<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-2">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Hi Doug,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>About Ballot 148, I had also shared another slight correction in my previous message below.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>As there will be no section 9.2.4 left after the changes, the reference 9.2.4.(g) should also be changed to 9.2.2.(g) in item 6 of your ballot.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>These recursive reference changes may become really confusing…<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Atilla<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b>From:</b> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>N. Atilla Biler<br><b>Sent:</b> 13 Mart 2015 Cuma 11:00<br><b>To:</b> 'Doug Beattie'; public@cabforum.org<br><b>Subject:</b> Re: [cabfpub] Ballot 148 - Issuer Field Correction<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>Another slight correction will be updating section reference 9.2.4 (f) to 9.2.<span style='background:yellow;mso-highlight:yellow'>2</span>.(g) below:<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>“<b>6) Update section references 9.2.4 (f) to <s><span style='background:yellow;mso-highlight:yellow'>9.2.4.(g)</span></s><span style='background:yellow;mso-highlight:yellow'> 9.2.2.(g)</span> and 9.2.4 to 9.2.2 throughout document.</b>”<o:p></o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b>From:</b> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Doug Beattie<br><b>Sent:</b> 19 Mart 2015 Peršembe 17:35<br><b>To:</b> public@cabforum.org<br><b>Subject:</b> Re: [cabfpub] Ballot 148 - Issuer Field Correction<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>Just a reminder that the review period for this ballot ends today (2200 UTC on 19 Mar 2015.) and the voting period starts immediately thereafter. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>We’ve received some editorial comments (section numbers and references) so we’ll proceed with the voting period. Comments related to the business logic and content of who controls the keys, who controls the CA, who’s CPS is used are interesting and need to be addressed, but they are outside the scope of this “clean-up” ballot.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>For clarity, here is the updated ballot with the included editorial updates:<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Ballot 148 - Issuer Field Correction <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>________________________________________<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Reason <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>________________________________________<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>The issuer field language in Section 9.1 of the Baseline Requirements confuses two issues: <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>1) the contents of the issuer field in an end entity cert and <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>2) how to name root and intermediate CA certificates. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>To clarify the issue, and ensure proper name chaining, this ballot fixes the issuer field requirements and, to clarify that commonName field is part of the distinguished name, moves all of the Subject Distinguished Name Field requirements under the proper section. The ballot also removes requirements around the domainComponent field as the field is not used by current TLS clients. A subsequent ballot will address naming of roots and intermediates under current Section 9.2.5. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Doug Beattie of GlobalSign made the following motion, which was endorsed by Jeremy Rowley of DigiCert and Richard Wang of WoSign. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>________________________________________<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Motion begins <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>________________________________________<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>1) Replace Section 9.1 with the following: <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>"9.1 Issuer Information <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>The content of the Certificate Issuer Distinguished Name field MUST match the Subject DN of the Issuing CA to support Name chaining as specified in RFC 5280, section 4.1.2.4. Only in the event of a self-signed root will the issuer and subject fields be identical." <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>2) Move Section 9.2.2 to 9.2.4(a) and renumber the subsequent sections as b-i. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>3) Delete Section 9.2.3. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>4) Renumber 9.2.4 as 9.2.2. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>5) In section 9.2, edit section reference “9.2.2” to “9.2.2 (a)”<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>6) Update section references 9.2.4 (f) to 9.2.4.(g) and 9.2.4 to 9.2.2 throughout document.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>________________________________________<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Motion Ends <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>________________________________________<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>The review period for this ballot shall commence at 2200 UTC on 12 Mar 2015, and will close at 2200 UTC on 19 Mar 2015. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on 26 Mar 2015. Votes must be cast by posting an on-list reply to this thread. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: <a href="https://cabforum.org/members/">https://cabforum.org/members/</a> <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is currently nine (9) members– at least nine members must participate in the ballot, either by voting in favor, voting against, or abstaining.<o:p></o:p></span></p><p class=MsoNormal><a name="_MailEndCompose"></a><span style='color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b>From:</b> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Doug Beattie<br><b>Sent:</b> Wednesday, March 11, 2015 7:28 PM<br><b>To:</b> <a href="mailto:public@cabforum.org">public@cabforum.org</a><br><b>Subject:</b> [cabfpub] Ballot 148 - Issuer Field Correction<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Ballot 148 - Issuer Field Correction <o:p></o:p></p><p class=MsoNormal>________________________________________<o:p></o:p></p><p class=MsoNormal>Reason <o:p></o:p></p><p class=MsoNormal>________________________________________<o:p></o:p></p><p class=MsoNormal>The issuer field language in Section 9.1 of the Baseline Requirements confuses two issues: <o:p></o:p></p><p class=MsoNormal>1) the contents of the issuer field in an end entity cert and <o:p></o:p></p><p class=MsoNormal>2) how to name root and intermediate CA certificates. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>To clarify the issue, and ensure proper name chaining, this ballot fixes the issuer field requirements and, to clarify that commonName field is part of the distinguished name, moves all of the Subject Distinguished Name Field requirements under the proper section. The ballot also removes requirements around the domainComponent field as the field is not used by current TLS clients. A subsequent ballot will address naming of roots and intermediates under current Section 9.2.5. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Doug Beattie of GlobalSign made the following motion, which was endorsed by Jeremy Rowley of DigiCert and Richard Wang of WoSign. <o:p></o:p></p><p class=MsoNormal>________________________________________<o:p></o:p></p><p class=MsoNormal>Motion begins <o:p></o:p></p><p class=MsoNormal>________________________________________<o:p></o:p></p><p class=MsoNormal>1) Replace Section 9.1 with the following: <o:p></o:p></p><p class=MsoNormal>"9.1 Issuer Information <o:p></o:p></p><p class=MsoNormal>The content of the Certificate Issuer Distinguished Name field MUST match the Subject DN of the Issuing CA to support Name chaining as specified in RFC 5280, section 4.1.2.4. Only in the event of a self-signed root will the issuer and subject fields be identical." <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>2) Move Section 9.2.2 to 9.2.4(a) and renumber the subsequent sections as b-i. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>3) Delete Section 9.2.3. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>4) Renumber 9.2.4 as 9.2.2. <o:p></o:p></p><p class=MsoNormal>________________________________________<o:p></o:p></p><p class=MsoNormal>Motion Ends <o:p></o:p></p><p class=MsoNormal>________________________________________<o:p></o:p></p><p class=MsoNormal>The review period for this ballot shall commence at 2200 UTC on 12 Mar 2015, and will close at 2200 UTC on 19 Mar 2015. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on 26 Mar 2015. Votes must be cast by posting an on-list reply to this thread. <o:p></o:p></p><p class=MsoNormal>A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: <a href="https://cabforum.org/members/">https://cabforum.org/members/</a> <o:p></o:p></p><p class=MsoNormal>In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is currently nine (9) members– at least nine members must participate in the ballot, either by voting in favor, voting against, or abstaining. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>