<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1255">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
p.emailquote, li.emailquote, div.emailquote
        {mso-style-name:emailquote;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:1.0pt;
        border:none;
        padding:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;
        font-weight:normal;
        font-style:normal;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Done. I also submitted the other errata on DSA, and assigned them all to you.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I think Bugzilla is a great way to track these.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>-Rick<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-left:.5in'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Ben Wilson [mailto:ben.wilson@digicert.com] <br><b>Sent:</b> Thursday, October 23, 2014 5:29 PM<br><b>To:</b> Rick Andrews; public@cabforum.org<br><b>Subject:</b> RE: [cabfpub] More BR Errata<o:p></o:p></span></p></div></div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>If  you want, put them in Bugzilla and assign them to me.<o:p></o:p></span></p></div></div><div><div class=MsoNormal align=center style='margin-left:.5in;text-align:center'><hr size=2 width="100%" align=center></div><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in'><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>From: </span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'><a href="mailto:Rick_Andrews@symantec.com">Rick Andrews</a></span><br><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Sent: </span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>ý10/ý23/ý2014 6:01 PM</span><br><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>To: </span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'><a href="mailto:public@cabforum.org">public@cabforum.org</a></span><br><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Subject: </span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>[cabfpub] More BR Errata</span><o:p></o:p></p></div><div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>I think Section 9.2.5 Subject Country Name Field, 9.2.6 Subject Organizational Unit Field, and 9.2.8 Other Subject Attributes should be downgraded to sub-sections 9.2.4 f, g, and h because they’re all Subject Distinguished Name Fields.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>Appendix B.2.G says “extkeyUsage (optional)<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>For Subordinate CA Certificates to be Technically constrained in line with section 9.8, then either the value<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>id-kp-serverAuth [RFC5280] or id-kp-clientAuth [RFC5280] or both values MUST be present**.” <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>But Section 9.8 is “Additional Technical Requirements” which contains very little text; I think this is supposed to refer to Section 9.7 “Technical Constraints in Subordinate CA Certificates via Name Constraints and EKU”. We should probably use the Microsoft Word tool to link to a Section number, so that if the Section number changes, the reference changes too.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>-Rick<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div></div></div></body></html>