12pt;color: rgb(0, 0, 0); margin: 0cm 0cm 0.0001pt; line-height: 5px;"><br></div></font></font><div style="font-family: Arial,sans-serif; font-size: 12px;"></div><font class="Apple-style-span" style="font-family: Arial,sans-serif; font-size: 12px; color: rgb(0, 0, 0);"><font class="Apple-style-span"><div style="font-family: Arial,sans-serif; color: rgb(0, 0, 0); font-size: 14px;"></div></font></font></div></div></div></div></div><div style="font-family: Arial,sans-serif; font-size: 12px;"><br></div><span id="OLK_SRC_BODY_SECTION" style="font-size: 12px; font-family: Arial, sans-serif; "><div style="font-family: Calibri; font-size: 11pt; text-align: left; color: black; border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; padding: 3pt 0in 0in;"><span style="font-weight: bold;">From: </span> Wayne Thayer <<a target="_blank" href="mailto:wthayer@godaddy.com">wthayer@godaddy.com</a>><br><span style="font-weight: bold;">Date: </span> Friday, 16 November 2012 18:26<br><span style="font-weight: bold;">To: </span> CABForum Management <<a target="_blank" href="mailto:management@cabforum.org">management@cabforum.org</a>>, "<a target="_blank" href="mailto:public@cabforum.org">public@cabforum.org</a>" <<a target="_blank" href="mailto:public@cabforum.org">public@cabforum.org</a>><br><span style="font-weight: bold;">Subject: </span> Re: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names<br></div><div><br></div><div><div><span style="font-family: Verdana; color: rgb(0, 0, 0); font-size: 10pt;"><div>The question is not if it's "acceptable to continue", but if there is evidence to show that banning a wide swath of DV issuance is an effective improvement that merits the increased cost and effort that it requires of customers.</div><div><br></div><div>The "evidence" shown so far has been a hypothetical threat that a relying party would trust a DV certificate in a situation where an OV certificate would be distrusted due to the additional information contained in the O field. In addition, it has been stated that the validation process for an OV cert provides better traceability and presents an overall "higher bar" to deter a malicious applicant.</div><div><br></div><div>The first assertion assumes that the relying party is going to drill into the certificate details to examine the O field before trusting the cert. The second assertion implies that the standard for getting an "individual" OV cert is a significantly higher bar. That requires the applicant to submit a copy of a photo ID and a copy of a utility bill. That's our idea of raising the bar?<br></div><div><br></div><div>I think we'd all be better off if we focus on educating our customers about the benefits of different types of certs and then letting them choose, rather than continuing to try to mandate their behavior.</div><div><br></div><div>Meanwhile, if this ballot is approved, a lot of people relying on publicly trusted certs for completely private systems will have been misled by the CAB Forum's original 2015 deadline and be immediately forced to buy OV.<br></div><div><br></div><div>Thanks,<br></div><div><br></div><div>Wayne</div><div><br><br></div><blockquote id="replyBlockquote" webmail="1" style="border-left: 2px solid blue; margin-left: 8px; padding-left: 8px; font-size: 10pt; color: black; font-family: verdana;"><div id="wmQuoteWrapper"> -------- Original Message --------<br> Subject: Re: [cabfpub] [cabfman] Ballot 92 - Subject Alternative Names<br>From: Steve Roylance <<a target="_blank" href="mailto:steve.roylance@globalsign.com">steve.roylance@globalsign.com</a>><br> Date: Fri, November 16, 2012 10:33 am<br> To: "<a target="_blank" href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a>" <<a target="_blank" href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a>><br> Cc: 'CABForum Management' <<a target="_blank" href="mailto:management@cabforum.org">management@cabforum.org</a>>,<br> "<a target="_blank" href="mailto:public@cabforum.org">public@cabforum.org</a>" <<a target="_blank" href="mailto:public@cabforum.org">public@cabforum.org</a>><br><br><div><div><div>Kirk,</div><div><br></div><div>It is NOT meant to prohibit all types of DV SANs</div><div><br></div><div>It is meant to prohibit DV SANs under certain conditions i.e. where non unique information is contained, or Public IPs are used, or there is a mixture of owners as detailed by the domain registration.</div><div><br></div><div>If you own <b><a target="_blank" href="http://kirk.com">kirk.com</a></b> and <b><a target="_blank" href="http://finewineexpert.com">finewineexpert.com</a></b> then you can have both inside if they are registered to you.</div><div><br></div><div>Please read the text again carefully and highlight which situation you specifically don't agree with and why you feel it's acceptable to continue.</div><div><br></div><div>Steve</div><div><div><div><div></div><font class="Apple-style-span" style="color: rgb(0, 0, 0);"><font class="Apple-style-span"><div style="font-family: Arial,sans-serif; color: rgb(0, 0, 0); font-size: 14px;"></div></font></font></div></div></div></div></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family: Calibri; font-size: 11pt; text-align: left; color: black; border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; padding: 3pt 0in 0in;"><span style="font-weight: bold;">From: </span> "<a target="_blank" href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a>" <<a target="_blank" href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a>><br><span style="font-weight: bold;">Date: </span> Friday, 16 November 2012 17:24<br><span style="font-weight: bold;">To: </span> CABForum Management <<a target="_blank" href="mailto:management@cabforum.org">management@cabforum.org</a>>, "<a target="_blank" href="mailto:public@cabforum.org">public@cabforum.org</a>" <<a target="_blank" href="mailto:public@cabforum.org">public@cabforum.org</a>><br><span style="font-weight: bold;">Subject: </span> Re: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names<br></div><div><br></div><div xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><style>
#wmQuoteWrapper #wmQuoteWrapper /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;}
#wmQuoteWrapper #wmQuoteWrapper @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;}
#wmQuoteWrapper #wmQuoteWrapper /* Style Definitions */ p.MsoNormal, #wmQuoteWrapper #wmQuoteWrapper li.MsoNormal, #wmQuoteWrapper #wmQuoteWrapper div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";}
#wmQuoteWrapper #wmQuoteWrapper a:link, #wmQuoteWrapper #wmQuoteWrapper span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;}
#wmQuoteWrapper #wmQuoteWrapper a:visited, #wmQuoteWrapper #wmQuoteWrapper span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;}
#wmQuoteWrapper #wmQuoteWrapper p.MsoPlainText, #wmQuoteWrapper #wmQuoteWrapper li.MsoPlainText, #wmQuoteWrapper #wmQuoteWrapper div.MsoPlainText {mso-style-priority:99; mso-style-link:"Plain Text Char"; margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";}
#wmQuoteWrapper #wmQuoteWrapper p.MsoAcetate, #wmQuoteWrapper #wmQuoteWrapper li.MsoAcetate, #wmQuoteWrapper #wmQuoteWrapper div.MsoAcetate {mso-style-priority:99; mso-style-link:"Balloon Text Char"; margin:0in; margin-bottom:.0001pt; font-size:8.0pt; font-family:"Tahoma","sans-serif";}
#wmQuoteWrapper #wmQuoteWrapper span.PlainTextChar {mso-style-name:"Plain Text Char"; mso-style-priority:99; mso-style-link:"Plain Text"; font-family:"Calibri","sans-serif";}
#wmQuoteWrapper #wmQuoteWrapper span.BalloonTextChar {mso-style-name:"Balloon Text Char"; mso-style-priority:99; mso-style-link:"Balloon Text"; font-family:"Tahoma","sans-serif";}
#wmQuoteWrapper #wmQuoteWrapper .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif";}
#wmQuoteWrapper #wmQuoteWrapper @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;}
#wmQuoteWrapper #wmQuoteWrapper div.WordSection1 {page:WordSection1;}
</style><div link="blue" vlink="purple" lang="EN-US"><div class="WordSection1"><div class="MsoPlainText">To help members evaluate Ballot 92 we are attaching a side-by-side comparison of current Baseline Requirements language with the proposed new language. As before, the intent of this ballot is to prohibit DV SANs certificates, which we will oppose.<o:p></o:p></div><div class="MsoPlainText"><span style="color: black;"><o:p> </o:p></span></div><div class="MsoPlainText"><span style="color: black;">Trend Micro does not issue DV certificates, but we think they serve a valuable security function in increasing the use of SSL. Forcing customers to buy OV certs instead is anti-competitive and will likely lead to less use of SSL to secure sites.<o:p></o:p></span></div></div></div></div><table><tbody><tr><td bgcolor="#ffffff"><font color="#000000"><pre><table class="TM_EMAIL_NOTICE"><tbody><tr><td><pre>TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidentialand may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></tbody></table></pre></font></td></tr></tbody></table> _______________________________________________ Management mailing list <a target="_blank" href="mailto:Management@cabforum.org">Management@cabforum.org</a> <a target="_blank" href="https://cabforum.org/mailman/listinfo/management">https://cabforum.org/mailman/listinfo/management</a> </span> <hr>_______________________________________________<br> Public mailing list<br><a target="_blank" href="mailto:Public@cabforum.org">Public@cabforum.org</a><br><a target="_blank" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a><br></div></blockquote></span></div></div> _______________________________________________ Management mailing list <a target="_blank" href="mailto:Management@cabforum.org">Management@cabforum.org</a> <a target="_blank" href="https://cabforum.org/mailman/listinfo/management">https://cabforum.org/mailman/listinfo/management</a> </span>
</div></blockquote></span></div></div>
_______________________________________________
Management mailing list
<a href="mailto:Management@cabforum.org">Management@cabforum.org</a>
<a href="https://cabforum.org/mailman/listinfo/management">https://cabforum.org/mailman/listinfo/management</a>
</span></body></html>