<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-2022-jp"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:PMingLiU;
panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
{font-family:PMingLiU;
panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:PMingLiU;
panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"\@MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:ZH-CN;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:ZH-CN;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ZH-TW link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'>Dear Jeremy,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'> What about change the wording of B.R about OV OID to below red line, as </span><span lang=EN-US><a href="https://bugzilla.cabforum.org/show_bug.cgi?id=2">https://bugzilla.cabforum.org/show_bug.cgi?id=2</a> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'> or attached file at 33<sup>rd</sup> F2F meeting that <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'>“Certificate Field: subject:localityName may be absent if a an applicant is registered as a national company or a national organization, also stateOrProvinceName field is<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'>absent.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>If the Certificate asserts the policy identifier of 2.23.140.1.2.2, then it MUST also include organizationName, localityName</span><span lang=EN-US style='color:red;mso-fareast-language:ZH-TW'>(if applicable)</span><span lang=EN-US>, stateOrProvinceName (if applicable), and countryName in the Subject field.</span><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'> </span><span lang=EN-US>Or as we met Ben and Moudrick in conference in Taipei, Ben said that localityName field is not mandatory .</span><span lang=EN-US style='mso-fareast-language:ZH-TW'> It depends on the opinion of the auditor.</span><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'><o:p> </o:p></span></p><p class=MsoNormal><span lang=NO-BOK style='color:#1F497D'>Sincerely Yours,<o:p></o:p></span></p><p class=MsoNormal><span lang=NO-BOK style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=NO-BOK style='color:#1F497D'> Li-Chun CHEN<o:p></o:p></span></p><p class=MsoNormal><span lang=NO-BOK style='color:#1F497D'> </span><span lang=NO-BOK style='color:#1F497D;mso-fareast-language:ZH-TW'>Senior </span><span lang=NO-BOK style='color:#1F497D'>Engineer<o:p></o:p></span></p><p class=MsoNormal><span lang=NO-BOK style='color:#1F497D'> CISSP, CISA, CISM, PMP,<o:p></o:p></span></p><p class=MsoNormal><span lang=NO-BOK style='color:#1F497D'> Information & Communication Security Dept.<o:p></o:p></span></p><p class=MsoNormal><span lang=NO-BOK style='color:#1F497D'> Data Communication Business Group<o:p></o:p></span></p><p class=MsoNormal><span lang=NO-BOK style='color:#1F497D'> Chunghwa Telecom Co. Ltd.<o:p></o:p></span></p><p class=MsoNormal><span lang=NO-BOK style='color:#1F497D'> <a href="mailto:realsky@cht.com.tw">realsky@cht.com.tw</a><o:p></o:p></span></p><p class=MsoNormal><span lang=NO-BOK style='color:#1F497D'> +886-2-2344-4820#4025<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D;mso-fareast-language:ZH-TW'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:ZH-TW'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:ZH-TW'> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Jeremy Rowley<br><b>Sent:</b> Thursday, August 20, 2015 11:26 PM<br><b>To:</b> public@cabforum.org<br><b>Subject:</b> [cabfpub] Ballot 150 - OIDs<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Here’s an updated draft of the OID ballot:<o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US><o:p> </o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US>Ballot 150-Addition of Optional OID for Individual Validation</span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> The following motion has been proposed by Dean Coclin of Symantec and endorsed by Jeremy Rowley of Digicert and Kirk Hall of Trend Micro.<span style='color:#1F497D'><o:p></o:p></span></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>-- MOTION BEGINS –<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt'><span lang=EN-US>1)</span><span lang=EN-US style='font-size:7.0pt;font-family:"Times New Roman","serif"'> </span><span lang=EN-US>Modify section 1.2 of Baseline Requirements as follows:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US>1.2 Document Name and Identification</span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>This certificate policy (CP) contains the requirements for the issuance and management of publicly‐trusted SSL certificates, as adopted by the CA/Browser Forum. <o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>The following Certificate Policy identifiers are reserved for use by CAs as an optional means of asserting compliance with this CP (OID arc 2.23.140.1.2) as follows: <o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>{joint‐iso‐itu‐t(2) international‐organizations(23) ca‐browser‐forum(140) certificate‐policies(1) baseline‐ requirements(2) domain‐validated(1)} (2.23.140.1.2.1); <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>{joint‐iso‐itu‐t(2) international‐organizations(23) ca‐browser‐forum(140) certificate‐policies(1) baseline‐ requirements(2) organization-validated(2)} (2.23.140.1.2.2) and<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><u><span lang=EN-US>{joint‐iso‐itu‐t(2) international‐organizations(23) ca‐browser‐forum(140) certificate‐policies(1) baseline‐ requirements(2) individual-validated(3)} (2.23.140.1.2.3).<o:p></o:p></span></u></p><p class=MsoNormal style='text-indent:36.0pt'><span lang=EN-US style='color:#1F497D'> </span><span lang=EN-US><o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt'><span lang=EN-US>2)</span><span lang=EN-US style='font-size:7.0pt;font-family:"Times New Roman","serif"'> </span><span lang=EN-US>Modify section 7.1.6.1 of the Baseline Requirements as follows:<o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US>7.1.6.1. Reserved Certificate Policy Identifiers </span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>This section describes the content requirements for the Root CA, Subordinate CA, and Subscriber Certificates, as they relate to the identification of Certificate Policy. <o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>The following Certificate Policy identifiers are reserved for use by CAs as an optional means of asserting compliance with these Requirements as follows: <o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>{joint‐iso‐itu‐t(2) international‐organizations(23) ca‐browser‐forum(140) certificate‐policies(1) baseline‐requirements(2) domain‐validated(1)} (2.23.140.1.2.1), if the Certificate complies with these Requirements but lacks Subject Identity Information that is verified in accordance with either Section 3.2.2.1 <u>or Section 3.2.3</u>.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>If the Certificate asserts the policy identifier of 2.23.140.1.2.1, then it MUST NOT include organizationName, givenName, surname, streetAddress, localityName, stateOrProvinceName, or postalCode in the Subject field. <o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>{joint‐iso‐itu‐t(2) international‐organizations(23) ca‐browser‐forum(140) certificate‐policies(1) baseline‐requirements(2) organization-validated(2)} (2.23.140.1.2.2), if the Certificate complies with these Requirements and includes Subject Identity Information that is verified in accordance with Section 3.2.2.1.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><u><span lang=EN-US>{joint‐iso‐itu‐t(2) international‐organizations(23) ca‐browser‐forum(140) certificate‐policies(1) baseline‐requirements(2) individual-validated(3)} (2.23.140.1.2.3), if the Certificate complies with these Requirements and includes Subject Identity Information that is verified in accordance with Section 3.2.3.<o:p></o:p></span></u></p><p class=MsoNormal><u><span lang=EN-US> <o:p></o:p></span></u></p><p class=MsoNormal><span lang=EN-US>If the Certificate asserts the policy identifier of 2.23.140.1.2.2, then it MUST also include organizationName, localityName, stateOrProvinceName (if applicable), and countryName in the Subject field. <u>If the Certificate asserts the policy identifier of 2.23.140.1.2.3, then it MUST also include (i) either organizationName or givenName and surname, (ii) localityName, (iii) stateOrProvinceName (if applicable), and (iv) countryName in the Subject field.</u><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt'><span lang=EN-US>3)</span><span lang=EN-US style='font-size:7.0pt;font-family:"Times New Roman","serif"'> </span><span lang=EN-US>Modify the definition of “EV OID” in the EV Guidelines as follows:<o:p></o:p></span></p><p class=MsoListParagraph><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US>EV OID</span></b><span lang=EN-US>: An identifying number, in the form of an “object identifier,” that is included in the certificatePolicies field of a certificate that: (i) indicates which CA policy statement relates to that certificate, and (ii) <u>is either the CA/Browser Forum EV policy identifier or a policy identifier that</u>, by pre-agreement with one or more Application Software Supplier, marks the certificate as being an EV Certificate.<o:p></o:p></span></p><p class=MsoListParagraph><span lang=EN-US><o:p> </o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt'><span lang=EN-US>4)</span><span lang=EN-US style='font-size:7.0pt;font-family:"Times New Roman","serif"'> </span><span lang=EN-US>Modify Section 9.3.2 of the EV Guidelines as follows:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Each EV Certificate issued by the CA to a Subscriber MUST contain a policy identifier <u>that is either</u> defined by <u>these Guidelines or </u>the CA in the certificate’s certificatePolicies extension that: (i) indicates which CA policy statement relates to that Certificate, (ii) asserts the CA’s adherence to and compliance with these Guidelines, and (iii), <u>is either the CA/Browser Forum’s EV policy identifier or a policy identifier that, </u>by pre-agreement with the Application Software Supplier, marks the Certificate as being an EV Certificate.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><u><span lang=EN-US>The following Certificate Policy identifier is the CA/Browser Forum’s EV policy identifier: <o:p></o:p></span></u></p><p class=MsoNormal><u><span lang=EN-US>{joint‐iso‐itu‐t(2) international‐organizations(23) ca‐browser‐forum(140) certificate‐policies(1) ev-guidelines (1) } (2.23.140.1.1), if the Certificate complies with these Guidelines.<o:p></o:p></span></u></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>If the ballot passes, the custodian of the Forum OIDs will be instructed to obtain the new OID for IV as indicated above.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>-- MOTION ENDS –<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>The review period for this ballot shall commence at 2200 UTC on Friday, August 21, 2015, and will close at 2200 UTC on Friday, August 27, 2015. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on Friday, September 4, 2015. Votes must be cast by posting an on-list reply to this thread.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: <a href="https://cabforum.org/members/"><span style='color:windowtext'>https://cabforum.org/members/</span></a><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is currently nine (9) members– at least nine members must participate in the ballot, either by voting in favor, voting against, or abstaining.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p></div></body></html><br><html><div><div>本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. </div><div>Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.</div></div><div><br></div><div><br></div></html>