<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
StartCom votes YES<br>
<br>
On 11/20/2012 05:11 PM, From Steve Roylance:
<blockquote
cite="mid:CCD14CD7.A3B97%25steve.roylance@globalsign.com"
type="cite">
<div>
<div>
<div style="color: rgb(0, 0, 0); ">Dear all.</div>
<div style="color: rgb(0, 0, 0); "><br>
</div>
<div style="color: rgb(0, 0, 0); ">After consideration of
whether the ballot stands or falls based on the additional
text proposed for the Common Name section, myself and the
endorsers have agreed to remove the changes proposed for
Section 9.2.2.</div>
<div style="color: rgb(0, 0, 0); "><br>
</div>
<div>For clarity the <font class="Apple-style-span"
color="#ff0000"><strike>change</strike></font> is shown in
the e-mail below and the Wiki has been updated to show the
final text <a moz-do-not-send="true"
href="https://www.cabforum.org/wiki/92%20-%20Subject%20Alternative%20Names"
style="color: rgb(0, 0, 0); ">https://www.cabforum.org/wiki/92%20-%20Subject%20Alternative%20Names</a></div>
<div style="color: rgb(0, 0, 0); "><br>
</div>
<div style="color: rgb(0, 0, 0); ">Note that balloting rules
both past and proposed allow for the deletion of text
without having to re-start.</div>
<div style="color: rgb(0, 0, 0); "><br>
</div>
<div style="color: rgb(0, 0, 0); ">I thank everyone for their
comments so far and hope we've struck an accord that will
benefit the industry as a whole in the months/years to come.</div>
<div style="color: rgb(0, 0, 0); "><br>
</div>
<div style="color: rgb(0, 0, 0); ">Kind Regards</div>
<div style="color: rgb(0, 0, 0); "><br>
</div>
<div style="color: rgb(0, 0, 0); ">Steve</div>
<div style="color: rgb(0, 0, 0); "><br>
</div>
</div>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family: Calibri; font-size: 11pt; text-align:
left; color: black; border-bottom-width: medium;
border-bottom-style: none; border-bottom-color: initial;
border-left-width: medium; border-left-style: none;
border-left-color: initial; padding-bottom: 0in; padding-left:
0in; padding-right: 0in; border-top-color: rgb(181, 196, 223);
border-top-width: 1pt; border-top-style: solid;
border-right-width: medium; border-right-style: none;
border-right-color: initial; padding-top: 3pt; "><span
style="font-weight:bold">From: </span> Steve Roylance <<a
moz-do-not-send="true"
href="mailto:steve.roylance@globalsign.com">steve.roylance@globalsign.com</a>><br>
<span style="font-weight:bold">Date: </span> Thursday, 15
November 2012 17:27<br>
<span style="font-weight:bold">To: </span> <<a
moz-do-not-send="true" href="mailto:public@cabforum.org">public@cabforum.org</a>>,
CABForum Management <<a moz-do-not-send="true"
href="mailto:management@cabforum.org">management@cabforum.org</a>><br>
<span style="font-weight:bold">Subject: </span> Ballot 92 -
Subject Alternative Names<br>
</div>
<div style="color: rgb(0, 0, 0); "><br>
</div>
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; font-family: Arial,
sans-serif; font-size: 12px; ">
<div>
<div>
<div style="color: rgb(0, 0, 0); font-size: 12px; "><a
moz-do-not-send="true"
href="https://www.cabforum.org/wiki/92%20-%20Subject%20Alternative%20Names">https://www.cabforum.org/wiki/92%20-%20Subject%20Alternative%20Names</a></div>
<div style="color: rgb(0, 0, 0); font-size: 12px; "><span
class="Apple-style-span" style="font-size: medium;
font-family: Arial, 'Lucida Grande', sans-serif; "><br>
</span></div>
<div style="color: rgb(0, 0, 0); font-size: 12px; "><span
class="Apple-style-span" style="font-size: medium;
font-family: Arial, 'Lucida Grande', sans-serif; ">Steve
Roylance of GlobalSign made the following motion and
Yngve Pettersen of Opera and Jeremy Rowley of
Digicert have endorsed it:</span></div>
<div>
<p class="line862" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; "><span
class="anchor" id="line-8"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">...
Motion begins...<span class="anchor" id="line-9"></span><span
class="anchor" id="line-10"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">Effective
on the 1st July 2013<span class="anchor"
id="line-11"></span><span class="anchor"
id="line-12"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">...
Erratum begins ...<span class="anchor" id="line-13"></span><span
class="anchor" id="line-14"></span><span
class="anchor" id="line-15"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">The
following sections will be amended in the Baseline
Requirements document.<span class="anchor"
id="line-16"></span><span class="anchor"
id="line-17"></span></p>
<p class="line867" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; "><strong>INSERT</strong> in
Section 4. Definitions the following:<span
class="anchor" id="line-18"></span><span
class="anchor" id="line-19"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">Public
IP Address: An IP Address that is not a Reserved IP
Address.<span class="anchor" id="line-20"></span><span
class="anchor" id="line-21"></span></p>
<p class="line867" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; "><strong>REPLACE</strong> Section
9.2.1 (Subject Alternative Name Extension) with the
following:<span class="anchor" id="line-22"></span><span
class="anchor" id="line-23"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">9.2.1
Subject Alternative Name Extension<span
class="anchor" id="line-24"></span><span
class="anchor" id="line-25"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">Certificate
Field: extensions:subjectAltName<span class="anchor"
id="line-26"></span><span class="anchor"
id="line-27"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">Required/Optional:
Required<span class="anchor" id="line-28"></span><span
class="anchor" id="line-29"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">Contents:
This extension MUST contain at least one entry that
is either a Fully-Qualified Domain Name or Public IP
Address. Each subjectAltName entry MUST either be a
Domain Name or an IP Address. The CA MUST confirm
the Applicant’s control of each dNSName or Public IP
Address entry in accordance with Section 11.1.<span
class="anchor" id="line-30"></span><span
class="anchor" id="line-31"></span></p>
<p class="line867" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">SubjectAltName
entries MAY include domain Names containing wildcard
characters.<span class="anchor" id="line-32"></span><span
class="anchor" id="line-33"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">If
the subjectAltName is:<span class="anchor"
id="line-34"></span><span class="anchor"
id="line-35"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">1)
a Public IP Address,<span class="anchor"
id="line-36"></span><span class="anchor"
id="line-37"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">2)
a Registered Domain Name that has a Domain Name
Registrant different than (and not an Affiliate of)
the Domain Name Registrant of any other Registered
Domain Name in the subjectAltName extension in the
Certificate, or<span class="anchor" id="line-38"></span><span
class="anchor" id="line-39"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">3)
a Reserved IP Address or Internal Server Name.<span
class="anchor" id="line-40"></span><span
class="anchor" id="line-41"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">then
the CA MUST verify the identity of an entity that
controls the private key in accordance with Section
11.2 and include the Subject Identity Information in
the issued Certificate in accordance with 9.2.4. The
CA MAY include explanatory information in the
Subject Organizational Unit field or a non-subject
certificate field to clarify the Subject Identity
Information included in the Certificate.<span
class="anchor" id="line-42"></span><span
class="anchor" id="line-43"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">Prior
to issuing a Certificate containing an Internal
Server Name or Reserved IP Address, the CA SHALL
notify the Applicant that the use of such
Certificates has been deprecated by the CA / Browser
Forum and that the practice will be eliminated by
October 2016. As of the Effective Date, the CA SHALL
NOT issue a certificate with an Expiry Date later
than 1 November 2015 if the subjectAlternativeName
contains a Reserved IP Address or Internal Server
Name. Effective 1 October 2016, CAs SHALL revoke all
unexpired Certificates whose subjectAlternativeName
extension or Subject commonName field contains a
Reserved IP Address or Internal Server Name.<span
class="anchor" id="line-44"></span><span
class="anchor" id="line-45"></span></p>
<p class="line867" style="font-family: Arial, 'Lucida
Grande', sans-serif; "><strike><font
class="Apple-style-span" color="#ff0000"><strong>REPLACE</strong> Section
9.2.2 (Subject Common Name Field) with the
following:<span class="anchor" id="line-46"></span><span
class="anchor" id="line-47"></span></font></strike></p>
<p class="line874" style="font-family: Arial, 'Lucida
Grande', sans-serif; "><strike><font
class="Apple-style-span" color="#ff0000">9.2.2
Subject Common Name Field<span class="anchor"
id="line-48"></span><span class="anchor"
id="line-49"></span></font></strike></p>
<p class="line874" style="font-family: Arial, 'Lucida
Grande', sans-serif; "><strike><font
class="Apple-style-span" color="#ff0000">Certificate
Field: subject:commonName (OID 2.5.4.3)<span
class="anchor" id="line-50"></span><span
class="anchor" id="line-51"></span></font></strike></p>
<p class="line874" style="font-family: Arial, 'Lucida
Grande', sans-serif; "><strike><font
class="Apple-style-span" color="#ff0000">Required/Optional:
Deprecated (Discouraged, but not prohibited)<span
class="anchor" id="line-52"></span><span
class="anchor" id="line-53"></span></font></strike></p>
<p class="line874" style="font-family: Arial, 'Lucida
Grande', sans-serif; "><strike><font
class="Apple-style-span" color="#ff0000">Contents:
If present, this field MUST contain a single
Public IP address or single Fully-Qualified
Domain Name that is one of the values contained
in the Certificate’s subjectAltName extension
(see Section 9.2.1). Reserved IP Addresses and
Internal Server Names are prohibited.</font></strike><span
class="anchor" id="line-54"></span><span
class="anchor" id="line-55"></span></p>
<p class="line867" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; "><strong>REPLACE</strong> Section
10.2.3 (Information Requirements) with the
following:<span class="anchor" id="line-56"></span><span
class="anchor" id="line-57"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">10.2.3
Information Requirements<span class="anchor"
id="line-58"></span><span class="anchor"
id="line-59"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">The
certificate request MAY include all factual
information about the Applicant to be included in
the Certificate, and such additional information as
is necessary for the CA to obtain from the Applicant
in order to comply with these Requirements and the
CA’s Certificate Policy and/or Certification
Practice Statement. In cases where the certificate
request does not contain all the necessary
information about the Applicant, the CA SHALL obtain
the remaining information from the Applicant or,
having obtained it from a reliable, independent,
third-party data source, confirm it with the
Applicant.<span class="anchor" id="line-60"></span><span
class="anchor" id="line-61"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">Applicant
information MUST include, but not be limited to, at
least one Subject Alternative Name as defined in
Section 9.2.1.<span class="anchor" id="line-62"></span><span
class="anchor" id="line-63"></span></p>
<p class="line867" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; "><strong>INSERT</strong> in
Section 11.1 (Authorization by Domain Name
Registrant) the following two new sections:<span
class="anchor" id="line-64"></span><span
class="anchor" id="line-65"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">11.1.3
Wildcard Domain Validation<span class="anchor"
id="line-66"></span><span class="anchor"
id="line-67"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">Before
issuing a certificate with a wildcard character (*)
in a CN or subjectAltName of type DNS-ID, the CA
MUST establish and follow a documented procedure†
that determines if the wildcard character occurs in
the first label position to the left of a
“registry-controlled” label or “public suffix” (e.g.
“*.com”, “*.co.uk”, see RFC 6454 Section 8.2 for
further explanation). <span class="anchor"
id="line-68"></span>If a wildcard would fall
within the label immediately to the left of a
registry-controlled† or public suffix, CAs SHALL
refuse issuance unless the applicant proves its
rightful control of the entire Domain Namespace.
(e.g. CAs SHALL NOT issue “*.co.uk”, but MAY issue
“*.example.co.uk” to Example Ltd.)<span
class="anchor" id="line-69"></span><span
class="anchor" id="line-70"></span></p>
<p class="line862" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">†Determination
of what is “registry-controlled” versus the
registerable portion of a Country Code Top-Level
Domain Namespace is not standardized at the time of
writing and is not a property of the DNS itself.
Current best practice is to consult a “public suffix
list” such as <a moz-do-not-send="true" class="http"
href="http://publicsuffix.org/" style="color:
rgb(0, 68, 179); border-top-width: 0px;
border-right-width: 0px; border-bottom-width: 0px;
border-left-width: 0px; border-style: initial;
border-color: initial; text-decoration: none; ">http://publicsuffix.org/</a>.
If the process for making this determination is
standardized by an RFC, then such a procedure SHOULD
be preferred.<span class="anchor" id="line-71"></span><span
class="anchor" id="line-72"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">...
Erratum ends ...<span class="anchor" id="line-73"></span><span
class="anchor" id="line-74"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">The
review period for this ballot shall commence at
21:00 UTC on 15 November 2012 and will close at
21:00 UTC on 22 November 2012. Unless the motion is
withdrawn during the review period, the voting
period will start immediately thereafter and will
close at 21:00 UTC on 29 November 2012. Votes must
be cast by posting an on-list reply to this thread.<span
class="anchor" id="line-75"></span><span
class="anchor" id="line-76"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">...
Motions ends ...<span class="anchor" id="line-77"></span><span
class="anchor" id="line-78"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">A
vote in favor of the motion must indicate a clear
'yes' in the response.<span class="anchor"
id="line-79"></span><span class="anchor"
id="line-80"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">A
vote against must indicate a clear 'no' in the
response. A vote to abstain must indicate a clear
'abstain' in the response. Unclear responses will
not be counted. The latest vote received from any
representative of a voting member before the close
of the voting period will be counted.<span
class="anchor" id="line-81"></span><span
class="anchor" id="line-82"></span></p>
<p class="line862" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">Voting
members are listed here: <a moz-do-not-send="true"
class="http"
href="http://www.cabforum.org/forum.html"
style="color: rgb(0, 68, 179); border-top-width:
0px; border-right-width: 0px; border-bottom-width:
0px; border-left-width: 0px; border-style:
initial; border-color: initial; text-decoration:
none; ">http://www.cabforum.org/forum.html</a><span
class="anchor" id="line-83"></span><span
class="anchor" id="line-84"></span></p>
<p class="line874" style="color: rgb(0, 0, 0);
font-family: Arial, 'Lucida Grande', sans-serif; ">In
order for the motion to be adopted, two thirds or
more of the votes cast by members in the CA category
and one half or more of the votes cast by members in
the browser category must be in favor. Also, at
least six members must participate in the ballot,
either by voting in favor, voting against or
abstaining.</p>
</div>
</div>
</div>
</div>
</div>
</span>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
</body>
</html>