<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle18
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:789475558;
mso-list-template-ids:-618905766;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.25in;
mso-level-number-position:left;
margin-left:.25in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:.75in;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.25in;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.75in;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.25in;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.75in;
mso-level-number-position:left;
margin-left:2.75in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.25in;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.75in;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.25in;
mso-level-number-position:left;
margin-left:4.25in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Symantec supports short certificate validity periods. We already offer customers the ability to issue certificates
with validity less than 13 months. Customers use this option as best practice for high traffic and high value properties. <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">The May 1 effective date, and the August amended date proposed in the ballot do not allow customers and
partners to transition to the new standards without material business impact and hardship. To enforce the new validity requirement:<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">CAs need to update multiple applications/portals that issue certificates and this needs to be planned on their roadmap concurrent with CT and CAA deployments<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Partners need to change their certificate marketing and fulfillment applications and API integration with CAs<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Customers operating two and three year certificates need to change their internal policies, educate internal stakeholders and potentially hire IT staff to
handle double or triple annual certificate workload<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Customers need to update any automation software that assists in procuring and deploying certificates; existing automated processes used to secure mission
critical servers must be subject to adequate regression testing and signoff<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Automation often takes several months to fully deploy if not more than a year<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Complex ecosystems where certificates are distributed across thousands of devices cannot be frequently updated without serious business disruption<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Today customers can renew certificates up to 90 days in advance to ensure business continuity; with 12 month validity customers may end up renewing every
9 months<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">The 90 day advance practice allows for: difficult to validate jurisdictions or situations, pre-production testing, change control advance notice SLAs, and
reduced IT staffing<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Replacing existing multi-year validity certificates should be grandfathered with a transparent technical method to mark them compliant when replaced. Otherwise
existing 2 and 3 year validity certificates cannot be replaced without potentially losing prepaid remaining validity at the time of replacement causing confusion, support calls, and pro-rated refunds<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Customers need to revisit their commercial contracts where they have prepaid for multi-year certificates and not yet received the product; this remains a
common method of transacting in some markets and channels<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Non browser based applications/appliances that use TLS certificates need to plan for more frequent certificate deployments<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Substantive change to IT business practice needs to be communicated to enterprises before typical Q4 budget planning for the upcoming year<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Symantec is open to proposals of 27 month validity for certificates provided that implementation timeline
allows an orderly transition to the new requirements effective February 1, 2018 or later. Our impact analysis targets late November 2017 and therefore moves after annual IT holiday freeze.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Symantec votes “NO”.</span><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#1F497D"><o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Public [mailto:public-bounces@cabforum.org]
<b>On Behalf Of </b>Ryan Sleevi via Public<br>
<b>Sent:</b> Monday, February 13, 2017 2:18 PM<br>
<b>To:</b> CABFPub <public@cabforum.org><br>
<b>Cc:</b> Ryan Sleevi <sleevi@google.com><br>
<b>Subject:</b> [cabfpub] Ballot 185 (Revised) - Limiting the Lifetime of Certificates<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">Pursuant to the consensus on <a href="https://clicktime.symantec.com/a/1/IDZTzBh9Jkzw-m-d-dSbRk1fwPuh4nIQPo8XSu6uUlk=?d=mCg4ahac7KIM9NNjlpjC4QhaKtSD8VUjo7oJlxsmafhWo9Fzv0AtpL9mKatOU0wLchvhgFIryRoRJ_tIqFt2qOCeTLzYX_TXK5qqcvGgBb6KDX6gAQB5zB8iD2qlxVId62GfuY84DnnEQhZ7V4IBuXNj6wEHRkyVtw9lrVoOtNKsh3fTOsBTO-1yiZ6pF92QgWZ4MiESulULIb1yuBSTmYbDGtZZFNJDTmo715ZogHP-2FEOTEo6PPoN2eWmuNC7egt_khRdf3UbUjIQPEZKheUDnzE41LRt0DwcUJ5znPZUAV7xJZwVEQX4dLtW9FdPA6IMAK5rnZGKjBs7j5LCCb5sHHJx37MhcaV61z217UkDXq9t2M5GTPdK6A52OQn9YJkzZBGZwYs5XwHJLoM7rN81tmPLMfjfAO5ySzINlaeyso5ELOeH8OBi5Fh7XNaoIuoEJprVSg%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fpipermail%2Fpublic%2F2017-February%2F009530.html">https://cabforum.org/pipermail/public/2017-February/009530.html</a>
about the nature of changes during the discussion period, and the request from Gervase on <a href="https://clicktime.symantec.com/a/1/9rqqU-PBgPCRihbl8M_SLx1ZPt96936DPTs8odxlIhM=?d=mCg4ahac7KIM9NNjlpjC4QhaKtSD8VUjo7oJlxsmafhWo9Fzv0AtpL9mKatOU0wLchvhgFIryRoRJ_tIqFt2qOCeTLzYX_TXK5qqcvGgBb6KDX6gAQB5zB8iD2qlxVId62GfuY84DnnEQhZ7V4IBuXNj6wEHRkyVtw9lrVoOtNKsh3fTOsBTO-1yiZ6pF92QgWZ4MiESulULIb1yuBSTmYbDGtZZFNJDTmo715ZogHP-2FEOTEo6PPoN2eWmuNC7egt_khRdf3UbUjIQPEZKheUDnzE41LRt0DwcUJ5znPZUAV7xJZwVEQX4dLtW9FdPA6IMAK5rnZGKjBs7j5LCCb5sHHJx37MhcaV61z217UkDXq9t2M5GTPdK6A52OQn9YJkzZBGZwYs5XwHJLoM7rN81tmPLMfjfAO5ySzINlaeyso5ELOeH8OBi5Fh7XNaoIuoEJprVSg%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fpipermail%2Fpublic%2F2017-February%2F009618.html">https://cabforum.org/pipermail/public/2017-February/009618.html</a>
to adjust what represents the Baseline agreement, this adjusts the effective date from 1 April to 24 August. While individual programs may choose to enact or enforce requirements prior to that, as the Baseline Requirements capture the effective point of common
agreement of the bare minimum security levels, it seems appropriate that this Ballot accurately reflect that.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Ballot 185 - Limiting the Lifetime of Certificates<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The following motion has been proposed by Ryan Sleevi of Google, Inc and endorsed by Josh Aas of ISRG and Gervase Markham of Mozilla to introduce new Final Maintenance Guidelines for the "Baseline Requirements Certificate Policy for the
Issuance and Management of Publicly-Trusted Certificates" and the "Guidelines for the Issuance and Management of Extended Validation Certificates"<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">-- MOTION BEGINS --<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Modify Section 6.3.2 of the "Baseline Requirements Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates" as follows:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Replace Section 6.3.2, which reads as follows:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">"""<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">6.3.2. Certificate Operational Periods and Key Pair Usage Periods<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Subscriber Certificates issued after the Effective Date MUST have a Validity Period no greater than 60 months. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Except as provided for below, Subscriber Certificates issued after 1 April 2015 MUST have a Validity Period <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">no greater than 39 months. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Until 30 June 2016, CAs MAY continue to issue Subscriber Certificates with a Validity Period greater than 39 <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">months but not greater than 60 months provided that the CA documents that the Certificate is for a system or <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">software that: <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">(a) was in use prior to the Effective Date; <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">(b) is currently in use by either the Applicant or a substantial number of Relying Parties; <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">(c) fails to operate if the Validity Period is shorter than 60 months; <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">(d) does not contain known security risks to Relying Parties; and <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">(e) is difficult to patch or replace without substantial economic outlay<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">"""<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">with the following text:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">"""<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">6.3.2. Certificate Operational Periods and Key Pair Usage Periods<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Subscriber Certificates issued on or after 24 August 2017 MUST NOT have a Validity Period greater than three hundred and ninety-eight (398) days.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Subscriber Certificates issued prior to 24 August 2017 MUST NOT have a Validity Period greater than thirty-nine (39) months.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">"""<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Modify Section 9.4 of the "Guidelines for the Issuance and Management of Extended Validation Certificates" as follows:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Replace Section 9.4, which reads as follows:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">"""<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">9.4. Maximum Validity Period For EV Certificate<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The validity period for an EV Certificate SHALL NOT exceed twenty seven months. It is RECOMMENDED that EV<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Subscriber Certificates have a maximum validity period of twelve months.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">"""<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">with the following text:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">""""<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">9.4 Maximum Validity Period for EV Certificate<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">EV Certificates issued on or after 24 August 2017 MUST NOT have a Validity Period greater than three hundred and ninety-eight (398) days.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">EV Certificates issued prior to 24 August 2017 MUST NOT have a Validity Period greater than twenty seven (27) months.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">"""<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">-- MOTION ENDS --<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Ballot 185 - Limiting the Lifetime of Certificates<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Status: Final Maintenance Guideline<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Review Period:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Start Time: 2017-02-10 00:00:00 UTC<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">End Time: 2017-02-17 00:00:00 UTC<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Vote for Approval:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Start Time: 2017-02-17 00:00:00 UTC<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">End Time: 2017-02-24 00:00:00 UTC<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Votes must be cast by posting an on-list reply to this thread on the Public Mail List.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">A vote in favor of the ballot must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted.
The latest vote received from any representative of a voting Member before the close of the voting period will be counted. Voting Members are listed here:
<a href="https://clicktime.symantec.com/a/1/rXwNqCZvMNcV59rOKx4iYxvWscu0zP1pPP8axkSuLyU=?d=mCg4ahac7KIM9NNjlpjC4QhaKtSD8VUjo7oJlxsmafhWo9Fzv0AtpL9mKatOU0wLchvhgFIryRoRJ_tIqFt2qOCeTLzYX_TXK5qqcvGgBb6KDX6gAQB5zB8iD2qlxVId62GfuY84DnnEQhZ7V4IBuXNj6wEHRkyVtw9lrVoOtNKsh3fTOsBTO-1yiZ6pF92QgWZ4MiESulULIb1yuBSTmYbDGtZZFNJDTmo715ZogHP-2FEOTEo6PPoN2eWmuNC7egt_khRdf3UbUjIQPEZKheUDnzE41LRt0DwcUJ5znPZUAV7xJZwVEQX4dLtW9FdPA6IMAK5rnZGKjBs7j5LCCb5sHHJx37MhcaV61z217UkDXq9t2M5GTPdK6A52OQn9YJkzZBGZwYs5XwHJLoM7rN81tmPLMfjfAO5ySzINlaeyso5ELOeH8OBi5Fh7XNaoIuoEJprVSg%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fmembers%2F">
https://cabforum.org/members/</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">In order for the ballot to be adopted, two thirds or more of the votes cast by Members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor.<o:p></o:p></p>
</div>
</div>
</div>
</div>
</body>
</html>