<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

</head>

<body dir="auto">

<div>Trustwave votes 'no'<br>

<br>

<br>

</div>

<div>On Nov 23, 2012, at 5:57 AM, "Janssen, M.A. (Mark) - Logius" <<a href="mailto:mark.janssen@logius.nl">mark.janssen@logius.nl</a>> wrote:<br>

<br>

</div>

<blockquote type="cite">

<div><style>

<!--

@font-face

        {font-family:"Cambria Math"}

@font-face

        {font-family:Calibri}

@font-face

        {font-family:Tahoma}

@font-face

        {font-family:Verdana}

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif"}

a:link, span.MsoHyperlink

        {color:blue;

        text-decoration:underline}

a:visited, span.MsoHyperlinkFollowed

        {color:purple;

        text-decoration:underline}

p

        {margin-right:0cm;

        margin-left:0cm;

        font-size:12.0pt;

        font-family:"Times New Roman","serif"}

p.MsoAcetate, li.MsoAcetate, div.MsoAcetate

        {margin:0cm;

        margin-bottom:.0001pt;

        font-size:8.0pt;

        font-family:"Tahoma","sans-serif"}

p.line862, li.line862, div.line862

        {margin-right:0cm;

        margin-left:0cm;

        font-size:12.0pt;

        font-family:"Times New Roman","serif"}

p.line874, li.line874, div.line874

        {margin-right:0cm;

        margin-left:0cm;

        font-size:12.0pt;

        font-family:"Times New Roman","serif"}

p.line867, li.line867, div.line867

        {margin-right:0cm;

        margin-left:0cm;

        font-size:12.0pt;

        font-family:"Times New Roman","serif"}

span.BallontekstChar

        {font-family:"Tahoma","sans-serif"}

span.E-mailStijl26

        {font-family:"Calibri","sans-serif";

        color:#1F497D}

.MsoChpDefault

        {font-size:10.0pt}

@page Section1

        {margin:72.0pt 72.0pt 72.0pt 72.0pt}

-->

</style>

<div class="Section1">

<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Verdana","sans-serif"; color:#1F497D">Logius PKIoverheid votes “yes” .</span></p>

<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Verdana","sans-serif"; color:#1F497D">Thanks.

</span></p>

<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Verdana","sans-serif"; color:#1F497D"> </span></p>

<p class="MsoNormal"><span style="font-size:7.5pt; font-family:"Verdana","sans-serif"; color:#1F497D">Best Regards,<br>

<br>

<b>Mark Janssen</b><br>

Senior Advisor PKIoverheid<br>

........................................................................<br>

</span><b><span lang="EN-GB" style="font-size:7.5pt; font-family:"Verdana","sans-serif"; color:#1F497D">Logius<br>

The ministry of the Interior and Kingdom Relations (BZK)</span></b><span lang="EN-GB" style="font-size:9.0pt; font-family:"Verdana","sans-serif"; color:#1F497D"><br>

</span><span lang="EN-GB" style="font-size:7.5pt; font-family:"Verdana","sans-serif"; color:#1F497D">Wilhelmina van Pruisenweg 52 | 2595 AN | The Hague<br>

P.O. Box 96810 | 2509 JE | The Hague<br>

........................................................................<br>

</span><span style="font-size:7.5pt; font-family:"Verdana","sans-serif"; color:#1F497D">T +31(0) 70 8887 967<br>

F +31(0) 70 8887 882<br>

</span><span lang="NL" style="font-size:9.0pt; font-family:"Verdana","sans-serif"; color:#1F497D"><a href="mailto:mark.janssen@logius.nl" target="_blank" title="mailto:mark.janssen@logius.nl"><span lang="EN-US" style="font-size:7.5pt">mark.janssen@logius.nl</span></a></span><span style="font-size:9.0pt; font-family:"Verdana","sans-serif"; color:#1F497D"><br>

</span><span lang="FR" style="font-size:9.0pt; font-family:"Verdana","sans-serif"; color:#1F497D"><a href="https://webmail.ictu.nl/exchweb/bin/redir.asp?URL=http://www.logius.nl/" target="_blank" title="https://webmail.ictu.nl/exchweb/bin/redir.asp?URL=http://www.logius.nl/"><span style="font-size:7.5pt">http://www.logius.nl/</span></a></span><span style="font-size:9.0pt; font-family:"Verdana","sans-serif"; color:#1F497D"><br>

</span><span style="font-size:7.5pt; font-family:"Verdana","sans-serif"; color:#1F497D">........................................................................<br>

<b>Service e-government</b><br>

........................................................................</span></p>

<p class="MsoNormal"><span lang="EN-GB" style="font-size:7.5pt; font-family:"Verdana","sans-serif"; color:green">Please consider the environment - do you really need to print this mail?</span></p>

<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<div>

<div style="border:none; border-top:solid #B5C4DF 1.0pt; padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal"><b><span lang="NL" style="font-size:10.0pt; font-family:"Tahoma","sans-serif"">Van:</span></b><span lang="NL" style="font-size:10.0pt; font-family:"Tahoma","sans-serif"">

<a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]

<b>Namens </b>Steve Roylance<br>

<b>Verzonden:</b> dinsdag 20 november 2012 16:12<br>

<b>Aan:</b> <a href="mailto:public@cabforum.org">public@cabforum.org</a>; CABForum Management<br>

<b>Onderwerp:</b> [cabfpub] Ballot 92 - Subject Alternative Names - Deletion of section 9.2.2 - The ballot continues</span></p>

</div>

</div>

<p class="MsoNormal"> </p>

<div>

<div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Dear all.</span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">After consideration of whether the ballot stands or falls based on the additional text proposed for the Common Name section, myself and the endorsers have agreed

 to remove the changes proposed for Section 9.2.2.</span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"">For clarity the

<s><span style="color:red">change</span></s> is shown in the e-mail below and the Wiki has been updated to show the final text <a href="https://www.cabforum.org/wiki/92%20-%20Subject%20Alternative%20Names"><span style="color:black">https://www.cabforum.org/wiki/92%20-%20Subject%20Alternative%20Names</span></a></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Note that balloting rules both past and proposed allow for the deletion of text without having to re-start.</span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">I thank everyone for their comments so far and hope we've struck an accord that will benefit the industry as a whole in the months/years to come.</span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Kind Regards</span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Steve</span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> </span></p>

</div>

</div>

</div>

<div style="border:none; border-top:solid #B5C4DF 1.0pt; padding:3.0pt 0cm 0cm 0cm; border-bottom-color:initial; border-left-color:initial; border-right-color:initial">

<p class="MsoNormal"><b><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">From:

</span></b><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">Steve Roylance <<a href="mailto:steve.roylance@globalsign.com">steve.roylance@globalsign.com</a>><br>

<b>Date: </b>Thursday, 15 November 2012 17:27<br>

<b>To: </b><<a href="mailto:public@cabforum.org">public@cabforum.org</a>>, CABForum Management <<a href="mailto:management@cabforum.org">management@cabforum.org</a>><br>

<b>Subject: </b>Ballot 92 - Subject Alternative Names</span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> </span></p>

</div>

<div>

<div>

<div>

<div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"><a href="https://www.cabforum.org/wiki/92%20-%20Subject%20Alternative%20Names">https://www.cabforum.org/wiki/92%20-%20Subject%20Alternative%20Names</a></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span class="apple-style-span"><span style="font-size:13.5pt; font-family:"Arial","sans-serif"; color:black">Steve Roylance of GlobalSign made the following motion and Yngve Pettersen of Opera and Jeremy Rowley of Digicert have endorsed

 it:</span></span><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"></span></p>

</div>

<div>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">... Motion begins...</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Effective on the 1st July 2013</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">... Erratum begins ...</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">The following sections will be amended in the Baseline Requirements document.</span></p>

<p class="line867"><strong><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">INSERT</span></strong><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> in Section 4. Definitions the following:</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Public IP Address: An IP Address that is not a Reserved IP Address.</span></p>

<p class="line867"><strong><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">REPLACE</span></strong><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> Section 9.2.1 (Subject Alternative Name Extension) with

 the following:</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">9.2.1 Subject Alternative Name Extension</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Certificate Field: extensions:subjectAltName</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Required/Optional: Required</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Contents: This extension MUST contain at least one entry that is either a Fully-Qualified Domain Name or Public IP Address. Each subjectAltName entry MUST either

 be a Domain Name or an IP Address. The CA MUST confirm the Applicant’s control of each dNSName or Public IP Address entry in accordance with Section 11.1.</span></p>

<p class="line867"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">SubjectAltName entries MAY include domain Names containing wildcard characters.</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">If the subjectAltName is:</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">1) a Public IP Address,</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">2) a Registered Domain Name that has a Domain Name Registrant different than (and not an Affiliate of) the Domain Name Registrant of any other Registered Domain

 Name in the subjectAltName extension in the Certificate, or</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">3) a Reserved IP Address or Internal Server Name.</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">then the CA MUST verify the identity of an entity that controls the private key in accordance with Section 11.2 and include the Subject Identity Information in the

 issued Certificate in accordance with 9.2.4. The CA MAY include explanatory information in the Subject Organizational Unit field or a non-subject certificate field to clarify the Subject Identity Information included in the Certificate.</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Prior to issuing a Certificate containing an Internal Server Name or Reserved IP Address, the CA SHALL notify the Applicant that the use of such Certificates has

 been deprecated by the CA / Browser Forum and that the practice will be eliminated by October 2016. As of the Effective Date, the CA SHALL NOT issue a certificate with an Expiry Date later than 1 November 2015 if the subjectAlternativeName contains a Reserved

 IP Address or Internal Server Name. Effective 1 October 2016, CAs SHALL revoke all unexpired Certificates whose subjectAlternativeName extension or Subject commonName field contains a Reserved IP Address or Internal Server Name.</span></p>

<p class="line867"><strong><s><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:red">REPLACE</span></s></strong><s><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:red"> Section 9.2.2 (Subject Common Name Field) with

 the following:</span></s><span style="font-size:9.0pt; font-family:"Arial","sans-serif""></span></p>

<p class="line874"><s><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:red">9.2.2 Subject Common Name Field</span></s><span style="font-size:9.0pt; font-family:"Arial","sans-serif""></span></p>

<p class="line874"><s><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:red">Certificate Field: subject:commonName (OID 2.5.4.3)</span></s><span style="font-size:9.0pt; font-family:"Arial","sans-serif""></span></p>

<p class="line874"><s><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:red">Required/Optional: Deprecated (Discouraged, but not prohibited)</span></s><span style="font-size:9.0pt; font-family:"Arial","sans-serif""></span></p>

<p class="line874"><s><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:red">Contents: If present, this field MUST contain a single Public IP address or single Fully-Qualified Domain Name that is one of the values contained in the Certificate’s

 subjectAltName extension (see Section 9.2.1). Reserved IP Addresses and Internal Server Names are prohibited.</span></s><span style="font-size:9.0pt; font-family:"Arial","sans-serif""></span></p>

<p class="line867"><strong><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">REPLACE</span></strong><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> Section 10.2.3 (Information Requirements) with the following:</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">10.2.3 Information Requirements</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">The certificate request MAY include all factual information about the Applicant to be included in the Certificate, and such additional information as is necessary

 for the CA to obtain from the Applicant in order to comply with these Requirements and the CA’s Certificate Policy and/or Certification Practice Statement. In cases where the certificate request does not contain all the necessary information about the Applicant,

 the CA SHALL obtain the remaining information from the Applicant or, having obtained it from a reliable, independent, third-party data source, confirm it with the Applicant.</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Applicant information MUST include, but not be limited to, at least one Subject Alternative Name as defined in Section 9.2.1.</span></p>

<p class="line867"><strong><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">INSERT</span></strong><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black"> in Section 11.1 (Authorization by Domain Name Registrant)

 the following two new sections:</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">11.1.3 Wildcard Domain Validation</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Before issuing a certificate with a wildcard character (*) in a CN or subjectAltName of type DNS-ID, the CA MUST establish and follow a documented procedure† that

 determines if the wildcard character occurs in the first label position to the left of a “registry-controlled” label or “public suffix” (e.g. “*.com”, “*.<a href="http://co.uk">co.uk</a>”, see RFC 6454 Section 8.2 for further explanation). If a wildcard would

 fall within the label immediately to the left of a registry-controlled† or public suffix, CAs SHALL refuse issuance unless the applicant proves its rightful control of the entire Domain Namespace. (e.g. CAs SHALL NOT issue “*.<a href="http://co.uk">co.uk</a>”,

 but MAY issue “*.<a href="http://example.co.uk">example.co.uk</a>” to Example Ltd.)</span></p>

<p class="line862"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">†Determination of what is “registry-controlled” versus the registerable portion of a Country Code Top-Level Domain Namespace is not standardized at the time of writing

 and is not a property of the DNS itself. Current best practice is to consult a “public suffix list” such as <a href="http://publicsuffix.org/"><span style="color:#0044B3; border:none windowtext 1.0pt; padding:0cm; text-decoration:none">http://publicsuffix.org/</span></a>.

 If the process for making this determination is standardized by an RFC, then such a procedure SHOULD be preferred.</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">... Erratum ends ...</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">The review period for this ballot shall commence at 21:00 UTC on 15 November 2012 and will close at 21:00 UTC on 22 November 2012. Unless the motion is withdrawn

 during the review period, the voting period will start immediately thereafter and will close at 21:00 UTC on 29 November 2012. Votes must be cast by posting an on-list reply to this thread.</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">... Motions ends ...</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">A vote in favor of the motion must indicate a clear 'yes' in the response.</span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted.

 The latest vote received from any representative of a voting member before the close of the voting period will be counted.</span></p>

<p class="line862"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">Voting members are listed here: <a href="http://www.cabforum.org/forum.html"><span style="color:#0044B3; border:none windowtext 1.0pt; padding:0cm; text-decoration:none">http://www.cabforum.org/forum.html</span></a></span></p>

<p class="line874"><span style="font-size:9.0pt; font-family:"Arial","sans-serif"; color:black">In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and one half or more of the votes cast by members in the

 browser category must be in favor. Also, at least six members must participate in the ballot, either by voting in favor, voting against or abstaining.</span></p>

</div>

</div>

</div>

</div>

</div>

</div>

<br>

<hr>

<font face="Arial" color="Gray" size="1"><br>

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid

 voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.<br>

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind

 resulting from the risks inherent in the electronic transmission of messages. .<br>

</font></div>

</blockquote>

<blockquote type="cite">

<div><span>_______________________________________________</span><br>

<span>Management mailing list</span><br>

<span><a href="mailto:Management@cabforum.org">Management@cabforum.org</a></span><br>

<span><a href="https://cabforum.org/mailman/listinfo/management">https://cabforum.org/mailman/listinfo/management</a></span><br>

</div>

</blockquote>

<br>

<hr>

<font face="Arial" color="Gray" size="1"><br>

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information

 contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.<br>

</font>

</body>

</HTML>