<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
p.msochpdefault, li.msochpdefault, div.msochpdefault
{mso-style-name:msochpdefault;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:10.0pt;
font-family:SimSun;}
span.balloontextchar0
{mso-style-name:balloontextchar;
font-family:"Tahoma","sans-serif";}
span.emailstyle19
{mso-style-name:emailstyle19;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.emailstyle20
{mso-style-name:emailstyle20;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.emailstyle21
{mso-style-name:emailstyle21;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.emailstyle22
{mso-style-name:emailstyle22;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.emailstyle23
{mso-style-name:emailstyle23;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.emailstyle24
{mso-style-name:emailstyle24;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.emailstyle25
{mso-style-name:emailstyle25;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.emailstyle26
{mso-style-name:emailstyle26;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.emailstyle27
{mso-style-name:emailstyle27;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.emailstyle28
{mso-style-name:emailstyle28;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.emailstyle29
{mso-style-name:emailstyle29;
font-family:"Calibri","sans-serif";
color:#1F497D;
font-weight:normal;
font-style:normal;}
span.emailstyle30
{mso-style-name:emailstyle30;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle33
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle34
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle35
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle36
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="NO-BOK" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi Dean<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="color:#1F497D">Section 7.1.4.2.2. Subject Distinguished Name Fields b) Certificate Field: subject:organizationName (OID 2.5.4.10) says:<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><i><span lang="EN-US" style="color:#1F497D">Because Subject name attributes for individuals (e.g. givenName (2.5.4.42) and surname (2.5.4.4)) are not broadly supported by application software,
<u>the CA MAY use the subject:organizationName</u> field to convey a natural person Subject�$B!G�(Bs name or DBA.<o:p></o:p></span></i></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="color:#1F497D">This is apparently inconsistent with the last sentence in the ballot:<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><i><span lang="EN-US" style="color:#1F497D">If the Certificate asserts the policy identifier of either 2.23.140.1.2.2 or 2.23.140.1.2.3 , then
<u>it MUST also include organizationName</u>, localityName, stateOrProvinceName (if applicable), and countryName in the Subject field</span></i><span lang="EN-US" style="color:#1F497D">.<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="color:#1F497D">I assume it should still be possible to issue certificates to individuals (natural persons) without requiring the use of organizationName for holding the individuals name,
but rather use other subject attributes (?)<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="color:#1F497D">Regards<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="color:#1F497D">Mads<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org]
<b>On Behalf Of </b>Dean Coclin<br>
<b>Sent:</b> 8. juli 2015 23:12<br>
<b>To:</b> public@cabforum.org<br>
<b>Subject:</b> [cabfpub] IV OID Ballot 150<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I�$B!G�(Bm reintroducing this ballot based on the meeting in Zurich. I�$B!G�(Bll write a separate ballot for the EV, and EV Code Signing OIDs.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I have highlighted changes to the existing language so hopefully everyone can see the changes. I�$B!G�(Bve also enclosed a pdf version.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Endorsers: I assume you are still good with this? There are no changes.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Thanks,<br>
Dean<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><b><span lang="EN-US">Ballot 150-Addition of Optional OID for Individual Validation<o:p></o:p></span></b></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">The following motion has been proposed by Dean Coclin of Symantec and endorsed by Jeremy Rowley of Digicert and Kirk Hall of Trend Micro<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">-- MOTION BEGINS –<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">Modify section 1.2 of Baseline Requirements as follows:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><b><span lang="EN-US">1.2 Document Name and Identification</span></b><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">This certificate policy (CP) contains the requirements for the issuance and management of publicly�$B!>�(Btrusted SSL certificates, as adopted by the CA/Browser Forum.
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">The following Certificate Policy identifiers are reserved for use by CAs as an optional means of asserting compliance with this CP (OID arc 2.23.140.1.2) as follows:
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">{joint�$B!>�(Biso�$B!>�(Bitu�$B!>�(Bt(2) international�$B!>�(Borganizations(23) ca�$B!>�(Bbrowser�$B!>�(Bforum(140) certificate�$B!>�(Bpolicies(1) baseline�$B!>�(B requirements(2) domain�$B!>�(Bvalidated(1)} (2.23.140.1.2.1);
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-indent:36.0pt"><span lang="EN-US">{joint�$B!>�(Biso�$B!>�(Bitu�$B!>�(Bt(2) international�$B!>�(Borganizations(23) ca�$B!>�(Bbrowser�$B!>�(Bforum(140) certificate�$B!>�(Bpolicies(1) baseline�$B!>�(B requirements(2)
<span style="background:yellow;mso-highlight:yellow">organization-validated</span>(2)} (2.23.140.1.2.2) and<o:p></o:p></span></p>
<p class="MsoNormal" style="text-indent:36.0pt"><span lang="EN-US" style="background:yellow;mso-highlight:yellow">{joint�$B!>�(Biso�$B!>�(Bitu�$B!>�(Bt(2) international�$B!>�(Borganizations(23) ca�$B!>�(Bbrowser�$B!>�(Bforum(140) certificate�$B!>�(Bpolicies(1) baseline�$B!>�(B requirements(2) individual-validated(3)}
(2.23.140.1.2.3).</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-indent:36.0pt"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">Modify section 7.1.6.1 as follows:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><b><span lang="EN-US">7.1.6.1. Reserved Certificate Policy Identifiers
<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">This section describes the content requirements for the Root CA, Subordinate CA, and Subscriber Certificates, as they relate to the identification of Certificate Policy.
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">The following Certificate Policy identifiers are reserved for use by CAs as an optional means of asserting compliance with these Requirements as follows:
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-US">{joint�$B!>�(Biso�$B!>�(Bitu�$B!>�(Bt(2) international�$B!>�(Borganizations(23) ca�$B!>�(Bbrowser�$B!>�(Bforum(140) certificate�$B!>�(Bpolicies(1) baseline�$B!>�(Brequirements(2) domain�$B!>�(Bvalidated(1)} (2.23.140.1.2.1), if the Certificate complies
with these Requirements but lacks Subject Identity Information that is verified in accordance with either Section 3.2.2.1
<span style="background:yellow;mso-highlight:yellow">or Section 3.2.3</span>.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">If the Certificate asserts the policy identifier of 2.23.140.1.2.1, then it MUST NOT include organizationName, streetAddress, localityName, stateOrProvinceName, or postalCode in the Subject
field. <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-US">{joint�$B!>�(Biso�$B!>�(Bitu�$B!>�(Bt(2) international�$B!>�(Borganizations(23) ca�$B!>�(Bbrowser�$B!>�(Bforum(140) certificate�$B!>�(Bpolicies(1) baseline�$B!>�(Brequirements(2)
<span style="background:yellow;mso-highlight:yellow">organization</span>-validated(2)} (2.23.140.1.2.2), if the Certificate complies with these Requirements and includes Subject Identity Information that is verified in accordance with Section 3.2.2.1.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-US" style="background:yellow;mso-highlight:yellow">{joint�$B!>�(Biso�$B!>�(Bitu�$B!>�(Bt(2) international�$B!>�(Borganizations(23) ca�$B!>�(Bbrowser�$B!>�(Bforum(140) certificate�$B!>�(Bpolicies(1) baseline�$B!>�(Brequirements(2) individual-validated(3)}
(2.23.140.1.2.3), if the Certificate complies with these Requirements and includes Subject Identity Information that is verified in accordance with Section 3.2.3.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">If the Certificate asserts the policy identifier of either 2.23.140.1.2.2<span style="color:#1F497D">
</span><span style="background:yellow;mso-highlight:yellow">or 2.23.140.1.2.3</span> , then it MUST also include organizationName, localityName, stateOrProvinceName (if applicable), and countryName in the Subject field.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">If the ballot passes, the custodian of the Forum OIDs will be instructed to obtain the new OID for IV as indicated above.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">-- MOTION ENDS –<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">The review period for this ballot shall commence at 2200 UTC on Thursday
<span style="color:#1F497D">July</span> <span style="color:#1F497D">9</span>, 2015, and will close at 2200 UTC on Thursday
<span style="color:#1F497D">16</span> Ju<span style="color:#1F497D">ly</span> 2015. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on Thursday, 2<span style="color:#1F497D">3</span>
<span style="color:#1F497D">July</span> 2015. Votes must be cast by posting an on-list reply to this thread.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the
response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: <a href="https://cabforum.org/members/"><span style="color:windowtext">https://cabforum.org/members/</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in
favor. Quorum is currently nine (9) members– at least nine members must participate in the ballot, either by voting in favor, voting against, or abstaining.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
</body>
</html>