<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Opera votes yes.<br>
<br>
Håvard<br>
<br>
<br>
On 4/29/13 8:06 PM, Dean Coclin wrote:<br>
</div>
<blockquote
cite="mid:14D026C7F297AD44AC82578DD818CDD033E8FD1111@TUS1XCHEVSPIN35.SYMC.SYMANTEC.COM"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.emailquote, li.emailquote, div.emailquote
{mso-style-name:emailquote;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:1.0pt;
border:none;
padding:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">All,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Voting
on this ballot has commenced and will close this Friday.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Dean<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a class="moz-txt-link-abbreviated" href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a>
[<a class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Rick
Andrews<br>
<b>Sent:</b> Thursday, April 18, 2013 1:22 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Subject:</b> [cabfpub] Ballot 99: Add support for DSA
keys<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">Rick
Andrews made the following motion, and Adam Langley from
Google and Erwann Abalea from Keynectis endorsed it: <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">...
Motion Begins ... <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">...
Erratum Begins ... <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">In
the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, Appendix A, add to each
of the tables (1) Root CA Certificates, (2) Subordinate CA
Certificates, and (3) Subscriber Certificates a new row
with these three column entries (comma-separated):<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">Minimum
DSA modulus and divisor size (bits) ***, L= 2048, N= 224
or L= 2048, N= 256, L= 2048, N= 224 or L= 2048, N= 256 <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">Following
Table 3, change the first sentence to read (++added
language++):<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">*
SHA-1 MAY be used ++with RSA keys++ until SHA-256 is
supported widely by browsers used by a substantial portion
of relying-parties worldwide. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">After
"** A Root CA Certificate issued...", add: <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">***
L and N (the bit lengths of modulus p and divisor q,
respectively) are described in the Digital Signature
Standard, FIPS 186-3 (<a moz-do-not-send="true"
href="http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf">http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf</a>).
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">To
Section "(4) General requirements for public keys", add: <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">DSA:
Although FIPS 800-57 says that domain parameters may be
made available at some accessible site, compliant DSA
certificates MUST include all domain parameters. This is
to insure maximum interoperability among relying party
software. The CA MUST confirm that the value of the public
key has the unique correct representation and range in the
field, and that the key has the correct order in the
subgroup. [Source: Section 5.3.1, NIST SP 800-89]. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">ECC:
The CA SHOULD confirm the validity of all keys using
either the ECC Full Public Key Validation Routine or the
ECC Partial Public Key Validation Routine. [Source:
Sections 5.6.2.5 and 5.6.2.6, respectively, NIST SP
800-56A]. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">...
Erratum Ends ... <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">PDF
and Word versions of the proposed changes in redline are
posted as attachments to the wiki page (<a
moz-do-not-send="true"
href="https://www.cabforum.org/wiki/99%20-%20Add%20DSA%20Keys">https://www.cabforum.org/wiki/99%20-%20Add%20DSA%20Keys</a>)
and attached to this email for easier reading.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">The
review period for this ballot shall commence at 21:00 UTC
on 19 April 2013 and will close at 21:00 UTC on 26 April
2013. Unless the motion is withdrawn during the review
period, the voting period will start immediately
thereafter and will close at 21:00 UTC on 3 May 2013.
Votes must be cast by posting an on-list reply to this
thread. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">...
Motion ends ... <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">A
vote in favor of the motion must indicate a clear 'yes' in
the response. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">A
vote against must indicate a clear 'no' in the response. A
vote to abstain must indicate a clear 'abstain' in the
response. Unclear responses will not be counted. The
latest vote received from any representative of a voting
member before the close of the voting period will be
counted. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">Voting
members are listed here: <a moz-do-not-send="true"
href="http://www.cabforum.org/forum.html">http://www.cabforum.org/forum.html</a>
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">In
order for the motion to be adopted, two thirds or more of
the votes cast by members in the CA category and one half
or more of the votes cast by members in the browser
category must be in favor. Also, at least six members must
participate in the ballot, either by voting in favor,
voting against or abstaining. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>