<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
DigiCert votes "Yes"<br>
<br>
<div class="moz-cite-prefix">On 10/10/2014 1:49 AM, Adriano Santoni
wrote:<br>
</div>
<blockquote cite="mid:54378F96.1030908@staff.aruba.it" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<font face="Calibri">Actalis votes YES<br>
<br>
</font>
<div class="moz-cite-prefix">Il 02/10/2014 21:31, Ben Wilson ha
scritto:<br>
</div>
<blockquote
cite="mid:f41a31a25f5f42f2b5ba2e3fa5b09836@EX2.corp.digicert.com"
type="cite">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:627395689;
mso-list-template-ids:1534771398;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">Ballot 134 - Application
of RFC 5280 to Precertificates</span></b><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""> <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">Kirk Hall of Trend Micro
made the following motion, and Ben Wilson of Digicert and
Ryan Sleevi from Google have endorsed it. <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">Reason for Ballot</span></b><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""> <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">CAs are implementing
Certificate Transparency (CT) based on RFC 6962, which
contains the concept of pre-certificates. The current
Baseline Requirements require all certificates to comply
with RFC 5280. (See Definition of "Valid Certificate" and
references to RFC 5280 in Appendix B.) For some
implementations, there is a potential dilemma if the
pre-certificate and the production certificate are issued
from the same sub-CA and both have the same Serial Number,
not permitted under RFC 5280. Given that CAs will likely
be implementing CT before potential technical differences
can be worked out, the purpose of this ballot is to allow
CAs to meet CT deadlines without violating the Baseline
Requirements requiring compliance with RFC 5280. <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">-- Motion Begins -- </span></b><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">Effective immediately, the
title to Appendix B of the Baseline Requirements shall be
amended as follows: <o:p></o:p></span></p>
<ul type="disc">
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0
level1 lfo1"> <span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">Appendix B – Certificate
<u>Content and</u> Extensions; <u>Application of RFC
5280</u> (Normative) <o:p></o:p></span></li>
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0
level1 lfo1"> <span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">This appendix specifies <s>the
</s><u>additional requirements</u> for Certificate <u>content
and</u> extensions for Certificates generated after
the Effective Date. <o:p></o:p></span></li>
</ul>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">and a new subsection (5)
will be added as follows: <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><u><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">(5) Application of RFC
5280 <o:p></o:p></span></u></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><u><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">For purposes of
clarification, a Precertificate as described in RFC 6962
– Certificate Transparency shall not be considered to be
a “certificate” subject to the requirements of RFC 5280
- Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) Profile under
these Baseline Requirements. <o:p></o:p></span></u></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">-- Motion Ends -- </span></b><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">The review period for this
ballot shall commence at 2200 UTC on Thursday, 2 October
2014, and will close at 2200 UTC on Thursday, 9 October
2014. Unless the motion is withdrawn during the review
period, the voting period will start immediately
thereafter and will close at 2200 UTC on Thursday, 16
October 2014. Votes must be cast by posting an on-list
reply to this thread. <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">A vote in favor of the
motion must indicate a clear 'yes' in the response. A vote
against must indicate a clear 'no' in the response. A vote
to abstain must indicate a clear 'abstain' in the
response. Unclear responses will not be counted. The
latest vote received from any representative of a voting
member before the close of the voting period will be
counted. Voting members are listed here: <a
moz-do-not-send="true"
href="https://cabforum.org/members/"><span
style="color:blue">https://cabforum.org/members/</span></a>
<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">In order for the motion to
be adopted, two thirds or more of the votes cast by
members in the CA category and greater than 50% of the
votes cast by members in the browser category must be in
favor. Quorum is currently nine (9) members– at least nine
members must participate in the ballot, either by voting
in favor, voting against, or abstaining. <o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<i><span style="font-family: Serif">Adriano Santoni</span></i> </div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>