
<html>

  <head>

    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <br>

    On 01/30/2014 08:50 PM, From Rick Andrews:

    <blockquote

cite="mid:544B0DD62A64C1448B2DA253C011414607C39FBA58@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM"

      type="cite">

      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

      <meta name="Generator" content="Microsoft Exchange Server">

      <!-- converted from rtf -->

      <style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>

      <font face="Calibri, sans-serif" size="2">

        <div><br>

        </div>

        <div> </div>

        <div>“Within 120 days after the delegation from the public DNS

          root for a new gTLD (as indicated by either one of the two

          URLs below), CAs MUST revoke each Certificate containing a

          Domain Name that includes the new gTLD unless the Subscriber

          is either the Domain

          Name Registrant or can demonstrate control over the Domain

          Name.</div>

        <div style="text-indent: 36pt; "><a moz-do-not-send="true"

            href="http://newgtlds.icann.org/en/program-status/delegated-strings"><font

              color="#0000FF"><u>http://newgtlds.icann.org/en/program-status/delegated-strings</u></font></a></div>

        <div style="text-indent: 36pt; "><a moz-do-not-send="true"

            href="https://data.iana.org/TLD/tlds-alpha-by-domain.txt"><font

              color="#0000FF"><u>https://data.iana.org/TLD/tlds-alpha-by-domain.txt</u></font></a>”</div>

        <div> </div>

        <div>I welcome your comments.</div>

      </font></blockquote>

    <br>

    Honestly I believe CAs should immediately refrain from issuing

    anything accept TLDs that have been approved by ICANN and try to

    reduce/replace existing certificates as much as possible. <br>

    <br>

    No matter how you turn it, it's messy and risky for the CAs no

    matter which requirement is cooked up and dangerous for the relying

    parties.<br>

    <br>

    <br>

    <div class="moz-signature">

      <table border="0" cellpadding="0" cellspacing="0">

        <tbody>

          <tr>

            <td colspan="2">Regards </td>

          </tr>

          <tr>

            <td colspan="2"> </td>

          </tr>

          <tr>

            <td>Signer: </td>

            <td>Eddy Nigg, COO/CTO</td>

          </tr>

          <tr>

            <td> </td>

            <td><a href="http://www.startcom.org">StartCom Ltd.</a></td>

          </tr>

          <tr>

            <td>XMPP: </td>

            <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>

          </tr>

          <tr>

            <td>Blog: </td>

            <td><a href="http://blog.startcom.org">Join the Revolution!</a></td>

          </tr>

          <tr>

            <td>Twitter: </td>

            <td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>

          </tr>

          <tr>

            <td colspan="2"> </td>

          </tr>

        </tbody>

      </table>

    </div>

    <br>

  </body>

</html>