<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.Default, li.Default, div.Default
{mso-style-name:Default;
margin:0in;
margin-bottom:.0001pt;
text-autospace:none;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line862, li.line862, div.line862
{mso-style-name:line862;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle27
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Part of the problem Don and I are trying to address is when a change to BRs, etc. actually becomes “legally” effective as to all CAs. The BRs had an effective date of 7/1/2012, but not all CAs implemented the
changes as of that date, and no CA was expected by any browser to follow the BRs until Mozilla imposed an audit effective date of mid-February, 2013.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">The other problem we are addressing is trying to sync up when WebTrust and ETSI begin auditing for a given requirement – right now, the dates are totally disparate.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Do you see any disadvantage to trying to create a cycle for incorporation of BR and EVGL changes into the WebTrust and ETSI standards? I can’t think of any.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org]
<b>On Behalf Of </b>Steve Roylance<br>
<b>Sent:</b> Friday, July 26, 2013 9:57 AM<br>
<b>To:</b> public@cabforum.org<br>
<b>Subject:</b> Re: [cabfpub] Ballot 107 - removing version numbers to WebTrust and ETSI standards from CABF Guidelines<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black">Hi all<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black">On the back of Kirk's 2nd point and apologies if this was covered in a face to face meeting discussion, but what happens when any requirement (from anywhere, root
program, BR, EV, market pressure) becomes necessary for a CA to implement? I would guess that CAs incorporates it into their internal policies and where appropriate external policy (CP or CPS)., So in actual fact, does it really matter when audit guidelines
are published to auditors? I would have thought this true for inclusions as well as exclusions to processes as the job of the auditor is to access your policy/process in conjunction with their guidelines but also based on your published documents, therefore
if there is a difference and you have valid reasons to be different then you should still pass. i.e. all interactions are not linked to any particular time frame other than the timeframe of the audit.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black">Thanks for any enlightenment on a Friday afternoon as to why we are concerned with this level of alignment..<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black">Steve<o:p></o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:black">From: </span></b><span style="color:black">"<a href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a>" <<a href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a>><br>
<b>Date: </b>Friday, 26 July 2013 17:32<br>
<b>To: </b>Mads Egil Henriksveen <<a href="mailto:Mads.Henriksveen@buypass.no">Mads.Henriksveen@buypass.no</a>>, "<a href="mailto:public@cabforum.org">public@cabforum.org</a>" <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br>
<b>Subject: </b>Re: [cabfpub] Ballot 107 - removing version numbers to WebTrust and ETSI standards from CABF Guidelines<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="color:black">Mads, if you need another endorser for Ballot 107, Trend Micro will endorse.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Don Sheehy and I will also be working on a “calendar cycle” proposal to present to the Forum that will guide us in how we incorporate changes to the BRs , EVGL, etc. into WebTrust and ETSI audit requirements on
a regular basis. We hope to present that to the Forum for discussion in August.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Kirk<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">
<a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Mads Egil Henriksveen<br>
<b>Sent:</b> Wednesday, July 24, 2013 1:32 AM<br>
<b>To:</b> <a href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Subject:</b> [cabfpub] Ballot 107 - removing version numbers to WebTrust and ETSI standards from CABF Guidelines</span><span style="color:black"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Hi<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">During our discussion on coordinating audit and standards cycle in Munich, I suggested to remove the version numbers in CABF Guidelines to specific WebTrust and ETSI version numbers as this creates a circularand
inconsistent result. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">This ballot removes the version numbers from EV Guidelines and the Baseline Requirements (BR).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">I have included some additional changes which I consider reasonable; The ETSI TS 102 042 comprises seven different set of policy requirements for different types of certificates, both SSL and non-SSL certificates.
I have included the specific CPs for SSL certificates explicitly in the references to TS 102 042 where this is relevant. The following CPs are referenced; Domain Validation (DVCP), Organizational Validation (OVCP), Extended Validation (EVCP) and enhanced Extended
Validation (EVCP+). <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">I have also deleted some links to explicit documents on the web. Such document links might change, and the interested reader will find the document anyway.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">I am also looking for a second endorser for this motion.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Find redlined versions of relevant sections from EV Guidelines and Baseline Requirements attached.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Regards<br>
Mads<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="color:black">Ballot 107 – Removing version numbers to WebTrust and ETSI standards from CABF Guidelines (EVG and BR)</span></b><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Mads Henriksveen made the following motion, and Ben Wilson from DigiCert and _______ from _______ endorsed it:
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="color:black">Motion Begins </span></b><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="color:black">Baseline Requirements (BR)</span></i><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><u><span style="color:black">Document History</span></u><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="color:black">Implementers’ Note: </span></b><span style="color:black">Version 1.1 of these SSL Baseline Requirements was published on September 14, 2012. Version 1.1 of WebTrust’s SSL Baseline Audit Criteria and ETSI Technical
Standard Electronic Signatures and Infrastructures (ESI) 102 042 version 2.3.1 incorporate version 1.1 of these Baseline Requirements
</span><s><span style="color:blue">and are currently in effect. <i>See </i><a href="http://www.webtrust.org/homepage-documents/item27839.aspx">http://www.webtrust.org/homepage-documents/item27839.aspx</a><i>and also
</i><a href="http://www.etsi.org/deliver/etsi_ts/102000_102099/102042/02.03.01_60/ts_102042v020301p.pdf">http://www.etsi.org/deliver/etsi_ts/102000_102099/102042/02.03.01_60/ts_102042v020301p.pdf</a></span></s><span style="color:blue">.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><u><span style="color:black">Section 3. References</span></u><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">ETSI Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - General Requirements and Guidance</span><s><span style="color:blue">, available at:
<a href="http://www.etsi.org/deliver/etsi_ts/119400_119499/119403/01.01.01_60/ts_119403v010101p.pdf">
http://www.etsi.org/deliver/etsi_ts/119400_119499/119403/01.01.01_60/ts_119403v010101p.pdf</a></span></s><span style="color:blue">.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:blue"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">ETSI TS 102 042 </span><s><span style="color:blue">V2.1.1,</span></s><span style="color:black">Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing public key
certificates.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">WebTrust </span><span style="color:blue">Program
</span><span style="color:black">for Certification Authorities </span><s><span style="color:blue">Version 2.0, available at
<a href="http://www.webtrust.org/homepage-documents/item27839.aspx">http://www.webtrust.org/homepage-documents/item27839.aspx</a>.</span></s><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:blue"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><u><span style="color:black">Section 17.1 Eligible Audit Schemes</span></u><span style="color:black"><o:p></o:p></span></p>
<p class="Default"><span style="font-size:10.0pt"> </span><o:p></o:p></p>
<p class="Default"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">The CA SHALL undergo an audit in accordance with one of the following schemes:
</span><o:p></o:p></p>
<p class="Default"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">1. WebTrust
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:blue">Program
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">for Certification Authorities
</span><s><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:blue">v2.0</span></s><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:blue"> audit</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">;
</span><o:p></o:p></p>
<p class="Default"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">2.
</span><s><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:blue">A national scheme that audits conformance to</span></s><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">ETSI TS 102 042
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:blue">audit including DVCP, OVCP, EVCP or EVCP+</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">;
</span><o:p></o:p></p>
<p class="Default"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">3. A scheme that audits conformance to ISO 21188:2006; or
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black">4. If a Government CA is required by its Certificate Policy to use a different internal audit scheme, it MAY use such scheme provided that the audit either (a) encompasses all requirements<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="color:black">EV Guidelines(EVG)</span></i><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="color:black"> </span></i><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><u><span style="color:black">Section 8.2.1 Implementation</span></u><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">(B) Implement the requirements of (i) the then-current WebTrust Program for CAs, and
</span><s><span style="color:red">(ii) </span></s><span style="color:black">the then-current WebTrust EV Program or
</span><span style="color:red">(ii) the then-current </span><span style="color:black">ETSI TS 102 042
</span><span style="color:red">EV Certificate Policies (EVCP or EVCP+) <s>V2.1.1</s></span><span style="color:black">; and<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><u><span style="color:black">Section 8.2.2 Disclosure</span></u><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Each CA MUST publicly disclose their EV Policies through an appropriate and readily accessible online means that is available on a 24x7 basis. The CA is also REQUIRED to publicly disclose its CA business practices
as required by both WebTrust for CAs and ETSI TS 102 042 </span><s><span style="color:red">V2.1.1</span></s><span style="color:black">. The disclosures MUST be structured in accordance with either RFC 2527 or RFC 3647.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><u><span style="color:black">Section 17.1 Eligible Audit Schemes</span></u><span style="color:black"><o:p></o:p></span></p>
<p class="Default"><span style="font-size:10.0pt"> </span><o:p></o:p></p>
<p class="Default"><span style="font-size:11.0pt">A CA issuing EV Certificates SHALL undergo an audit in accordance with one of the following schemes:
</span><o:p></o:p></p>
<p class="Default"><span style="font-size:11.0pt">(i) WebTrust Program for C</span><span style="font-size:11.0pt;color:red">ertification
</span><span style="font-size:11.0pt">A</span><span style="font-size:11.0pt;color:red">uthorite</span><span style="font-size:11.0pt">s audit and WebTrust EV Program audit, or
</span><o:p></o:p></p>
<p class="Default"><span style="font-size:11.0pt">(ii) ETSI TS 102 042 </span><s><span style="font-size:11.0pt;color:red">v2.1.1
</span></s><span style="font-size:11.0pt">audit </span><span style="font-size:11.0pt;color:red">including EVCP or EVCP+</span><span style="font-size:11.0pt">.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><u><span style="color:black">Section 17.4 Pre-Issuance Readiness Audit</span></u><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="Default"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">(2) If the CA has a currently valid ETSI 102 042 audit, then, before issuing EV Certificates, the CA and its Root CA MUST successfully complete a point-in-time readiness assessment
audit against ETSI TS 102 042 </span><s><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">V2.1.1</span></s><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"> EVCP or EVCP+</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black">(3) If the CA does not have a currently valid WebTrust Seal of Assurance for CAs or an ETSI 102 042 audit, then, before issuing EV Certificates, the CA and its Root CA MUST successfully complete either: (i) a point-in-time
readiness assessment audit against the WebTrust for CA Program, or (ii) a point-in-time readiness assessment audit against the WebTrust EV Program, or an ETSI TS 102 042
</span><s><span style="color:red">V2.1.1.</span></s><span style="color:red"> </span>
<span style="color:black">audit </span><span style="color:red">including EVCP or EVCP+</span><span style="color:black">.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="line874" style="background:white"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">The review period for this ballot shall commence on July 24th, 2013 and will close on July 31, 2013. Unless the motion is withdrawn during
the review period, the voting period will start immediately thereafter and will close at August 7th, 2013. Votes must be cast by posting an on-list reply to this thread</span><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black">.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="color:black">Motion Ends</span></b><span style="color:black"><o:p></o:p></span></p>
<p class="line862" style="background:white"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote
to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: </span><span lang="NO-BOK" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black"><a href="http://www.cabforum.org/forum.html"><span lang="EN-US" style="border:none windowtext 1.0pt;padding:0in">http://www.cabforum.org/forum.html</span></a></span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black"> In
order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and one half or more of the votes cast by members in the browser category must be in favor. Also, at least seven members must participate in the ballot,
either by voting in favor, voting against, or abstaining.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
</div>
</div>
<table class="MsoNormalTable" border="0" cellpadding="0">
<tbody>
<tr>
<td style="background:white;padding:.75pt .75pt .75pt .75pt">
<table class="MsoNormalTable" border="0" cellpadding="0">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<pre>TREND MICRO EMAIL NOTICE<o:p></o:p></pre>
<pre>The information contained in this email and any attachments is confidential<o:p></o:p></pre>
<pre>and may be subject to copyright or other intellectual property protection.<o:p></o:p></pre>
<pre>If you are not the intended recipient, you are not authorized to use or<o:p></o:p></pre>
<pre>disclose this information, and we request that you notify us by reply mail or<o:p></o:p></pre>
<pre>telephone and delete the original message from your mail system.<o:p></o:p></pre>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:black">_______________________________________________ Public mailing list
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a> <a href="https://cabforum.org/mailman/listinfo/public">
https://cabforum.org/mailman/listinfo/public</a> <o:p></o:p></span></p>
</div>
</body>
</html>
<table><tr><td bgcolor=#ffffff><font color=#000000><pre><table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table></pre></font></td></tr></table>