<div dir="ltr">Opera votes YES,<div><br></div><div>Cheers,</div><div>Håvard</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 23, 2015 at 11:36 AM, Dimitris Zacharopoulos <span dir="ltr"><<a href="mailto:jimmy@it.auth.gr" target="_blank">jimmy@it.auth.gr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div><br>
HARICA votes YES.<br>
<br>
Dimitris Zacharopoulos.<div><div class="h5"><br>
<br>
<br>
On 14/9/2015 10:11 μμ, Dean Coclin wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div>
<p class="MsoNormal">Due to the confusion as to the voting
period on ballot 150, it failed for lack of quorum. We are
therefore submitting this as a new ballot. The discussion
period begins today followed by voting per the schedule
below. We believe we have captured all the comments but if
you have others, please feel free to remark.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><b><u></u> <u></u></b></p>
<p class="MsoNormal"><b>Ballot 151- Revised Addition of Optional
OIDs for Indicating Level of Validation</b><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal"> The following motion has been proposed by
Dean Coclin of Symantec and endorsed by Jeremy Rowley of
Digicert and Kirk Hall of Trend Micro.<span style="color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal">-- MOTION BEGINS –<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p>1)<span> </span>Modify section
1.2 of Baseline Requirements as follows:<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal"><b>1.2 Document Name and Identification</b><u></u><u></u></p>
<p class="MsoNormal">This certificate policy (CP) contains the
requirements for the issuance and management of
publicly‐trusted SSL certificates, as adopted by the
CA/Browser Forum. <u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal">The following Certificate Policy
identifiers are reserved for use by CAs as an optional means
of asserting compliance with this CP (OID arc 2.23.140.1.2) as
follows: <u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal">{joint‐iso‐itu‐t(2)
international‐organizations(23) ca‐browser‐forum(140)
certificate‐policies(1) baseline‐ requirements(2)
domain‐validated(1)} (2.23.140.1.2.1); <u></u><u></u></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal">{joint‐iso‐itu‐t(2)
international‐organizations(23) ca‐browser‐forum(140)
certificate‐policies(1) baseline‐ requirements(2)
organization-validated(2)} (2.23.140.1.2.2) and<u></u><u></u></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><u>{joint‐iso‐itu‐t(2)
international‐organizations(23) ca‐browser‐forum(140)
certificate‐policies(1) baseline‐ requirements(2)
individual-validated(3)} (2.23.140.1.2.3).<u></u><u></u></u></p>
<p class="MsoNormal" style="text-indent:.5in"><span style="color:#1f497d"> </span><u></u><u></u></p>
<p>2)<span> </span>Modify section
7.1.6.1 of the Baseline Requirements as follows:<u></u><u></u></p>
<p class="MsoNormal"><b><span style="color:#1f497d"><u></u> <u></u></span></b></p>
<p class="MsoNormal"><b>7.1.6.1. Reserved Certificate Policy
Identifiers </b><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal">This section describes the content
requirements for the Root CA, Subordinate CA, and Subscriber
Certificates, as they relate to the identification of
Certificate Policy. <u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal">The following Certificate Policy
identifiers are reserved for use by CAs as an optional means
of asserting compliance with these Requirements as follows: <u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal">{joint‐iso‐itu‐t(2)
international‐organizations(23) ca‐browser‐forum(140)
certificate‐policies(1) baseline‐requirements(2)
domain‐validated(1)} (2.23.140.1.2.1), if the Certificate
complies with these Requirements but lacks Subject Identity
Information that is verified in accordance with either Section
3.2.2.1 <u>or Section 3.2.3</u>.<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal">If the Certificate asserts the policy
identifier of 2.23.140.1.2.1, then it MUST NOT include
organizationName, givenName, surname, streetAddress,
localityName, stateOrProvinceName, or postalCode in the
Subject field. <u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal">{joint‐iso‐itu‐t(2)
international‐organizations(23) ca‐browser‐forum(140)
certificate‐policies(1) baseline‐requirements(2)
organization-validated(2)} (2.23.140.1.2.2), if the
Certificate complies with these Requirements and includes
Subject Identity Information that is verified in accordance
with Section 3.2.2.1.<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal"><u>{joint‐iso‐itu‐t(2)
international‐organizations(23) ca‐browser‐forum(140)
certificate‐policies(1) baseline‐requirements(2)
individual-validated(3)} (2.23.140.1.2.3), if the
Certificate complies with these Requirements and includes
Subject Identity Information that is verified in accordance
with Section 3.2.3.<u></u><u></u></u></p>
<p class="MsoNormal"><u> <u></u><u></u></u></p>
<p class="MsoNormal">If the Certificate asserts the policy
identifier of 2.23.140.1.2.2, then it MUST also include
organizationName, localityName <u>(to the extent such field
is required under Section 7.1.4.2.2)</u>,
stateOrProvinceName <u>(to the extent such field is required
under Section 7.1.4.2.2</u>), and countryName in the Subject
field. <u>If the Certificate asserts the policy identifier of
2.23.140.1.2.3, then it MUST also include (i) either
organizationName or givenName and surname, (ii) localityName
(to the extent such field is required under Section
7.1.4.2.2), (iii) stateOrProvinceName (to the extent
required under Section 7.1.4.2.2), and (iv) countryName in
the Subject field.</u><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p>3)<span> </span>Modify the
definition of “EV OID” in the EV Guidelines as follows:<u></u><u></u></p>
<p><u></u> <u></u></p>
<p class="MsoNormal"><b>EV OID</b>: An identifying number, in
the form of an “object identifier,” that is included in the
certificatePolicies field of a certificate that: (i) indicates
which CA policy statement relates to that certificate, and
(ii) <u>is either the CA/Browser Forum EV policy identifier
or a policy identifier that</u>, by pre-agreement with one
or more Application Software Supplier, marks the certificate
as being an EV Certificate.<u></u><u></u></p>
<p><u></u> <u></u></p>
<p>4)<span> </span>Modify Section
9.3.2 of the EV Guidelines as follows:<u></u><u></u></p>
<p class="MsoNormal">Each EV Certificate issued by the CA to a
Subscriber MUST contain a policy identifier <u>that is either</u>
defined by <u>these Guidelines or </u>the CA in the
certificate’s certificatePolicies extension that: (i)
indicates which CA policy statement relates to that
Certificate, (ii) asserts the CA’s adherence to and compliance
with these Guidelines, and (iii), <u>is either the CA/Browser
Forum’s EV policy identifier or a policy identifier that, </u>by
pre-agreement with the Application Software Supplier, marks
the Certificate as being an EV Certificate.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u>The following Certificate Policy
identifier is the CA/Browser Forum’s EV policy identifier: <u></u><u></u></u></p>
<p class="MsoNormal"><u>{joint‐iso‐itu‐t(2)
international‐organizations(23) ca‐browser‐forum(140)
certificate‐policies(1) ev-guidelines (1) } (2.23.140.1.1),
if the Certificate complies with these Guidelines.<u></u><u></u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">If the ballot passes, the custodian of the
Forum OIDs will be instructed to obtain the new OID for IV as
indicated above.<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal">-- MOTION ENDS –<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal">The review period for this ballot shall
commence at 2200 UTC on Monday, September 14, 2015, and will
close at 2200 UTC on Monday, September 21, 2015. Unless the
motion is withdrawn during the review period, the voting
period will start immediately thereafter and will close at
2200 UTC on Monday, September 28, 2015. Votes must be cast by
posting an on-list reply to this thread.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">A vote in favor of the motion must indicate
a clear 'yes' in the response. A vote against must indicate a
clear 'no' in the response. A vote to abstain must indicate a
clear 'abstain' in the response. Unclear responses will not be
counted. The latest vote received from any representative of a
voting member before the close of the voting period will be
counted. Voting members are listed here: <a href="https://cabforum.org/members/" target="_blank"><span style="color:windowtext"></span></a><a href="https://cabforum.org/members/" target="_blank">https://cabforum.org/members/</a><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
<p class="MsoNormal">In order for the motion to be adopted, two
thirds or more of the votes cast by members in the CA category
and greater than 50% of the votes cast by members in the
browser category must be in favor. Quorum is currently nine
(9) members– at least nine members must participate in the
ballot, either by voting in favor, voting against, or
abstaining.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Dean Coclin<u></u><u></u></p>
<p class="MsoNormal">Chair CA/B Forum<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><span class=""><pre>_______________________________________________
Public mailing list
<a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a></pre>
</span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<br>
<div>
<div>-- <br>
<small><i>
HARICA Public Key Infrastructure<br>
<br>
<b>Dimitris Zacharopoulos</b><br>
PKI Manager<br>
t : +30 2310 998483<br>
f : +30 2310 999100<br>
<a href="http://www.harica.gr" target="_blank"> www.harica.gr</a> </i></small></div>
</div>
</font></span></div>
<br>_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
<br></blockquote></div><br></div>