<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">SSC votes: "Yes".<br>
<br>
Thanks,<br>
M.D.<br>
<br>
On 4/2/2015 7:14 PM, Doug Beattie wrote:<br>
</div>
<blockquote
cite="mid:SG2PR03MB0666586A4754D73069F4F818F0F20@SG2PR03MB0666.apcprd03.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Voting closes
today, please vote!<o:p></o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
name="_MailEndCompose"><span style="color:#1F497D"><o:p> </o:p></span></a></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in
0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Doug Beattie <br>
<b>Sent:</b> Thursday, March 19, 2015 1:40 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Subject:</b> Ballot 148 - Issuer Field Correction
(rev 1)<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m reposting Ballot 148 with new review
and voting periods to address recent comments.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Ballot 148 - Issuer Field Correction (Rev
1)<o:p></o:p></p>
<p class="MsoNormal">________________________________________<o:p></o:p></p>
<p class="MsoNormal">Reason <o:p></o:p></p>
<p class="MsoNormal">________________________________________<o:p></o:p></p>
<p class="MsoNormal">The issuer field language in Section 9.1
of the Baseline Requirements confuses two issues:
<o:p></o:p></p>
<p class="MsoNormal">1) the contents of the issuer field in an
end entity cert and
<o:p></o:p></p>
<p class="MsoNormal">2) how to name root and intermediate CA
certificates. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">To clarify the issue and ensure proper
name chaining, this ballot fixes the issuer field
requirements and, to clarify that commonName field is part
of the distinguished name, moves all of the Subject
Distinguished Name Field requirements under the proper
section. The ballot also removes requirements around the
domainComponent field as the field is not used by current
TLS clients. A subsequent ballot will address naming of
roots and intermediates under current Section 9.2.5.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Doug Beattie of GlobalSign made the
following motion, which was endorsed by Jeremy Rowley of
DigiCert and Richard Wang of WoSign.
<o:p></o:p></p>
<p class="MsoNormal">________________________________________<o:p></o:p></p>
<p class="MsoNormal">Motion begins <o:p></o:p></p>
<p class="MsoNormal">________________________________________<o:p></o:p></p>
<p class="MsoNormal">1) Replace Section 9.1 with the
following: <o:p></o:p></p>
<p class="MsoNormal">"9.1 Issuer Information <o:p></o:p></p>
<p class="MsoNormal">The content of the Certificate Issuer
Distinguished Name field MUST match the Subject DN of the
Issuing CA to support Name chaining as specified in RFC
5280, section 4.1.2.4."
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2) Move Section 9.2.2 to 9.2.2(a) and
renumber the subsequent sections as b-i.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">3) Delete Section 9.2.3. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">4) Renumber 9.2.4 as 9.2.2. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">5) In section 9.2, edit section reference
“9.2.2” to “9.2.2 (a)”<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">6) Update section references 9.2.4 (f) to
9.2.2.(g) and 9.2.4 to 9.2.2 throughout document.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">7) In Appendix B (Certificate Content and
Extensions), Item (1) Root CA Certificates, add
<o:p></o:p></p>
<p class="MsoNormal">F. Subject Information<o:p></o:p></p>
<p class="MsoNormal">The Certificate Subject MUST contain the
following<o:p></o:p></p>
<p class="MsoNormal">- countryName (OID 2.5.4.6). This field
MUST contain the two-letter ISO 3166-1 country code for the
country in which the CA’s place of business is located.
<o:p></o:p></p>
<p class="MsoNormal">- organizationName (OID 2.5.4.10). This
field MUST contain the name (or abbreviation thereof),
trademark, or other meaningful identifier for the CA,
provided that they accurately identify the CA. The field
MUST NOT contain exclusively a generic designation such as
“Root 1”.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">8) In Appendix B (Certificate Content and
Extensions), Item (2) Subordinate CA Certificate, add
<o:p></o:p></p>
<p class="MsoNormal">H. The Certificate Subject MUST contain
the following<o:p></o:p></p>
<p class="MsoNormal">- countryName (OID 2.5.4.6). This field
MUST contain the two-letter ISO 3166-1 country code for the
country in which the CA’s place of business is located.
<o:p></o:p></p>
<p class="MsoNormal">- organizationName (OID 2.5.4.10). This
field MUST contain the name (or abbreviation thereof),
trademark, or other meaningful identifier for the CA,
provided that they accurately identify the CA. The field
MUST NOT contain exclusively a generic designation such as
“CA1”.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">________________________________________<o:p></o:p></p>
<p class="MsoNormal">Motion Ends <o:p></o:p></p>
<p class="MsoNormal">________________________________________<o:p></o:p></p>
<p class="MsoNormal">The review period for this ballot shall
commence at 2200 UTC on 19 Mar 2015, and will close at 2200
UTC on 26 Mar 2015. Unless the motion is withdrawn during
the review period, the voting period will start immediately
thereafter and will close at 2200 UTC on 2 Apr 2015. Votes
must be cast by posting an on-list reply to this thread.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">A vote in favor of the motion must
indicate a clear 'yes' in the response. A vote against must
indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear
responses will not be counted. The latest vote received from
any representative of a voting member before the close of
the voting period will be counted. Voting members are listed
here:
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="https://cabforum.org/members/">https://cabforum.org/members/</a>
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In order for the motion to be adopted,
two thirds or more of the votes cast by members in the CA
category and greater than 50% of the votes cast by members
in the browser category must be in favor. Quorum is
currently nine (9) members– at least nine members must
participate in the ballot, either by voting in favor, voting
against, or abstaining.<o:p></o:p></p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>