<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Cambria-Bold;}
@font-face
{font-family:TimesNewRomanPSMT;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma",sans-serif;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Most of your comment is moot, because the work has already been done. That is why I focused on your comment about whether a particular section belongs in one section or another and responded that it could be moved. I suppose then that you are looking at the document and seeing lots of other items that belong somewhere else? I think Jeremy and I and the CP Review Working Group will be happy to accommodate such requests, but the stage we’re at now does not involve splitting sections up too much, although there are a couple of places where we’ve already done that without much trouble, such as in section 5.3.4.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> kirk_hall@trendmicro.com [mailto:kirk_hall@trendmicro.com] <br><b>Sent:</b> Tuesday, February 24, 2015 11:14 AM<br><b>To:</b> Ben Wilson; CABFPub<br><b>Subject:</b> RE: [cabfpub] Pre-Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Ben – I was not arguing for any specific change. I was just raising the question of whether trying to fit the BRs into RFC 3647 created its own problems – like where does a BR section go, and what should be done about a BR section that touches multiple sections of RFC 3647 (do you split up the current BR section, or just choose one place in the RFC 3647 format to put all the BR sections?).<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>One other consideration – there are many parts of the BRs (and EVGLs) that are not included in or relevant to a CA’s CPS – they are either requirements, technical standards, or prohibitions, but they don’t have to be declared or included in a CPS. So in that sense, putting the BRs into RFC 3647 does not aid in review or comparison of CPSs across CAs, at least as to those sections…<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif'> Ben Wilson [<a href="mailto:ben.wilson@digicert.com">mailto:ben.wilson@digicert.com</a>] <br><b>Sent:</b> Tuesday, February 24, 2015 10:02 AM<br><b>To:</b> Kirk Hall (RD-US); CABFPub<br><b>Subject:</b> RE: [cabfpub] Pre-Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>That is how the original from Jeremy was introduced with his email dated November 7, 2013, but I assume that it can be moved to section 2.2.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> <a href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a> [<a href="mailto:kirk_hall@trendmicro.com">mailto:kirk_hall@trendmicro.com</a>] <br><b>Sent:</b> Tuesday, February 24, 2015 9:52 AM<br><b>To:</b> Ben Wilson; CABFPub<br><b>Subject:</b> RE: [cabfpub] Pre-Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Ben – first of all, thanks for the hard work on this one.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m trying to figure out the benefit of locking the Forum into the RFC 3647 framework <u>for the purpose of listing BR requirements</u>. Is there really a benefit? Does it add to understanding and make CA compliance any easier? Or will it force us to put rules in odd places that actually make understanding a bit harder?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I note the BR 8.2 already requires CAs to put <u>their CPS</u> into the format of RFC 2527 or 3647. See the first two sections of BR 8.2 below. That can facilitate comparison between the CPSs of different CAs, if anyone cares to do that. But is there any corresponding benefit from restructuring the BRs to an RFC 3647 format? What if a rule spans two or more different sections of the RFC 3647 format?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I see that in your new organization of the BRs you have moved old BR 8.2.2 to a new Section 2.1 Repositories, not to new Section 2.2 Publication of Information. How did you make that choice? And is there an expectation that CAs will publish their CAA disclosure in new Sec. 2.2 of their CPS?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m just afraid we will be handcuffing ourselves with these changes, and that there could be errors in internal cross-references. It is also a lot of work for everyone to review a complete rewrite of the BRs.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Can you give us a convincing argument of why this is worth doing? Sorry I didn’t ask this question earlier, but I hadn’t really understood this was what the working group was doing – I thought you were just looking for GAPS in the BRs as compared to the RFC 3647 where we could ADD new provisions to the BRs – not a wholesale restructuring of the BRs.<o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal>Thanks.<o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-size:13.0pt;font-family:Cambria-Bold'>BR 8.2.2 Disclosure<o:p></o:p></span></b></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:TimesNewRomanPSMT'>The CA SHALL publicly disclose its Certificate Policy and/or Certification Practice Statement through an<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:TimesNewRomanPSMT'>appropriate and readily accessible online means that is available on a 24x7 basis. The CA SHALL publicly disclose<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:TimesNewRomanPSMT'>its CA business practices to the extent required by the CA’s selected audit scheme (see Section 17.1). The<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:TimesNewRomanPSMT'>disclosures MUST include all the material required by RFC 2527 or RFC 3647, and MUST be structured in<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:TimesNewRomanPSMT'>accordance with either RFC 2527 or RFC 3647. Effective as of 15 April 2015, section 4.2 of a CA's Certificate<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:TimesNewRomanPSMT'>Policy and/or Certification Practice Statement (section 4.1 for CAs still conforming to RFC 2527) SHALL state<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:TimesNewRomanPSMT'>whether the CA reviews CAA Records, and if so, the CA’s policy or practice on processing CAA Records for Fully<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:TimesNewRomanPSMT'>Qualified Domain Names. The CA SHALL log all actions taken, if any, consistent with its processing practice.</span><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif'> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Ben Wilson<br><b>Sent:</b> Tuesday, February 24, 2015 7:22 AM<br><b>To:</b> CABFPub<br><b>Subject:</b> [cabfpub] Pre-Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework</span></b><span style='font-size:12.0pt;font-family:"Times New Roman",serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>The Certificate Policy Review Working Group was chartered by Ballot 128 to (i) consider existing and proposed standards, (ii) create a list of potential improvements based on the considered standards that improve the existing CAB Forum work product, (iii) evaluate the transition to a 3647 format based on the amount [of work involved]. One deliverable of the CP Review WG was to propose a ballot to improve CA infrastructure based on existing standards and documents and recommend whether to finish the 3647 conversion presented by Jeremy Rowley in January 2014. <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>The CP Review WG has met and concluded that the best path forward for the Forum is to complete a conversion to the RFC 3647 for the Baseline Requirements with an initial step that merely moves existing content from the Baseline Requirements and the Network and Certificate System Security Requirements into the RFC 3647 format. <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>Attached is an RFC-3647-formatted Certificate Policy for Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. Comments embedded in the document contain either the source of the text (for content copied from the Baseline Requirements) or the current text (for provisions incorporated by reference from the Network and Certificate System Security Requirements ("NetSec"). It was decided that it was better to incorporate the NetSec requirements by reference rather than copying and pasting them in. In some limited instances the phrase "these Requirements" has been replaced with "this CP." However, "these Requirements" is mostly left in to preserve consistency with the current Baseline Requirements. <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>Ben Wilson of DigiCert made the following motion, from and from have endorsed it. <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>Motion Begins <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>Be it resolved that the CA / Browser Forum adopts the attached CA/B Forum Certificate Policy v.1.2.5, effective immediately. <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>Motion Ends <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>The review period for this ballot shall commence at 2200 UTC on March 2015 and will close at 2200 UTC on March 2015. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on March 2015. <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>Votes must be cast by posting an on-list reply to this thread. A vote in favor of the ballot must indicate a clear ‘yes’ in the response. A vote against the ballot must indicate a clear ‘no’ in the response. A vote to abstain must indicate a clear ‘abstain’ in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>Voting members are listed here: <a href="https://cabforum.org/members/"><span style='color:blue'>https://cabforum.org/members/</span></a>. In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and more than one half of the votes cast by members in the browser category must be in favor. Quorum is currently nine (9) members– at least nine members must participate in the ballot, either by voting in favor, voting against, or by abstaining for the vote to be valid. <o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><table class=MsoNormalTable border=0 cellpadding=0><tr><td style='background:white;padding:.75pt .75pt .75pt .75pt'><table class=MsoNormalTable border=0 cellpadding=0><tr><td style='padding:.75pt .75pt .75pt .75pt'><pre><o:p> </o:p></pre><pre>TREND MICRO EMAIL NOTICE<o:p></o:p></pre><pre>The information contained in this email and any attachments is confidential <o:p></o:p></pre><pre>and may be subject to copyright or other intellectual property protection. <o:p></o:p></pre><pre>If you are not the intended recipient, you are not authorized to use or <o:p></o:p></pre><pre>disclose this information, and we request that you notify us by reply mail or<o:p></o:p></pre><pre>telephone and delete the original message from your mail system.<o:p></o:p></pre></td></tr></table></td></tr></table><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif'><o:p> </o:p></span></p><table class=MsoNormalTable border=0 cellpadding=0><tr><td style='background:white;padding:.75pt .75pt .75pt .75pt'><table class=MsoNormalTable border=0 cellpadding=0><tr><td style='padding:.75pt .75pt .75pt .75pt'><pre><o:p> </o:p></pre><pre>TREND MICRO EMAIL NOTICE<o:p></o:p></pre><pre>The information contained in this email and any attachments is confidential <o:p></o:p></pre><pre>and may be subject to copyright or other intellectual property protection. <o:p></o:p></pre><pre>If you are not the intended recipient, you are not authorized to use or <o:p></o:p></pre><pre>disclose this information, and we request that you notify us by reply mail or<o:p></o:p></pre><pre>telephone and delete the original message from your mail system.<o:p></o:p></pre></td></tr></table></td></tr></table><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif'><o:p> </o:p></span></p></div></body></html>