<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
p.Default, li.Default, div.Default
{mso-style-name:Default;
margin:0in;
margin-bottom:.0001pt;
text-autospace:none;
font-size:12.0pt;
font-family:"Arial",sans-serif;
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>I suppose I could put in exactly what the WFA requires for validation. Would including this language be sufficient?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=Default><span style='font-size:10.0pt'>The id-wfa-hotspot-friendlyName MUST contain exactly 1 language code and Friendly Name for an Operator. In the case where a Friendly Name is to be included in more than one human language, there shall be as many id-wfa-hotspot-Name objects as there are human languages included. The payload of the id-wfa-hotspot-friendlyName is the </span><span style='font-size:10.0pt;color:windowtext'>concatenation of the Language Code and Friendly Name. The Language Code is a 3-octet ISO-14962-1997 encoded string field that defines the language used in the Operator Name field. The Language Code field value is a two or three character language code selected from ISO-639 [13]. A two character language code value has 0 (“null” in ISO-14962-1997) appended to make it 3 octets in length. The Friendly Name is a variable length UTF-8 formatted field containing the operator’s name. The maximum length of this field is 252 octets. UTF-8 format is defined in [8]. For example, for two human languages the following Friendly Names would be included as two separate otherName objects in the SubjectAltName: "engWi-Fi Alliance" and "fraWi-Fi Alliance". Prior to including a Friendly Name the CA MUST <o:p></o:p></span></p><p class=Default><span style='font-size:10.0pt;font-family:"Courier New"'>o </span><span style='font-size:10.0pt'>Authenticate the contacts listed in the customer profile </span><span style='font-size:10.0pt;color:windowtext'><o:p></o:p></span></p><p class=Default style='margin-bottom:.55pt'><span style='font-size:10.0pt;font-family:"Courier New"'>o </span><span style='font-size:10.0pt'>Verify the information listed in the certificate application for accuracy and validity for the given organization <o:p></o:p></span></p><p class=Default><span style='font-size:10.0pt;font-family:"Courier New"'>o </span><span style='font-size:10.0pt'>Conduct a trademark search of the Friendly Name in the U.S. Patent and Trademark Office and equivalent international trademark office such as the WIPO ROMARIN. <o:p></o:p></span></p><p class=Default><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><a name="_MailEndCompose"><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>This eliminates any reliance on the WFA specification.<o:p></o:p></span></a></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></span></p><span style='mso-bookmark:_MailEndCompose'></span><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Public [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Jeremy Rowley via Public<br><b>Sent:</b> Tuesday, January 3, 2017 2:08 PM<br><b>To:</b> Ryan Sleevi <sleevi@google.com><br><b>Cc:</b> Jeremy Rowley <jeremy.rowley@digicert.com>; CA/Browser Forum Public Discussion List <public@cabforum.org><br><b>Subject:</b> Re: [cabfpub] Proposed Ballot 183 - Allowing 822 Names and (limited) otherNames<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Agreed, but this line of reasoning always leads to simply not supporting third party projects because the projects may cause issues with the CAB Forum update. IMO, if a group wants to use publicly trusted certs, then that group inherits all the baggage that goes with it. We really control all the cards on this one as the interoperability is one-way. What would you propose to make sure we can update requirements in the future? A statement like “CAB Forum can do whatever it wants without notice” is superfluous as this is already the case.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Jeremy<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Ryan Sleevi [<a href="mailto:sleevi@google.com">mailto:sleevi@google.com</a>] <br><b>Sent:</b> Tuesday, January 3, 2017 1:54 PM<br><b>To:</b> Jeremy Rowley <<a href="mailto:jeremy.rowley@digicert.com">jeremy.rowley@digicert.com</a>><br><b>Cc:</b> CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org">public@cabforum.org</a>>; Peter Bowen <<a href="mailto:pzb@amzn.com">pzb@amzn.com</a>><br><b>Subject:</b> Re: [cabfpub] Proposed Ballot 183 - Allowing 822 Names and (limited) otherNames<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On Tue, Jan 3, 2017 at 12:46 PM, Jeremy Rowley <<a href="mailto:jeremy.rowley@digicert.com" target="_blank">jeremy.rowley@digicert.com</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>There is a public file (in the link I provided), but it requires filling out information to access. It’s the HotSpot 2.0 Technical documentation, which includes the Certificate Policy (“Hostspot 2-0 (R2) OSU Certificate Policy Specification”). The documentation is already free to anyone who wants to enter information and agree to the terms of use. </span><o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Ah, the many meanings of free ;) I suppose it wasn't clear that I was talking more about freedom than beer there :)<o:p></o:p></p></div><div><p class=MsoNormal> <span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> </span><o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>We essentially already have a liaison member from the WFA (DigiCert, Microsoft, Apple, and Google are all members).</span><o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I wouldn't put Google in that list - none of Google's CA/B Forum participants participate in HotSpot 2.0 nor communicate developments on either side of that profile to the other party. I would suggest, to date, only DigiCert does, and only to the extent you've shared anything to the Forum.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Obviously, the context was that we shouldn't be introducing this to the Web PKI unless we're sure we're not going to repeat all the same mistakes we're currently going through the SHA-1 exception process - or at least trying to learn from them. It would be foolish to ignore the feedback we've received from those affected by SHA-1 when considering expanding that scope. <o:p></o:p></p></div></div></div></div></div></body></html>