<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">please can someone help me to
understand why you call the EV CS program **closed**?<br>
<br>
Thanks,<br>
M.D. <br>
<br>
On 4/3/2014 11:38 PM, Jeremy Rowley wrote:<br>
</div>
<blockquote cite="mid:021101cf4f7c$be527e10$3af77a30$@digicert.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Again, I
strongly disagree. Implementers are free to adopt the
standards produced as they see fit. For example, Mozilla
chose to implement different standards than the Forum’s
audit requirements. That’s great. I’m just happy they are
using the standard. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Work in the
forum is on an entirely a voluntary basis. If Comodo feels
that the Forum’s code signing work is unproductive, a better
approach would be to simply stop following the working group
rather than trying to eliminate the entire project. The
attendance on the working group calls indicates that many
CAs find that these guidelines have significant potential
to improve the security of the Internet as a whole.<o:p></o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
name="_MailEndCompose"><span style="color:#1F497D"><o:p> </o:p></span></a></p>
<p class="MsoNormal"><span style="color:#1F497D">Jeremy<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a class="moz-txt-link-abbreviated" href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a>
[<a class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Rich
Smith<br>
<b>Sent:</b> Thursday, April 3, 2014 2:10 PM<br>
<b>To:</b> 'Jeremy Rowley'; 'Robin Alden'<br>
<b>Cc:</b> 'CABFPub'<br>
<b>Subject:</b> Re: [cabfpub] Baseline Requirements as
part of browers programs<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">It's not any
kind of success to those who contributed substantial time
and resources to a work product that was only ever created
in the first place at the request of that single adopter,
only to have that single adopter take the resulting work
product and create a closed program which only allows a very
small minority of those who gave their time and effort to
benefit from it.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">For one in that
minority, I guess it's a resounding success, for the rest it
was and continues to be a complete waste of time and
resources, and a distraction from matters this Forum SHOULD
be engaged in which benefit the entire ecosystem.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Down the road
should there either be additional adopters of the
specification, or should the single adopter choose to open
their program, then it may be in this Forum's wider interest
to engage in further activity to revise and improve the
specification. At present, it is not, and it is IMO in
contravention of the Forum bylaws to continue ongoing work
unless and until one of the above conditions is met.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Don't get me
wrong, if a vendor wants to run a closed program, that is
their prerogative, but it is not the Forum's job, nor in the
interests of the Forum to do the work to design it for them
without some benefit to the wider Forum.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Rich<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in
0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a>
[<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Jeremy Rowley<br>
<b>Sent:</b> Thursday, April 03, 2014 3:37 PM<br>
<b>To:</b> 'Robin Alden'<br>
<b>Cc:</b> 'CABFPub'<br>
<b>Subject:</b> Re: [cabfpub] Baseline Requirements as
part of browers programs<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks
Robin. I missed that. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Still, my
underlying point remains the same – a single adopter in a
space where there are only 3-4 major players is a huge
success. The fact that Microsoft is using the CAB Forum’s
EV Guidelines, and choosing to improve them through that
same venue, is a huge success and a tribute to the Forum’s
ability to product relevant and quality work product. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Jeremy<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Robin Alden [<a moz-do-not-send="true"
href="mailto:robin@comodo.com">mailto:robin@comodo.com</a>]
<br>
<b>Sent:</b> Thursday, April 3, 2014 11:07 AM<br>
<b>To:</b> Jeremy Rowley<br>
<b>Cc:</b> CABFPub<br>
<b>Subject:</b> Baseline Requirements as part of
browers programs<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-GB">Hi Jeremy,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> You
mentioned on today’s call that you thought only Mozilla
had adopted the BRs as part of their CA program.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">After refreshing my
memory, I believe Microsoft also require compliance with
the BRs – at least for CAs following the WebTrust audit
route.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><a
moz-do-not-send="true"
href="http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx">http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Search for “Qualified
Audit Regime”.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">They are also
replacing the current standard for government CAs with a
BR audit equivalency standard. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">There are a number of
other references to the BRs on that page, too.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Robin<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Robin Alden M.Sc.
FRI MIET<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">CTO -- Comodo<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Invent ² Secure<o:p></o:p></span></p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>