<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Another way to look at Richard’s proposal and harmonize it with Ryan’s concerns is to separate EV vetting from maximum EV certificate life. We could allow a CA to rely on
a completed EV vetting (for governments or for all customers) for up to 39 months for a customer, but then only issue 12 or 13 month EV certs based on that vetting (for a 39 month period) so the technological changes can be made more quickly.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I’m not taking a position either way, but there are more possibilities if vetting cycles are not necessarily linked to maximum certificate lifespan.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org]
<b>On Behalf Of </b>Ryan Sleevi<br>
<b>Sent:</b> Monday, November 17, 2014 10:46 PM<br>
<b>To:</b> Richard@WoSign<br>
<b>Cc:</b> Dean Coclin (Dean_Coclin@symantec.com); CABFPub<br>
<b>Subject:</b> Re: [cabfpub] about EV period for Gov<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p><br>
On Nov 17, 2014 8:40 PM, "Richard Wang" <<a href="mailto:richard@wosign.com">richard@wosign.com</a>> wrote:<br>
><br>
> Hi all,<br>
><br>
><br>
><br>
> We plan to issue EV SSL certificate to government website to prevent spoof site that there is a big problem in China.<br>
><br>
><br>
><br>
> But the problem we faced is the too short period that they like to buy 5 years cert. Sure, I know it is not allowed even in OV SSL. Could we move EV re-vetting for governments to 39 months (3 years + 3 months) because they are “permanent” and the information
doesn’t change very often? This rule can be for .<a href="http://gov.cn">gov.cn</a> domain only in China, for .gov in USA etc.<br>
><o:p></o:p></p>
<p>No.<o:p></o:p></p>
<p>The limitations of date do not just apply to vetting information, but to providing an orderly and efficient window for making improvements and deprecating insecure practices.<o:p></o:p></p>
<p>The Forum's BRs will soon see certs limited to 39 months, and this truly represents a generous upper bound. I think an ideal frame would be 15, not 39, months, but 60 is certainly far too long.<o:p></o:p></p>
<p>><br>
><br>
> I checked many USA government sites are using EV SSL like CIA and UK Companies House.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> Best Regards,<br>
><br>
><br>
><br>
> Richard Wang<br>
><br>
><br>
> WoSign CA Limited<br>
><br>
> <a href="http://www.wosign.com">www.wosign.com</a><<a href="http://www.wosign.com/">http://www.wosign.com/</a>><br>
><br>
> Tel: +86-755-2602-7858<br>
><br>
><br>
> ---------------------------------------<br>
> This email is confidential and may be privileged. It may be read, copied and used only by the intended recipient. If you have received it in error, please contact the sender immediately by return email. Please then delete the email and do not disclose its
contents to any person. Thank you.<br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Public mailing list<br>
> <a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
> <a href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a><br>
><o:p></o:p></p>
</div>
</body>
</html>
<table><tr><td bgcolor=#ffffff><font color=#000000><pre><table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table></pre></font></td></tr></table>