<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:TimesNewRomanPSMT;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
p.line867, li.line867, div.line867
{mso-style-name:line867;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
p.line862, li.line862, div.line862
{mso-style-name:line862;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.u
{mso-style-name:u;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<b><span style="font-size:12.0pt;font-family:"Arial",sans-serif">NOTICE OF REVIEW PERIOD – BALLOT 201 - .Onion Revisions<o:p></o:p></span></b></p>
<p class="MsoNormal" align="center" style="margin-bottom:0in;margin-bottom:.0001pt;text-align:center;line-height:normal">
<b><span style="font-size:12.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal;text-autospace:none">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif">This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.2). This Review Period is for Final Maintenance Guidelines (30 day Review Period).
</span><span style="font-size:12.0pt;font-family:TimesNewRomanPSMT">A complete draft of the Draft Guideline that is the subject of this Review Notice is attached.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif">Date Review Notice Sent: June 8, 2017<u><o:p></o:p></u></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif">Ballot for Review: Ballot 201 - .Onion Revisions<u><o:p></o:p></u></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<u><span style="font-size:12.0pt;font-family:"Arial",sans-serif"><o:p><span style="text-decoration:none"> </span></o:p></span></u></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif">Start of Review Period: June 8, 2017 at 23:45 UTC<u><o:p></o:p></u></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<u><span style="font-size:12.0pt;font-family:"Arial",sans-serif"><o:p><span style="text-decoration:none"> </span></o:p></span></u></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif">End of Review Period: July 8, 2017 at 23:45 UTC<u><o:p></o:p></u></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<u><span style="font-size:12.0pt;font-family:"Arial",sans-serif"><o:p><span style="text-decoration:none"> </span></o:p></span></u></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal;text-autospace:none">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif">Please forward any Exclusion Notice relating to Essential Claims to the Chair by email to
</span><a href="mailto:kirk.hall@entrustdatacard.com"><span style="font-size:12.0pt;font-family:"Arial",sans-serif">kirk.hall@entrustdatacard.com</span></a><span style="font-size:12.0pt;font-family:"Arial",sans-serif"> before the end of the Review Period.
See current version of CA/Browser Forum Intellectual Property Rights Policy for details.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal;text-autospace:none">
<span style="font-size:12.0pt;font-family:TimesNewRomanPSMT"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal;text-autospace:none">
<i><span style="font-family:"Arial",sans-serif">(Optional form of Exclusion Notice is attached)<o:p></o:p></span></i></p>
<p class="line867" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<strong><span style="font-family:"Arial",sans-serif">Ballot 201 - .Onion Revisions</span><o:p></o:p></strong></p>
<p class="line874" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif">-- MOTION BEGINS -- </span><o:p></o:p></p>
<p class="line874" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif">Part 1: <o:p></o:p></span></p>
<p class="line874" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif">The CA/Browser Forum, recognizing that Ballot 198 did not include a redline version against the current Final Maintenance Guidelines, thereby constitutes an invalid Ballot. As a consequence, the Forum agrees that
the changes shall not be made to the appropriate Final Maintenance Guideline, and as such, no IPR Review Notice is in force for Ballot 198:
<o:p></o:p></span></p>
<p class="line874" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif">Part 2: <o:p></o:p></span></p>
<p class="line874" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif">Revise Appendix F, Section 1, to read as follows:
<o:p></o:p></span></p>
<p class="line874" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif">Appendix F – Issuance of Certificates for .onion Domain Names
<o:p></o:p></span></p>
<p class="line874" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif">A CA may issue an EV Certificate with .onion in the right-most label of the Domain Name provided that issuance complies with the requirements set forth in this Appendix:
<o:p></o:p></span></p>
<p class="line874" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif">1. CAB Forum Tor Service Descriptor Hash extension (2.23.140.1.31)
<o:p></o:p></span></p>
<p class="line867" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span class="u"><span style="font-family:"Arial",sans-serif">The CA MUST include the</span></span><span style="font-family:"Arial",sans-serif"> CAB Forum
<span class="u">Tor Service Descriptor Hash</span> <span class="u">in</span> the TBSCertificate
<span class="u">to convey</span> hashes of keys related to .onion addresses. The <span class="u">
CA MUST include the</span> Tor Service Descriptor Hash extension <span class="u">
using the</span> following format: <o:p></o:p></span></p>
<p class="line862" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif">cabf-TorServiceDescriptorHash OBJECT IDENTIFIER ::= { 2.23.140.1.31 }
<o:p></o:p></span></p>
<p class="line862" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif">SEQUENCE ( 1..MAX ) of TorServiceDescriptorHash
<o:p></o:p></span></p>
<p class="line867" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif">TorServiceDescriptorHash:: = SEQUENCE {
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt">
<span style="font-size:12.0pt;line-height:106%;font-family:"Arial",sans-serif">onionURI UTF8String
<o:p></o:p></span></p>
<p class="line862" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif">algorithm AlgorithmIdentifier
<o:p></o:p></span></p>
<p class="line862" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif">subjectPublicKeyHash BIT STRING
<o:p></o:p></span></p>
<p class="line874" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif">} <o:p></o:p></span></p>
<p class="line862" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-size:12.0pt;font-family:"Arial",sans-serif">Where the AlgorithmIdentifier is a hashing algorithm (defined in RFC 6234) performed over the DER-encoding of an ASN.1 SubjectPublicKey of the .onion service and SubjectPublicKeyHash is the hash
output. <o:p></o:p></span></p>
<p class="line874" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif">--Motion Ends-- <o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>