<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Bonjour, Erwann, please see below..<br>
</p>
<div class="moz-cite-prefix">On 8/30/2016 12:54 PM, Erwann Abalea
wrote:<br>
</div>
<blockquote
cite="mid:25728FCF-6293-4CA3-AE4E-632A0854D35C@docusign.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div class="">Bonjour,</div>
<div class=""><br class="">
</div>
<div class="">My reading is that 319412-1 lists the different
certificate profiles and defines semantic identifiers to be used
for natural (in serialNumber) and legal (in
organizationIdentifier) persons in other 319412-x profiles when
necessary; 319412-2 and -3 are <b class="">NOT</b> suited to
website certificates, 319412-4 is the one to use for websites,
319412-5 specifies requirements for the QCStatements extension.</div>
</blockquote>
<br>
319412-2: 1 Scope - The present document specifies requirements on
the content of certificates issued to natural persons. This profile
builds on IETF RFC 5280 [1] for generic profiling of Recommendation
ITU-T X.509 | ISO/IEC 9594-8 [i.3]. This profile supports the
requirements of EU Qualified Certificates as specified in the
Regulation (EU) No 910/2014 [i.5] ***as well as other forms of
certificate***. The scope of the present document is primary limited
to facilitate interoperable processing and display of certificate
information. <br>
<br>
319412-3: 1 Scope - The present document specifies a certificate
profile for certificates issued to legal persons. The profile
defined in the present document builds on requirements defined in
ETSI EN 319 412-2 [2]. The present document supports the
requirements of EU qualified certificates as specified in the
Regulation (EU) No 910/2014 [i.3] ***as well as other forms of
certificate***.<br>
<br>
<blockquote
cite="mid:25728FCF-6293-4CA3-AE4E-632A0854D35C@docusign.com"
type="cite">
<div class=""><br class="">
</div>
<div class="">319412-4 basically says « follow CABF BR for website
certificates issued to legal or natural persons, or CABF EVG for
website certificates issued to legal persons, and if the
certificate is Qualified, add the QCStatements extension as
described in 319412-5 » (you can also add the QCStatements
extension in a non Qualified certificate).</div>
</blockquote>
<br>
Indeed.<br>
<br>
<blockquote
cite="mid:25728FCF-6293-4CA3-AE4E-632A0854D35C@docusign.com"
type="cite"><br>
<div class="">BR in section 7.1.4.2.2 lists the attributes found
in the subject name, and its item (i) allows for other
attributes. So you can add a serialNumber or
organizationIdentifier attribute, it’s BR-compliant. Ballot 175
(if/when adopted) will clarify the givenName/surName presence,
which should be fine.</div>
</blockquote>
Right, but the BR/EVG vs ETSI (id-etsi-qcs-SemanticsId triggered)
serial number have different syntax (and possible values). Do we
know any browsers supporting this today?<br>
<br>
At the end we have two certs issued to the same Subject by the same
CA with different (serial number) notations and most probably
different values. How about harmonizing this?<br>
<br>
Thanks,<br>
M.D.<br>
<br>
<blockquote
cite="mid:25728FCF-6293-4CA3-AE4E-632A0854D35C@docusign.com"
type="cite">
<div class=""><br class="">
</div>
<div class="">EVG in section 9.2 does the same for EV
certificates, and section 9.2.8 also allows other attributes to
be filled in. You’re then allowed to add the
organizationIdentifier attribute, in addition to the already
present serialNumber. See them as duplicate information
(organizationIdentifier contains jurisdiction*Name and
serialNumber altogether, in a sense).</div>
<div class=""><br class="">
</div>
<div class="">BR in section 7.1.2 sets requirements on certificate
extensions, and section 7.1.2.4 allows for other extensions to
be added. So the QCStatements extension can be added if you
want, considering that you (as a CA) are « aware of a reason for
including the data in the Certificate », and that this extension
will not « mislead a Relying Party about the Certificate
information verified by the CA ».</div>
<div class=""><br class="">
</div>
<br class="">
<div class="">
<div class="">Cordialement,</div>
<div class="">Erwann Abalea</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">Le 30 août 2016 à 02:30, Moudrick M. Dadashov
<<a moz-do-not-send="true" href="mailto:md@ssc.lt"
class="">md@ssc.lt</a>> a écrit :</div>
<br class="Apple-interchange-newline">
<div class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
<p class="">Right, the question is whether the Subject
field value, presented in accordance with
id-etsi-qcs-SemanticsId, remains BR/EVG compliant.</p>
Thanks,<br class="">
M.D.<br class="">
<br class="">
<div class="moz-cite-prefix">On 8/29/2016 10:10 PM, Erwann
Abalea wrote:<br class="">
</div>
<blockquote
cite="mid:CA+i=0E4aC1PPvPz3TKqXFbs7H5dKJbvC1hjDShHc1pKdW+1KWg@mail.gmail.com"
type="cite" class="">
<div dir="ltr" class="">(sent from home, this will not
go to public, unless you forward it)
<div class=""><br class="">
</div>
<div class="">It depends.</div>
<div class=""><br class="">
</div>
<div class="">If the QCStatement extension declares
the id-etsi-qcs-SemanticsId-Natural semantics
identifier, then yes, the serialNumber will contain
the passport number, IDcard number, or other
(there's a list in EN 319412-1). The data contained
in this attribute is structured. For example, for
me, this serialNumber will be "PASFR-07CL42154" if I
present my french passport. This information is not
sensitive.<br class="">
<div class="gmail_extra"><br class="">
</div>
<div class="gmail_extra">If there's no semantics
identifier declared in the QCStatements extension,
or if this extension is missing, the serialNumber
is local to the CA. And of course, a relying party
would have to ask the CA to point to the right
"Robert Smith" individual.</div>
<div class="gmail_extra"><br class="">
</div>
<div class="gmail_extra">That doesn't fit well with
web server certificates... Even if the
serialNumber contains a global identifier (such as
passport), the probability that as a user I can
compare the passport number found in the
certificate to the real passport number of Robert
Smith is hardly higher than zero.</div>
<div class="gmail_extra"><br class="">
<div class="gmail_quote">2016-08-29 20:36
GMT+02:00 Kirk Hall <span dir="ltr" class="">
<<a moz-do-not-send="true"
href="mailto:Kirk.Hall@entrust.com"
target="_blank" class="">Kirk.Hall@entrust.com</a>></span>:<br
class="">
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div link="blue" vlink="purple" class=""
lang="EN-US">
<div class="">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">Erwann, you mention the
serialNumber attribute for a natural
person – I assume this is not a Social
Security number or other sensitive
information?
</span></p>
<div class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><br
class="webkit-block-placeholder">
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">But if each CA assigns its
own serialNumber for the same (or
different) “Robert Smith,” I don’t see
how a user can figure out which Robert
Smith it is dealing with…</span></p>
<div class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><br
class="webkit-block-placeholder">
</div>
<div class="">
<div style="border:none;border-top:solid
#e1e1e1 1.0pt;padding:3.0pt 0in 0in
0in" class="">
<p class="MsoNormal"><b class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">
<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org"
target="_blank" class="">
public-bounces@cabforum.org</a>
[mailto:<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org" target="_blank" class="">public-bounces@<wbr
class="">cabforum.org</a>]
<b class="">On Behalf Of </b>Erwann
Abalea<br class="">
<b class="">Sent:</b> Friday,
August 26, 2016 1:47 AM<br
class="">
<b class="">To:</b> Moudrick M.
Dadashov <<a
moz-do-not-send="true"
href="mailto:md@ssc.lt"
target="_blank" class="">md@ssc.lt</a>><br
class="">
<b class="">Cc:</b> <a
moz-do-not-send="true"
href="mailto:public@cabforum.org"
target="_blank" class="">
public@cabforum.org</a><br
class="">
<b class="">Subject:</b> Re:
[cabfpub] givenName and surname
revived</span></p>
</div>
</div>
<div class=""> <br
class="webkit-block-placeholder">
</div>
<div class="">
<p class="MsoNormal">That’s easily done
for a certificate issued to a legal
person if you really need it:</p>
</div>
<div class="">
<p class="MsoNormal"> - EN 319412-4 asks
you to follow CABF BR or EVG, which
don’t prevent you from adding other
attributes or extensions</p>
</div>
<div class="">
<p class="MsoNormal"> - add the
organizationIdentifier attribute
formatted as described in EN 319412-1
section 5.1.4</p>
</div>
<div class="">
<p class="MsoNormal"> - add a
QCStatements extension containing the
qcStatement-2 QC-STATEMENT (as defined
in RFC3739), and populate the
semanticsIdentifier element with the
id-etsi-qcs-SemanticsId-Legal OID</p>
</div>
<div class="">
<div class=""> <br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal">Same goes for a
certificate issued to a natural
person, just use the serialNumber
attribute instead of the
organizationIdentifier, fill it
according to EN 319412-1 section
5.1.3, use id-etsi-qcs-SemanticsId-<wbr
class="">Natural OID as the
semantics identifier.</p>
</div>
<div class="">
<div class=""> <br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal">Of course, you’re
not REQUIRED to produce eIDAS
compliant certificates.</p>
</div>
<div class=""> <br
class="webkit-block-placeholder">
</div>
<div class="">
<div class="">
<p class="MsoNormal">Cordialement,</p>
</div>
<div class="">
<p class="MsoNormal">Erwann Abalea</p>
</div>
</div>
<div class=""> <br
class="webkit-block-placeholder">
</div>
<div class="">
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt"
class="">
<div class="">
<p class="MsoNormal">Le 24 août 2016
à 15:05, Moudrick M. Dadashov <<a
moz-do-not-send="true"
href="mailto:md@ssc.lt"
target="_blank" class="">md@ssc.lt</a>>
a écrit :</p>
</div>
<div class=""> <br
class="webkit-block-placeholder">
</div>
<div class="">
<p class="MsoNormal"
style="background:white;text-align:start;word-spacing:0px"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"
class="">eIDAS Article 3 (38):</span></p>
<p class="MsoNormal"
style="background:white;text-align:start;word-spacing:0px"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"
class="">‘certificate for
website authentication’ means an
attestation that makes it
possible to authenticate a
website and links the website to
the natural or legal person to
whom the certificate is issued;</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif;background:white"
class="">Thanks,</span><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"
class=""><br class="">
<span style="background:white"
class="">M.D.</span><br
style="text-align:start;word-spacing:0px"
class="">
<br class="">
</span></p>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"
class="">On 8/24/2016 1:08 PM,
Adriano Santoni wrote:</span></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt;text-align:start;word-spacing:0px"
class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:9.0pt;font-family:"Calibri",sans-serif"
class="">But givenName and
surname are not sufficient to
specify an identity. How many
Robert Smiths exist in
UK/US/CA ? (or Mario Rossi in
Italy, as to that).</span><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"
class=""></span></p>
<p class="MsoNormal"
style="background:white"><span
style="font-size:9.0pt;font-family:"Calibri",sans-serif"
class="">If I would like to
know who's behind a web site
whose SSL cert contains
giveName=John, surname=Doe, I
am none the wiser.</span><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"
class=""></span></p>
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"
class="">Il 23/08/2016
20:02, Bruce Morton ha
scritto:</span></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt"
class="">
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">OK, thanks.</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">Bruce.</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<div
style="border:none;border-top:solid
#e1e1e1 1.0pt;padding:3.0pt
0in 0in 0in" class="">
<div class="">
<p class="MsoNormal"
style="background:white"><b
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">From:</span></b><span
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span></span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Jeremy Rowley
[<a
moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com" target="_blank" class=""><span
style="color:#954f72" class="">mailto:jeremy.rowley@<wbr class="">digicert.com</span></a>]<span
class=""> </span><br
class="">
<b class="">Sent:</b><span
class=""> </span>Monday,
August 22, 2016 6:16
PM<br class="">
<b class="">To:</b><span
class=""> </span>Bruce
Morton<span class=""> </span><a
moz-do-not-send="true" href="mailto:Bruce.Morton@entrust.com"
target="_blank"
class=""><span
style="color:#954f72"
class=""><Bruce.Morton@entrust.<wbr
class="">com></span></a>;<span
class=""> </span><a
moz-do-not-send="true" href="mailto:public@cabforum.org" target="_blank"
class=""><span
style="color:#954f72"
class="">public@cabforum.org</span></a><br
class="">
<b class="">Subject:</b><span
class=""> </span>RE:
givenName and surname
revived</span></p>
</div>
</div>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">What do you mean
by definition? I consider
IV v. OV well defined
because of the meaning
associated with the OID
inserted into the cert.
Section 7.1.6.1 states “<span
class=""> </span>{joint‐iso‐itu‐t(2)
international‐organizations(<wbr class="">23) ca‐browser‐forum(140)
certificate‐policies(1)
baseline‐requirements(2)
individual‐validated(3)}
(2.23.140.1.2.3), if the
Certificate complies with
these Requirements and
includes Subject Identity
Information that is
verified in accordance
with Section 3.2.3.”
Section 3.2.3 is
verification of an
individual whereas Section
3.2.2 is verification of
an organization. </span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Jeremy</span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><a
moz-do-not-send="true"
name="m_-5588693150224251403__MailEndCompose"
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span></a><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div
style="border:none;border-top:solid
#e1e1e1 1.0pt;padding:3.0pt
0in 0in 0in" class="">
<div class="">
<p class="MsoNormal"
style="background:white"><b
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">From:</span></b><span
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span></span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Bruce Morton
[<a
moz-do-not-send="true"
href="mailto:Bruce.Morton@entrust.com" target="_blank" class=""><span
style="color:#954f72"
class="">mailto:Bruce.Morton@entrust.<wbr
class="">com</span></a>]<span
class=""> </span><br
class="">
<b class="">Sent:</b><span
class=""> </span>Monday,
August 22, 2016 6:11
AM<br class="">
<b class="">To:</b><span
class=""> </span>Jeremy
Rowley <<a
moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com" target="_blank" class=""><span
style="color:#954f72" class="">jeremy.rowley@digicert.com</span></a>>;<span
class=""> </span><a
moz-do-not-send="true" href="mailto:public@cabforum.org" target="_blank"
class=""><span
style="color:#954f72"
class=""><wbr
class="">public@cabforum.org</span></a><br
class="">
<b class="">Subject:</b><span
class=""> </span>RE:
givenName and surname
revived</span></p>
</div>
</div>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">Hi Jeremy,</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">My apologies, but
can you clarify the
section where IV certs are
well defined? I see that
“individual-validated” is
stated twice in sections
1.2 and 7.1.6.1 (the same
for domain-validated and
organization-validated),
but I can’t find the
definition.</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">Thanks, Bruce.</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<div
style="border:none;border-top:solid
#e1e1e1 1.0pt;padding:3.0pt
0in 0in 0in" class="">
<div class="">
<p class="MsoNormal"
style="background:white"><b
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">From:</span></b><span
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span></span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Jeremy Rowley
[<a
moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com" target="_blank" class=""><span
style="color:#954f72" class="">mailto:jeremy.rowley@<wbr class="">digicert.com</span></a>]<span
class=""> </span><br
class="">
<b class="">Sent:</b><span
class=""> </span>Saturday,
August 20, 2016 10:41
AM<br class="">
<b class="">To:</b><span
class=""> </span>Bruce
Morton <<a
moz-do-not-send="true"
href="mailto:Bruce.Morton@entrust.com" target="_blank" class=""><span
style="color:#954f72"
class="">Bruce.Morton@entrust.com</span></a>>;<span
class=""> </span><a
moz-do-not-send="true" href="mailto:public@cabforum.org" target="_blank"
class=""><span
style="color:#954f72"
class="">pu<wbr
class="">blic@cabforum.org</span></a><br
class="">
<b class="">Subject:</b><span
class=""> </span>RE:
givenName and surname
revived</span></p>
</div>
</div>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Hey Bruce – IV
certs are well defined.
The goal of the ballot
isn’t to further define IV
certs but to permit use of
the givenName and surname
fields for IV certs.
giveName and surname in
the org field would be
allowed. They’d still use
the IV OIDs as they were
validated under the IV
section of the CP.</span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<div
style="border:none;border-top:solid
#e1e1e1 1.0pt;padding:3.0pt
0in 0in 0in" class="">
<div class="">
<p class="MsoNormal"
style="background:white"><b
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">From:</span></b><span
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span></span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Bruce Morton
[<a
moz-do-not-send="true"
href="mailto:Bruce.Morton@entrust.com" target="_blank" class=""><span
style="color:#954f72"
class="">mailto:Bruce.Morton@entrust.<wbr
class="">com</span></a>]<span
class=""> </span><br
class="">
<b class="">Sent:</b><span
class=""> </span>Friday,
August 19, 2016 6:41
AM<br class="">
<b class="">To:</b><span
class=""> </span>Jeremy
Rowley <<a
moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com" target="_blank" class=""><span
style="color:#954f72" class="">jeremy.rowley@digicert.com</span></a>>;<span
class=""> </span><a
moz-do-not-send="true" href="mailto:public@cabforum.org" target="_blank"
class=""><span
style="color:#954f72"
class=""><wbr
class="">public@cabforum.org</span></a><br
class="">
<b class="">Subject:</b><span
class=""> </span>RE:
givenName and surname
revived</span></p>
</div>
</div>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">Hi Jeremy,</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">Would like some
clarification. On the call
yesterday, it was said
that IV certificates were
not defined, so this
ballot will help resolve
this.</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">Per 7.1.4.2.2 b,
the current BRs allow
givenName and surname to
be included in the
organizationName field.
Will this still be
allowed? If so, what would
the certificate type be?
OV or IV? I would prefer
that these be OV
certificates.</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">If we do make the
changes and the CAs have
to meet Microsoft’s
requirement to put a DV,
OV, or IV certificate
policy in the certificate,
I think we should clearly
define each certificate
type.</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">Also, the
stateOrProvinceName field
appears to currently have
an issue as it does not
have any language to
address the case where
there is no state or
province in the address.</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class="">Thanks, Bruce.</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"
class=""> </span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<div
style="border:none;border-top:solid
#e1e1e1 1.0pt;padding:3.0pt
0in 0in 0in" class="">
<div class="">
<p class="MsoNormal"
style="background:white"><b
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">From:</span></b><span
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span></span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""><a
moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org" target="_blank" class=""><span
style="color:#954f72" class="">public-bounces@cabforum.<wbr class="">org</span></a><span
class=""> </span>[<a
moz-do-not-send="true" href="mailto:public-bounces@cabforum.org"
target="_blank"
class=""><span
style="color:#954f72"
class="">mailto:public-bounces@<wbr
class="">cabforum.org</span></a>]<span
class=""> </span><b
class="">On Behalf
Of<span class=""> </span></b>Jeremy
Rowley<br class="">
<b class="">Sent:</b><span
class=""> </span>Thursday,
August 18, 2016 12:09
PM<br class="">
<b class="">To:</b><span
class=""> </span><a
moz-do-not-send="true" href="mailto:public@cabforum.org" target="_blank"
class=""><span
style="color:#954f72"
class="">public@cabforum.org</span></a><br
class="">
<b class="">Subject:</b><span
class=""> </span>[cabfpub]
givenName and surname
revived</span></p>
</div>
</div>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Looking for two
endorsers for the
following revisions the
baseline requirements
adding support for
givenName and surname:</span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Insert a new (C)
under 7.1.4.2.2,
renumbering all subsequent
bullets.<span class=""> </span></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><u
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">c.<span
class=""> </span><b
class="">Certificate
Field</b>:
subject:givenName
(2.5.4.42) and
subject:surname
(2.5.4.4)</span></u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><b
class=""><u class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Optional.<span
class=""> </span></span></u></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""></span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><b
class=""><u class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Contents: </span></u></b><u
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">If present, the
subject:givenName field
and subject:surname
field MUST contain an
natural person Subject’s
name as verified under
Section 3.2.3. A
Certificate containing a
subject:givenName field
or subject:surname field
MUST contain the
(2.23.140.1.2.3)
Certificate Policy OID</span></u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">.</span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><u
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">d.</span></u><span
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span></span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Certificate
Field: Number and street:
subject:streetAddress
(OID: 2.5.4.9)<span
class=""> </span></span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> Optional if
the
subject:organizationName
field<u class="">,
subject: givenName
field, or
subject:surname field
are</u><s class="">is</s><span
class=""> </span>present.
Prohibited if the
subject:organizationName
field<u class="">,
subject:givenName, and
subject:surname field
are</u><span class=""><s
class=""> </s></span><s
class="">is</s><span
class=""> </span>absent.</span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> Contents: If
present, the
subject:streetAddress
field MUST contain the
Subject’s street address
information as verified
under Section 3.2.2.1.<span
class=""> </span></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><u
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">e</span></u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">. Certificate
Field:
subject:localityName (OID:
2.5.4.7)<span class=""> </span></span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Required if the
subject:organizationName
field,<span class=""> </span><u
class="">subject:givenName
field, or
subject:surname field
are</u><span class=""> </span><s
class="">is</s>present
and the
subject:stateOrProvinceName
field is absent. Optional
if the<u class="">subject:stateOrProvinceName
field and the
subject:organizationName
field, subject:givenName
field, or
subject:surname </u>field
are present. Prohibited if
the
subject:organizationName
field,<span class=""> </span><u
class="">subject:givenName,
and subject:surname
field are<span class=""> </span></u><s
class="">is</s><span
class=""> </span>absent.<span
class=""> </span></span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Contents: If
present, the
subject:localityName field
MUST contain the Subject’s
locality information as
verified under Section
3.2.2.1. If the
subject:countryName field
specifies the ISO 3166‐1
user‐assigned code of XX
in accordance with Section
7.1.4.2.2(g), the
localityName field MAY
contain the Subject’s
locality and/or state or
province information as
verified under Section
3.2.2.1.<span class=""> </span></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><u
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">f</span></u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">. Certificate
Field:
subject:stateOrProvinceName
(OID: 2.5.4.8)<span
class=""> </span></span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Required if the
subject:organizationName
field field,<span class=""> </span><u
class="">subject:givenName
field, or
subject:surname field
are</u><span class=""> </span><s
class="">is<span
class=""> </span></s>present
and<span class=""> </span><u
class="">the<span
class=""> </span></u>subject:localityName
field is absent. Optional
if the<span class=""> </span><u
class="">subject:localityName
field and the
subject:organizationName
field, the
subject:givenName field,
or subject:surname field</u><span
class=""> </span>are
present. Prohibited if the
subject:organizationName
field,<span class=""> </span><u
class="">subject:givenName
field , or
subject:surname field<span
class=""> </span></u>are<span
class=""><s class=""> </s></span><s
class="">is</s>absent.
Contents: If present, the
subject:stateOrProvinceName field MUST contain the Subject’s state or
province information as
verified under Section
3.2.2.1. If the
subject:countryName field
specifies the ISO 3166‐1
user‐assigned code of XX
in accordance with Section
7.1.4.2.2(g), the
subject:stateOrProvinceName
field MAY contain the full
name of the Subject’s
country information as
verified under Section
3.2.2.1.</span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><u
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">g</span></u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">. Certificate
Field: subject:postalCode
(OID: 2.5.4.17)</span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Optional if the
subject:organizationName,<span
class=""> </span><u
class="">subj<wbr
class="">ect:givenName
field, or
subject:surname</u><span
class=""> </span>fields<span
class=""> </span><u
class="">are</u><span
class=""> </span><s
class="">is</s>p<wbr
class="">resent.
Prohibited if the
subject:organizationName
field,<span class=""> </span><u
class="">subject:givenName
field, or
subject:surname field
are<span class=""> </span></u><s
class="">is</s><span
class=""> </span>absent.<span
class=""> </span></span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Contents: If
present, the
subject:postalCode field
MUST contain the Subject’s
zip or postal information
as verified under Section
3.2.2.1.<span class=""> </span></span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><u
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">h</span></u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">. Certificate
Field: subject:countryName
(OID: 2.5.4.6)<span
class=""> </span></span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Required if the
subject:organizationName
field,<span class=""> </span><u
class="">subject:givenName
, or subject:surname
field</u><span class=""> </span>is
present. Optional if the
subject:organizationName
field,<span class=""> </span><u
class="">subject:givenName
field</u>, and <u
class="">subject:surname
field are</u><span
class=""> </span><s
class="">is</s>absent.<span
class=""> </span></span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Contents: If the
subject:organizationName
field is present, the
subject:countryName MUST
contain the two‐letter ISO
3166‐1 country code
associated with the
location of the Subject
verified under Section
3.2.2.1. If the
subject:organizationName,<span
class=""> </span><u
class="">subj<wbr
class="">ect:givenName
field, and
subject:surname</u><span
class=""> </span> field<span
class=""> </span><u
class="">are</u><span
class=""> </span><s
class=""> is<span
class=""><wbr class=""> </span></s>absent,
the subject:countryName
field MAY contain the
two‐letter ISO 3166‐1
country code associated
with the Subject as
verified in accordance
with Section 3.2.2.3. If a
Country is not represented
by an official ISO 3166‐1
country code, the CA MAY
specify the ISO 3166‐1
user‐assigned code of XX
indicating that an
official ISO 3166‐1
alpha‐2 code has not been
assigned.</span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><u
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">i</span></u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">. Certificate
Field:
subject:organizationalUnitName<span
class=""><wbr class=""> </span></span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Optional.<span
class=""> </span></span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><u
class=""><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">Contents:<span
class=""> </span></span></u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">The CA SHALL
implement a process that
prevents an OU attribute
from including a name,
DBA, tradename, trademark,
address, location, or
other text that refers to
a specific natural person
or Legal Entity unless the
CA has verified this
information in accordance
with Section 3.2 and the
Certificate also contains
subject:organizationName,<span
class=""> </span><u
class="">subj<wbr
class="">ect:givenName,
subject:surname,<span
class=""> </span></u>subject:<wbr
class="">localityName,
and subject:countryName
attributes, also verified
in accordance with Section
3.2.2.1.</span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">7.1.6.1</span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">…</span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">If the
Certificate asserts the
policy identifier of
2.23.140.1.2.1, then it
MUST NOT include
organizationName,<span
class=""> </span><u
class="">givenName,
surname,</u><span
class=""> </span>streetAddress,
localityName,
stateOrProvinceName, or
postalCode in the Subject
field.</span></p>
</div>
<div class="">
<p class="MsoNormal"
style="background:white"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class="">…</span></p>
</div>
<div class="">
<div style="background-color:
white; background-position:
initial initial;
background-repeat: initial
initial;" class="">
<span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
class=""> </span><br
class="webkit-block-placeholder">
</div>
</div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"
class=""><br class="">
<br class="">
<br class="">
</span></p>
<pre style="background:white" class="">______________________________<wbr class="">_________________</pre>
<pre style="background:white" class="">Public mailing list</pre>
<pre style="background:white" class=""><a moz-do-not-send="true" href="mailto:Public@cabforum.org" target="_blank" class=""><span style="color:#954f72" class="">Public@cabforum.org</span></a></pre>
<pre style="background:white" class=""><a moz-do-not-send="true" href="https://cabforum.org/mailman/listinfo/public" target="_blank" class=""><span style="color:#954f72" class="">https://cabforum.org/mailman/<wbr class="">listinfo/public</span></a></pre>
</blockquote>
<div style="background-color: white; background-position: initial initial; background-repeat: initial initial;" class="">
<span style="font-size:9.0pt;font-family:"Helvetica",sans-serif" class=""> </span>
</div>
<div class="">
<p class="MsoNormal" style="background:white"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif" class="">--<span class=""> </span></span></p>
<p class="MsoNormal" style="background:white"><span style="font-size:9.0pt" class="">Cordiali saluti, Adriano Santoni ACTALIS S.p.A. (Aruba Group)</span></p>
</div>
<div style="background-color: white; background-position: initial initial; background-repeat: initial initial;" class="">
<span style="font-size:9.0pt;font-family:"Helvetica",sans-serif" class=""></span>
</div>
<pre style="background:white" class="">______________________________<wbr class="">_________________</pre>
<pre style="background:white" class="">Public mailing list</pre>
<pre style="background:white" class=""><a moz-do-not-send="true" href="mailto:Public@cabforum.org" target="_blank" class=""><span style="color:#954f72" class="">Public@cabforum.org</span></a></pre>
<pre style="background:white" class=""><a moz-do-not-send="true" href="https://cabforum.org/mailman/listinfo/public" target="_blank" class=""><span style="color:#954f72" class="">https://cabforum.org/mailman/<wbr class="">listinfo/public</span></a></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif" class=""><span style="background:white" class="">______________________________<wbr class="">_________________</span>
<span style="background:white" class="">Public mailing list</span> </span><a moz-do-not-send="true" href="mailto:Public@cabforum.org" target="_blank" class=""><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#954f72;background:white" class="">Public@cabforum.org</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif" class="">
</span><a moz-do-not-send="true" href="https://cabforum.org/mailman/listinfo/public" target="_blank" class=""><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#954f72;background:white" class="">https://cabforum.org/mailman/<wbr class="">listinfo/public</span></a></p>
</div>
</blockquote>
</div>
<div class="">
</div>
</div>
</div>
______________________________<wbr class="">_________________ Public mailing list
<a moz-do-not-send="true" href="mailto:Public@cabforum.org" class="">Public@cabforum.org</a>
<a moz-do-not-send="true" href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank" class="">
https://cabforum.org/mailman/<wbr class="">listinfo/public</a> </blockquote>
</div>
--
<div class="gmail_signature" data-smartmail="gmail_signature">Erwann.</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
</div>
</blockquote>
</body></html>