<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hi Jeremy,<br>
    <br>
    <div class="moz-cite-prefix">On 03/20/2015 12:33 AM, Jeremy Rowley
      wrote:<br>
    </div>
    <blockquote
      cite="mid:0791fe32184940039fc559252d13a187@EX2.corp.digicert.com"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:1569996104;
        mso-list-type:hybrid;
        mso-list-template-ids:294274098 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-text:"%1\)";
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal">Per the call today and discussion during
          the face-to-face, I’d like to start a public discussion on
          doing one of two things. </p>
      </div>
    </blockquote>
    <br>
    Thanks for your post here...<br>
    <br>
    <blockquote
      cite="mid:0791fe32184940039fc559252d13a187@EX2.corp.digicert.com"
      type="cite">
      <div class="WordSection1">Personally, I like the idea of a maximum
        lifecycle of 24 months. The lower validity period ensures CAB
        Forum and industry changes take less time to implement (fewer
        MD5/SHA1 situations), and we encourage more frequent rekeying
        and validation.</div>
    </blockquote>
    <br>
    If there would be consensus to reduce everything to two years, this
    would be personally also fine with me, but....<br>
    <br>
    <blockquote
      cite="mid:0791fe32184940039fc559252d13a187@EX2.corp.digicert.com"
      type="cite">
      <div class="WordSection1"><o:p></o:p>Therefore extending EV to 39
        months might be more reasonable.</div>
    </blockquote>
    <br>
    ...considering that his is the strongest verification standard so
    far, it might make sense to increase the life-time to what has been
    established a reasonable (maximum) time to rely on certificates. <br>
    <br>
    Again personally, if anything should be changed besides this
    increase would be the reduction of the life-time of DV certificates.
    After all, all they confirm is some sort of control over the domain
    and not more. You can't even know if the domain name is still
    registered by the holder after just one year usually.<br>
    <br>
    <blockquote
      cite="mid:0791fe32184940039fc559252d13a187@EX2.corp.digicert.com"
      type="cite">
      <div class="WordSection1">Extending EV to 39 months will help
        promote EV adoption and put EV on equal footing with OV/DV.</div>
    </blockquote>
    <br>
    Yes, that's currently a real drawback.<br>
    <br>
    <blockquote
      cite="mid:0791fe32184940039fc559252d13a187@EX2.corp.digicert.com"
      type="cite">
      <div class="WordSection1">  Of course, this would extend the
        validation time by a year. One way to deal with this extra time
        is adopt the Mozilla approach and require revalidation every X
        months (where X is mostly likely 13). <br>
      </div>
    </blockquote>
    <br>
    I wouldn't be in favor of that - first of all today two years are
    acceptable for EV certificates without any re-verification. <br>
    Second, the entire pain with EV is the verification process and not
    necessarily getting the certificates in place. If it helps, we could
    think about strengthening a point here or there to increase the
    robustness of the verification process for EV. <br>
    And third, if ordinary IV/OV certificates are fine with a three year
    verification cycle (not speaking about DV), than EV certainly is in
    my opinion.<br>
    <br>
    <div class="moz-signature">-- <br>
      <table border="0" cellpadding="0" cellspacing="0">
        <tbody>
          <tr>
            <td colspan="2">Regards </td>
          </tr>
          <tr>
            <td colspan="2"> </td>
          </tr>
          <tr>
            <td>Signer: </td>
            <td>Eddy Nigg, COO/CTO</td>
          </tr>
          <tr>
            <td> </td>
            <td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
          </tr>
          <tr>
            <td>XMPP: </td>
            <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
          </tr>
          <tr>
            <td>Blog: </td>
            <td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
          </tr>
          <tr>
            <td>Twitter: </td>
            <td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
          </tr>
          <tr>
            <td colspan="2"> </td>
          </tr>
        </tbody>
      </table>
    </div>
  </body>
</html>