<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-2022-jp"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:PMingLiU;
panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"\@MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"\@PMingLiU";
panose-1:2 2 5 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:JA;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:9.0pt;
font-family:"Cambria","serif";
mso-fareast-language:JA;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:JA;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.a
{mso-style-name:"\8A3B\89E3\65B9\584A\6587\5B57 \5B57\5143";
mso-style-priority:99;
mso-style-link:\8A3B\89E3\65B9\584A\6587\5B57;
font-family:"Cambria","serif";}
p.a0, li.a0, div.a0
{mso-style-name:\8A3B\89E3\65B9\584A\6587\5B57;
mso-style-link:"\8A3B\89E3\65B9\584A\6587\5B57 \5B57\5143";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:JA;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle27
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle28
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle29
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple style='text-justify-trim:punctuation'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>Hi Rich,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'> I think that’s a good step in the right direction, but I was thinking that perhaps we have to make it slightly clearer that if there is a locality name then it must appear in the subject; if there is a state or province name then it too has to appear in the subject.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>To be fair, it may be that as I have stated it above goes too far. It is always complicated trying to formalize that which has been previously left to the CA’s common sense and good practice. We still rely on the CA’s good intentions as well as their good practice.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>The important question is why we put the address in the subject at all. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>I think that we don’t put the address in the certificate subject so that a relying party could copy the address from the certificate and write it on an envelope to post a letter to the subject organization, but rather we add the address information in an effort to more precisely identify the subject by trying to remove any ambiguity which might allow, or lead to, confusion over the identity of the subject.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>I suspect that, in the general case, these two concepts (of completely accurate postal addressing and disambiguation of the subject) have us arrive at the same point. Certainly, considering cases where a partial address seems attractive, I think we are in danger of relying on either local knowledge which may not be shared with a relying party or ignorance of local factors which may be unknown to the CA.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>E.g.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>China World Hotel<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>Beijing<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>China<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>Sounds like a plausible subject for a certificate, but it is only doing its job of disambiguation if there is exactly one ‘China World Hotel’ in Beijing. Furthermore it is only doing its job as a subject if the Registration Authority has taken steps to verify that there is exactly one ‘China World Hotel’ in Beijing. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>Should the RA also verify that there are no plans to open a second one? I think not. Instead, providing a complete and accurate address for the hotel remove any possible ambiguity that pre-exists or which may later arise.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'> China World Hotel<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'> No 1 Jianguomenwai Avenue<br> Beijing<br> 100004<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'> China<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'>Robin<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><a name="_MailEndCompose"><span style='font-size:11.0pt;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></a></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt'>From:</span></b><span lang=EN-US style='font-size:11.0pt'> Rich Smith [mailto:richard.smith@comodo.com] <br><b>Sent:</b> 16 September 2014 03:02<br><b>To:</b> 'Robin Alden'; 'Dean Coclin'; '</span><span lang=JA style='font-size:11.0pt;font-family:"MS PGothic","sans-serif"'>陳立群</span><span lang=EN-US style='font-size:11.0pt'>'; public@cabforum.org<br><b>Subject:</b> RE: [cabfpub] FW: [cabfquest] CP Working Group Participation<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'>How about adding the following as a clarification in Section 9.2.4 of the BRs:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'>"Taking into account the optional nature of the Locality and State/Province fields, as specified in Section 9.2.4 (c) and (d) respectively and taking into account the possible use of the user-assigned country code XX as specified in Section 9.2.5, IF the certificate Subject Organization field is populated THEN Locality, State/Province and Country fields MUST also be populated in accordance with the standard postal address conventions within the Applicant's jurisdiction."<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'>I think that still keeps the fields as optional when it is indeed correct to do so, but makes it clear that any and all of those fields which are included the official address of the Applicant MUST be included in the certificate.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'>Regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'>Rich<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span><a href="mailto:public-bounces@cabforum.org"><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>public-bounces@cabforum.org</span></a><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> [</span><a href="mailto:public-bounces@cabforum.org"><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>mailto:public-bounces@cabforum.org</span></a><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>] <b>On Behalf Of </b>Robin Alden<br><b>Sent:</b> Monday, September 15, 2014 1:05 PM<br><b>To:</b> 'Dean Coclin'; '</span><span lang=JA style='font-size:10.0pt;font-family:"MS PGothic","sans-serif"'>陳立群</span><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>'; </span><a href="mailto:public@cabforum.org"><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>public@cabforum.org</span></a><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br><b>Subject:</b> Re: [cabfpub] FW: [cabfquest] CP Working Group Participation<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>Hi Dean, Li Chun, <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'> I shall be there for the meeting, and wrote this while travelling.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>It seems to me that although Li Chun has pointed out a valid issue on pages 2 through 6 – that some countries are not separated into states or provinces – I think the suggested modification of the BRs to allow the omission of BOTH localityName and stateOrProvinceName from the subject of a certificate that includes an organizationName in the subject (aka an OV certificate) permits a general reduction in the degree of detail in the subject of an OV certificate which is undesirable.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>The current wording of the BRs and draft Code-signing requirements is already intended to deal with this situation where a stateOrProvinceName is not always available.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>The localityName field is usually used to hold the name of the village, town, or city in which the subject entity resides.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>Two things strike me from this suggested modification:<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt'><span style='font-size:11.0pt;color:#1F497D'>1)</span><span style='font-size:7.0pt;font-family:"Times New Roman","serif";color:#1F497D'> </span><span style='font-size:11.0pt;color:#1F497D'>That some of the countries in the list on page 2 of the PowerPoint document definitely have place names (village/town/city) which fit well into the localityName field; and<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt'><span style='font-size:11.0pt;color:#1F497D'>2)</span><span style='font-size:7.0pt;font-family:"Times New Roman","serif";color:#1F497D'> </span><span style='font-size:11.0pt;color:#1F497D'>That if there are a subset of the countries on page 2 which do not have any internal postal address structure beyond the street address and country code then those countries should be specifically enumerated in the BRs so that we do not unintentionally permit addresses which are more ambiguous than they need to be.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>Another possible means to achieve the desirable aspects of this change might be, in addition to the wording proposed in the slides, to introduce an obligation on the CA to include in an OV certificate the detail (e.g. to include the localityName) where it exists. This would be something that an auditor could test for.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>If I haven’t already made it clear, my concern is that if the BRs were amended as suggested on slides 2 through 6, a CA could issue a certificate with a subject of:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>O=Smith’s Builders<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>Street=125 Main Street<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>C=US<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'> And claim BR compliance while using a partial address which in many cases would not adequately identify the subject.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>although I have to admit that the BR’s today permit:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>O=Smith’s Builders<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>Street=125 Main Street<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>L=Springfield<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>C=US<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>which isn’t much better because the STATE is omitted where it should always be present for US addresses.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>Robin<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt'>From:</span></b><span lang=EN-US style='font-size:11.0pt'> </span><a href="mailto:public-bounces@cabforum.org"><span lang=EN-US style='font-size:11.0pt'>public-bounces@cabforum.org</span></a><span lang=EN-US style='font-size:11.0pt'> [</span><a href="mailto:public-bounces@cabforum.org"><span lang=EN-US style='font-size:11.0pt'>mailto:public-bounces@cabforum.org</span></a><span lang=EN-US style='font-size:11.0pt'>] <b>On Behalf Of </b>Dean Coclin<br><b>Sent:</b> 14 September 2014 21:09<br><b>To:</b> </span><a href="mailto:public@cabforum.org"><span lang=EN-US style='font-size:11.0pt'>public@cabforum.org</span></a><span lang=EN-US style='font-size:11.0pt'><br><b>Subject:</b> [cabfpub] FW: [cabfquest] CP Working Group Participation<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'>Reposting this to the public list (from member Chungwa Telecom). For discussion at the meeting this week. If anyone who is not attending has comments, please chime in.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'>Thanks,<br>Dean<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span><span lang=ZH-TW style='font-size:10.0pt;font-family:"PMingLiU","serif";mso-fareast-language:ZH-TW'>陳立群</span><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <br><b>Sent:</b> Sunday, September 14, 2014 8:37 PM<br><b>To:</b> </span><a href="mailto:ben.wilson@digicert.com"><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>ben.wilson@digicert.com</span></a><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>; Dean Coclin<br><b>Cc:</b> </span><span lang=ZH-TW style='font-size:10.0pt;font-family:"PMingLiU","serif";mso-fareast-language:ZH-TW'>王瘢雹文正</span><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>; </span><a href="mailto:realsky@cht.com.tw"><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>realsky@cht.com.tw</span></a><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>; </span><a href="mailto:wgh@wosign.com"><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>wgh@wosign.com</span></a><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br><b>Subject:</b> FW: [cabfquest] CP Working Group Participation<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:blue'>Dear Ben,Dean and Richard <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:blue'> Attached file is about correcting of documents of CA/Browser Forum. Please arrange to discuss it.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:blue'> I am looking forward to see you soon in Beijing. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:blue'>Sincerely Yours,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:blue'> Li-Chun CHEN<o:p></o:p></span></p><p class=MsoNormal style='text-indent:78.0pt'><span lang=EN-US style='color:blue'>Engineer<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"PMingLiU","serif"'><o:p> </o:p></span></p></div></div></body></html>