<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:微软雅黑;
panose-1:2 11 5 3 2 2 4 2 2 4;}
@font-face
{font-family:"\@微软雅黑";
panose-1:2 11 5 3 2 2 4 2 2 4;}
@font-face
{font-family:"\@宋体";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"批注框文本 Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:9.0pt;
font-family:"Times New Roman","serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.Char
{mso-style-name:"批注框文本 Char";
mso-style-priority:99;
mso-style-link:批注框文本;
font-family:宋体;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1853569939;
mso-list-template-ids:1840963872;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="ZH-CN" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Qihoo 360 votes NO.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Best Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Zhengqiang</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:宋体">发件人<span lang="EN-US">:</span></span></b><span lang="EN-US" style="font-size:10.0pt;font-family:宋体"> Public [mailto:public-bounces@cabforum.org]
</span><b><span style="font-size:10.0pt;font-family:宋体">代表 </span></b><span lang="EN-US" style="font-size:10.0pt;font-family:宋体">Wayne Thayer via Public<br>
</span><b><span style="font-size:10.0pt;font-family:宋体">发送时间<span lang="EN-US">:</span></span></b><span lang="EN-US" style="font-size:10.0pt;font-family:宋体"> 2017</span><span style="font-size:10.0pt;font-family:宋体">年<span lang="EN-US">2</span>月<span lang="EN-US">21</span>日<span lang="EN-US">
3:57<br>
</span><b>收件人<span lang="EN-US">:</span></b><span lang="EN-US"> CA/Browser Forum Public Discussion List<br>
</span><b>抄送<span lang="EN-US">:</span></b><span lang="EN-US"> Wayne Thayer<br>
</span><b>主题<span lang="EN-US">:</span></b><span lang="EN-US"> Re: [cabfpub] Ballot 185 (Revised) - Limiting the Lifetime of Certificates<o:p></o:p></span></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">GoDaddy votes No.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Our primary reasons for voting against are:<o:p></o:p></span></p>
<ol style="margin-top:0cm" start="1" type="1">
<li class="MsoNormal" style="mso-list:l0 level1 lfo1"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">There was no attempt to build consensus around this ballot. While we recognize that it takes a concrete proposal to spur action,
we don’t believe the discussion was constructive or that nearly enough time was allowed to find common ground.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">The 6-month deadline in the revised ballot represents consensus on how long CAs should need to implement a change of this sort,
but allowing more time for planning can minimize the impact to all involved. For example:</span><span lang="EN-US">
</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span>
<ul style="margin-top:0cm" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo1"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Giving large companies time to plan and budget for better automation or more resources.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l0 level2 lfo1"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Getting the word out to resellers who also need to notify their customers and make changes to their systems.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l0 level2 lfo1"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Allowing CAs time to work with customers to fulfill or modify prior obligations such as enterprise contracts, retail sales of
new multi-year certificates, or reissuance of multi-year certificates.<o:p></o:p></span></li></ul>
</li></ol>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">We’d like to understand the specific concerns driving the tight timeline and weigh them against the benefits gained from a moderately
later effective date.<o:p></o:p></span></p>
<p class="MsoListParagraph"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Wayne<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif""> Public [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Ryan Sleevi via Public<br>
<b>Sent:</b> Monday, February 13, 2017 12:18 PM<br>
<b>To:</b> CABFPub <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br>
<b>Cc:</b> Ryan Sleevi <<a href="mailto:sleevi@google.com">sleevi@google.com</a>><br>
<b>Subject:</b> [cabfpub] Ballot 185 (Revised) - Limiting the Lifetime of Certificates<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-US">Pursuant to the consensus on <a href="https://cabforum.org/pipermail/public/2017-February/009530.html">https://cabforum.org/pipermail/public/2017-February/009530.html</a> about the nature of changes during the discussion
period, and the request from Gervase on <a href="https://cabforum.org/pipermail/public/2017-February/009618.html">https://cabforum.org/pipermail/public/2017-February/009618.html</a> to adjust what represents the Baseline agreement, this adjusts the effective
date from 1 April to 24 August. While individual programs may choose to enact or enforce requirements prior to that, as the Baseline Requirements capture the effective point of common agreement of the bare minimum security levels, it seems appropriate that
this Ballot accurately reflect that.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Ballot 185 - Limiting the Lifetime of Certificates<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">The following motion has been proposed by Ryan Sleevi of Google, Inc and endorsed by Josh Aas of ISRG and Gervase Markham of Mozilla to introduce new Final Maintenance Guidelines for the "Baseline Requirements Certificate
Policy for the Issuance and Management of Publicly-Trusted Certificates" and the "Guidelines for the Issuance and Management of Extended Validation Certificates"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">-- MOTION BEGINS --<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Modify Section 6.3.2 of the "Baseline Requirements Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates" as follows:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Replace Section 6.3.2, which reads as follows:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">"""<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">6.3.2. Certificate Operational Periods and Key Pair Usage Periods<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Subscriber Certificates issued after the Effective Date MUST have a Validity Period no greater than 60 months. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Except as provided for below, Subscriber Certificates issued after 1 April 2015 MUST have a Validity Period <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">no greater than 39 months. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Until 30 June 2016, CAs MAY continue to issue Subscriber Certificates with a Validity Period greater than 39 <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">months but not greater than 60 months provided that the CA documents that the Certificate is for a system or <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">software that: <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">(a) was in use prior to the Effective Date; <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">(b) is currently in use by either the Applicant or a substantial number of Relying Parties; <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">(c) fails to operate if the Validity Period is shorter than 60 months; <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">(d) does not contain known security risks to Relying Parties; and <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">(e) is difficult to patch or replace without substantial economic outlay<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">"""<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">with the following text:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">"""<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">6.3.2. Certificate Operational Periods and Key Pair Usage Periods<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Subscriber Certificates issued on or after 24 August 2017 MUST NOT have a Validity Period greater than three hundred and ninety-eight (398) days.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Subscriber Certificates issued prior to 24 August 2017 MUST NOT have a Validity Period greater than thirty-nine (39) months.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">"""<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Modify Section 9.4 of the "Guidelines for the Issuance and Management of Extended Validation Certificates" as follows:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Replace Section 9.4, which reads as follows:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">"""<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">9.4. Maximum Validity Period For EV Certificate<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">The validity period for an EV Certificate SHALL NOT exceed twenty seven months. It is RECOMMENDED that EV<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Subscriber Certificates have a maximum validity period of twelve months.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">"""<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">with the following text:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">""""<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">9.4 Maximum Validity Period for EV Certificate<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">EV Certificates issued on or after 24 August 2017 MUST NOT have a Validity Period greater than three hundred and ninety-eight (398) days.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">EV Certificates issued prior to 24 August 2017 MUST NOT have a Validity Period greater than twenty seven (27) months.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">"""<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">-- MOTION ENDS --<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Ballot 185 - Limiting the Lifetime of Certificates<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Status: Final Maintenance Guideline<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Review Period:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Start Time: 2017-02-10 00:00:00 UTC<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">End Time: 2017-02-17 00:00:00 UTC<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Vote for Approval:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Start Time: 2017-02-17 00:00:00 UTC<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">End Time: 2017-02-24 00:00:00 UTC<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Votes must be cast by posting an on-list reply to this thread on the Public Mail List.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">A vote in favor of the ballot must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses
will not be counted. The latest vote received from any representative of a voting Member before the close of the voting period will be counted. Voting Members are listed here:
<a href="https://cabforum.org/members/">https://cabforum.org/members/</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">In order for the ballot to be adopted, two thirds or more of the votes cast by Members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor.<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>