<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-9"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma",sans-serif;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma",sans-serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1856726683;
mso-list-type:hybrid;
mso-list-template-ids:738369776 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Hi all,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>It really seems practical to have one RFC compliant document to follow for each CA, whether the CA gives only BR mandated OV, DV etc. or EV Guidelines mandated EV SSL services.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>The practicality will be twofold:<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='color:#1F497D'><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='color:#1F497D'>There are a lot of common requirements w.r.t RFC 3647 format like technical requirements, system security requirements, audit requirements etc. and these can be managed synchronously under one document. Otherwise, every update should be done twice and in parallel on both documents. <o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='color:#1F497D'><span style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='color:#1F497D'>The differences for each type of SSL will be explicit, emphasizing different requirements. As the RFC format is not only for validation steps (contrary to the current EV Guidelines format that is concentered on extended validation issues), solely the differences will be managed in a common document.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>For now, we as TURKTRUST collect all certificate types under one CP and CPS document where all have separate certificate policies. It really is practical for us to manage the document itself while following the frequent changes we make on those requirements as CA/Browser Forum. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=TR style='color:#1F497D'>N. Atilla BILER<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=TR style='color:#1F497D'>Business Development Manager / Advisor to R&D Center<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=TR style='color:#1F497D'>TURKTRUST Inc.<o:p></o:p></span></b></p><p class=MsoNormal><span lang=TR style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>Address: Hollanda Cad. 696.Sok. No:7 Yildiz 06550 Cankaya / ANKARA - TURKEY<o:p></o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>Phone : +90 (312) 439 10 00<o:p></o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>Mobile : +90 (530) 314 24 05<o:p></o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>Fax : +90 (312) 439 10 01<o:p></o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>E-mail : <a href="mailto:atilla.biler@turktrust.com.tr"><span style='color:#1F497D'>atilla.biler@turktrust.com.tr</span></a> <o:p></o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>Web : <a href="http://www.turktrust.com.tr/"><span style='color:#1F497D'>www.turktrust.com.tr</span></a> <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b>From:</b> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Doug Beattie<br><b>Sent:</b> 31 Ađustos 2015 Pazartesi 18:17<br><b>To:</b> Tim Hollebeek <THollebeek@trustwave.com>; Bruce Morton <bruce.morton@entrust.com>; Ben Wilson <ben.wilson@digicert.com>; CABFPub <public@cabforum.org><br><b>Subject:</b> Re: [cabfpub] Merge EV Guidelines into Baseline Requirements CP?<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>I’d prefer combining them into one document based on what I know now. I think it will be hard to read and follow a document that contains a lot of references to another document, and each time a change is made to the BR document we’ll need to ask ourselves how this impacts EV (if that section is used or not).<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Also, many of the sections will be close, but not 100% identical to the BRs which will mean duplicating that section and then trying to keep the common items in-sync. For example the Certificate Warranties: many are the same, some are different. Wouldn’t it be better to have this in a table with the list of all warrantees and then indicate which apply to OV/DV vs. EV? This also lets you clearly see the differences between the different types of certificates. This same approach could be used in lots of places throughout.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>It’s also possible that once we start merging it some hard to solve issues will arise…. I support investigating what it would take to merge it in and to identify what obstacles we might encounter. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Doug<o:p></o:p></span></p><p class=MsoNormal><a name="_MailEndCompose"></a><span style='color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b>From:</b> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Tim Hollebeek<br><b>Sent:</b> Monday, August 31, 2015 10:51 AM<br><b>To:</b> Bruce Morton <<a href="mailto:bruce.morton@entrust.com">bruce.morton@entrust.com</a>>; Ben Wilson <<a href="mailto:ben.wilson@digicert.com">ben.wilson@digicert.com</a>>; CABFPub <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br><b>Subject:</b> Re: [cabfpub] Merge EV Guidelines into Baseline Requirements CP?<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>I tend to agree with this. I’d prefer a separate document, even if much of it is “Section X: As in the baseline requirements”.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>-Tim<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif'> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Bruce Morton<br><b>Sent:</b> Monday, August 31, 2015 10:17 AM<br><b>To:</b> Ben Wilson; CABFPub<br><b>Subject:</b> Re: [cabfpub] Merge EV Guidelines into Baseline Requirements CP?<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>Ben,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>I’m thinking that this will start to make it hard to understand what is EV and what is not. It might also be hard for the auditing community to mage their EV audit criteria.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Currently, we can align Baseline Requirements with a Baseline Requirements audit criteria; we can also do the same for EV. If we merge the two together can we still separate them for CAs which do not issue EV certificates?<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Bruce.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b>From:</b> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Ben Wilson<br><b>Sent:</b> Monday, August 31, 2015 9:58 AM<br><b>To:</b> CABFPub <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br><b>Subject:</b> [cabfpub] Merge EV Guidelines into Baseline Requirements CP?<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>As I’ve looked at what is ahead of us (in the Policy Review Working Group), I have concluded that I’d prefer to put the EV Guidelines into the Baseline Requirements CP. The EV Guidelines would lose their identity as a separate document, but if we merge the two, we can avoid a lot of back and forth between two documents because everything would be in one document. Other CPs have taken this approach of having multiple policies in the same CP document. Not sure what other people think, but I thought I’d mention this idea here, in case it helps guide the WG as we review the EVG document in the upcoming weeks. (I did send out a rough draft of an RFC-3647-formatted EV Guidelines to the Policy Review Working Group to get us started.) If people are amenable to merging the documents, then that might save us some work in the long run. Otherwise, we can move forward with editing of the RFC-3647 formatted version of the EV Guidelines as a separate document, which is fine, too. <o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif'><o:p> </o:p></span></p><div class=MsoNormal align=center style='text-align:center'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'><hr size=3 width="100%" align=center></span></div><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:gray'><br>This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.</span><span style='font-size:12.0pt;font-family:"Times New Roman",serif'><o:p></o:p></span></p></div></div></body></html>