<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.line862, li.line862, div.line862
{mso-style-name:line862;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line867, li.line867, div.line867
{mso-style-name:line867;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.u1
{mso-style-name:u1;
text-decoration:underline;}
span.strike1
{mso-style-name:strike1;
text-decoration:line-through;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Trend Micro votes yes.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org]
<b>On Behalf Of </b>Ben Wilson<br>
<b>Sent:</b> Friday, July 26, 2013 4:29 PM<br>
<b>To:</b> public@cabforum.org<br>
<b>Subject:</b> [cabfpub] Ballot 107 - Removing version numbers to WebTrust and ETSI standards from CABF Guidelines (EVG and BR)<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Ballot 107 – Removing version numbers to
<span style="border:none windowtext 1.0pt;padding:0in">WebTrust</span> and ETSI standards from CABF Guidelines (EVG and BR)
<o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Mads Henriksveen made the following motion, and iņigo Barreira from Izenpe, and Kirk Hall from Trend Micro endorsed it:
<o:p></o:p></span></p>
<p class="line867"><strong><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Motion Begins</span></strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
<p class="line867"><em><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">EFFECTIVE IMMEDIATELY, in order to remove unnecessary specificity in the Baseline Requirements (BRs), we propose that the following edits be made
to the BRs: </span></em><em><span lang="EN" style="color:black"><o:p></o:p></span></em></p>
<p class="line867"><em><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;font-style:normal">In Document History, DELETE</span></em><em><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">:
“</span></em><span class="strike1"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;text-decoration:none"><span style="text-decoration:none">and are currently in effect. See
</span></span></span><span class="strike1"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;border:none windowtext 1.0pt;padding:0in;text-decoration:none"><a href="http://www.webtrust.org/homepage-documents/item27839.aspx"><span style="text-decoration:none underline"><span style="text-decoration:none underline">http://www.webtrust.org/homepage-documents/item27839.aspx</span></span></a></span></span><span class="strike1"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;text-decoration:none"><span style="text-decoration:none">
and also </span></span></span><span class="strike1"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;border:none windowtext 1.0pt;padding:0in;text-decoration:none"><a href="http://www.etsi.org/deliver/etsi_ts/102000_102099/102042/02.03.01_60/ts_102042v020301p.pdf"><span style="text-decoration:none underline"><span style="text-decoration:none underline">http://www.etsi.org/deliver/etsi_ts/102000_102099/102042/02.03.01_60/ts_102042v020301p.pdf</span></span></a></span></span><span class="strike1"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;border:none windowtext 1.0pt;padding:0in;text-decoration:none"><span style="text-decoration:none">”
as follows:</span></span></span><o:p></o:p></p>
<p class="line867"><span class="u1"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Document History</span></span><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">
<o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Implementers’ Note: Version 1.1 of these SSL Baseline Requirements was published on September 14, 2012. Version 1.1 of
<span style="border:none windowtext 1.0pt;padding:0in">WebTrust</span>’s SSL Baseline Audit Criteria and ETSI Technical Standard Electronic Signatures and Infrastructures (ESI) 102 042 version 2.3.1 incorporate version 1.1 of these Baseline Requirements
<span class="strike1">and are currently in effect. See <span style="border:none windowtext 1.0pt;padding:0in">
<a href="http://www.webtrust.org/homepage-documents/item27839.aspx"><span style="text-decoration:none underline"><span style="text-decoration:none underline">http://www.webtrust.org/homepage-documents/ite<span style="text-decoration:none underline">m27839.aspx</span></span></span></a></span>
and also <span style="border:none windowtext 1.0pt;padding:0in"><a href="http://www.etsi.org/deliver/etsi_ts/102000_102099/102042/02.03.01_60/ts_102042v020301p.pdf"><span style="text-decoration:none underline"><span style="text-decoration:none underline">http://www.etsi.org/deliver/etsi_ts/102000_102099/102042/02.03.01_60/ts_102042v020301p.pdf</span></span></a></span></span>.
<o:p></o:p></span></p>
<p class="line867"><span class="u1"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Section 3. References</span></span><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">
<o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">In Section 3 References,
<o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">INSERT “119 403,” in between “ETSI TS” and “Electronic Signatures and Infrastructures” and
<o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">DELETE “available at:
<a href="http://www.etsi.org/deliver/etsi_ts/119400_119499/119403/01.01.01_60/ts_119403v010101p.pdf">
http://www.etsi.org/deliver/etsi_ts/119400_119499/119403/01.01.01_60/ts_119403v010101p.pdf</a>” as follows:<o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">ETSI TS
<u>119 403</u>, Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - General Requirements and Guidance
<span class="strike1">available at: <span style="border:none windowtext 1.0pt;padding:0in">
<a href="http://www.etsi.org/deliver/etsi_ts/119400_119499/119403/01.01.01_60/ts_119403v010101p.pdf"><span style="text-decoration:none underline"><span style="text-decoration:none underline">http://www.etsi.org/deliver/etsi_ts/119400_119499/119403/01.01.01_60/ts_119403v010101p.pdf</span></span></a></span>
</span><o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">DELETE “V2.1.1” as follows:<o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">ETSI TS 102 042
<span class="strike1">V2.1.1</span>, Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing public key certificates.
<o:p></o:p></span></p>
<p class="line867"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;border:none windowtext 1.0pt;padding:0in">DELETE “Version 2.0, available at
<a href="http://www.webtrust.org/homepage-documents/item27839.aspx">http://www.webtrust.org/homepage-documents/item27839.aspx</a>”
</span><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">as follows:<span style="border:none windowtext 1.0pt;padding:0in"><o:p></o:p></span></span></p>
<p class="line867"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;border:none windowtext 1.0pt;padding:0in">WebTrust</span><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"> Program
for Certification Authorities <span class="strike1">Version 2.0, available at <span style="border:none windowtext 1.0pt;padding:0in">
<a href="http://www.webtrust.org/homepage-documents/item27839.aspx"><span style="text-decoration:none underline"><span style="text-decoration:none underline">http://www.webtrust.org/homepage-documents/item27839.aspx</span></span></a></span>.
</span><o:p></o:p></span></p>
<p class="line867"><span class="u1"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;text-decoration:none">In Section 17.1 Eligible Audit Schemes,
</span></span><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"> DELETE “v.2.0” and in subsection 2. DELETE “A national scheme that audits conformance to” as follows:<o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">The CA SHALL undergo an audit in accordance with one of the following schemes:
<br>
1. <span style="border:none windowtext 1.0pt;padding:0in">WebTrust</span> Program for Certification Authorities
<span class="strike1">v2.0 </span>audit; <br>
2. <span class="strike1">A national scheme that audits conformance to</span> ETSI TS 102 042 audit including DVCP, OVCP, EVCP or EVCP+;
<br>
3. A scheme that audits conformance to ISO 21188:2006; or <br>
4. If a Government CA is required by its Certificate Policy to use a different internal audit scheme, it MAY use such scheme provided that the audit either (a) encompasses all requirements.
<o:p></o:p></span></p>
<p class="line867"><em><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">AND EFFECTIVE IMMEDIATELY, in order to remove unnecessary specificity in the EV Guidelines (EVGs)</span></em><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">
<em><span style="font-family:"Calibri","sans-serif"">we propose that the following edits be made to the EVGs:
</span></em></span><em><o:p></o:p></em></p>
<p class="line867"><span class="u1"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;text-decoration:none">In Section 8.2.1 Implementation, DELETE “(ii)” and “V2.1.1”
</span></span><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">as follows<span class="u1"><span style="text-decoration:none">:</span></span>
</span><o:p></o:p></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">(B) Implement the requirements of (i) the then-current
<span style="border:none windowtext 1.0pt;padding:0in">WebTrust</span> Program for CAs, and
<span class="strike1">(ii) </span>the then-current <span style="border:none windowtext 1.0pt;padding:0in">
WebTrust</span> EV Program or (ii) the then-current ETSI TS 102 042 EV Certificate Policies (EVCP or EVCP+)
<span class="strike1">V2.1.1</span>; and <o:p></o:p></span></p>
<p class="line867"><span class="u1"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;text-decoration:none">In Section 8.2.2 Disclosure, DELETE “V.2.1.1”
</span></span><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">as follows<span class="u1"><span style="text-decoration:none">:</span></span>
<o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Each CA MUST publicly disclose their EV Policies through an appropriate and readily accessible online means that is available on a 24x7 basis. The CA
is also REQUIRED to publicly disclose its CA business practices as required by both
<span style="border:none windowtext 1.0pt;padding:0in">WebTrust</span> for CAs and ETSI TS 102 042<span class="strike1"> V2.1.1</span>. The disclosures MUST be structured in accordance with either RFC 2527 or RFC 3647.
<o:p></o:p></span></p>
<p class="line867"><span class="u1"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black;text-decoration:none">In Section 17.1 Eligible Audit Schemes,</span></span><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">
<span class="u1"><span style="text-decoration:none">DELETE “V.2.1.1” </span></span>as follows<span class="u1"><span style="text-decoration:none">:</span></span>
<o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">A CA issuing EV Certificates SHALL undergo an audit in accordance with one of the following schemes:
<br>
(i) <span style="border:none windowtext 1.0pt;padding:0in">WebTrust</span> Program for Certification Authorities audit and
<span style="border:none windowtext 1.0pt;padding:0in">WebTrust</span> EV Program audit, or
<br>
(ii) ETSI TS 102 042 <span class="strike1">v2.1.1</span> audit including EVCP or EVCP+.
<o:p></o:p></span></p>
<p class="line874"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">In subsection (2) of Section 17.4 Pre-Issuance Readiness Audit,
<span class="u1"><span style="text-decoration:none">DELETE “V.2.1.1” </span></span>as follows<span class="u1"><span style="text-decoration:none">:</span></span><o:p></o:p></span></p>
<p class="line862"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">(2) If the CA has a currently valid ETSI 102 042 audit, then, before issuing EV Certificates, the CA and its Root CA MUST successfully complete a point-in-time
readiness assessment audit against ETSI TS 102 042 <span class="strike1">V2.1.1</span> EVCP or EVCP+. (3) If the CA does not have a currently valid
<span style="border:none windowtext 1.0pt;padding:0in">WebTrust</span> Seal of Assurance for CAs or an ETSI 102 042 audit, then, before issuing EV Certificates, the CA and its Root CA MUST successfully complete either: (i) a point-in-time readiness assessment
audit against the <span style="border:none windowtext 1.0pt;padding:0in">WebTrust</span> for CA Program, or (ii) a point-in-time readiness assessment audit against the
<span style="border:none windowtext 1.0pt;padding:0in">WebTrust</span> EV Program, or an ETSI TS 102 042
<span class="strike1">V2.1.1.</span> audit including EVCP or EVCP+. <o:p></o:p></span></p>
<p class="line874"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">The review period for this ballot shall commence at 2200 UTC on July 26th, 2013 and will close at 2200 UTC on August 2nd, 2013. Unless the motion is withdrawn
during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on August 9th, 2013. Votes must be cast by posting an on-list reply to this thread.
<o:p></o:p></span></p>
<p class="line867"><strong><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Motion Ends</span></strong><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">
<o:p></o:p></span></p>
<p class="MsoNormal">A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted.
The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here:
<a href="http://www.cabforum.org/forum.html">http://www.cabforum.org/forum.html</a>
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and one half or more of the votes cast by members in the browser category must be in favor. Also, at least seven members must participate
in the ballot, either by voting in favor, voting against, or abstaining.<o:p></o:p></p>
</div>
</body>
</html>
<table><tr><td bgcolor=#ffffff><font color=#000000><pre><table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table></pre></font></td></tr></table>