<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Geoff – clearly this applicant will now be denied, but I have to disagree with one of your underlying assumptions below - </span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>“there is no way to uniquely identify the entity”. Rich Smith of Comodo indicated that the applicant’s corporate registration had been confirmed with the government authority – perhaps based on address or some other identifying factor. Again, when we drafted the EVGL (I think I drafted this particular section), we assumed there would be a registration number or date of registration in all records (we were wrong), but even without that, a CA would have the ability to confirm proper corporate registration tied to the applicant’s unique identity so that identity would be confirmed.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>I think we should amend </span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>EVGL 11.2.1 (1)(c) to allow some other method for recording the confirmation of proper corporate registration. Since Rich knows the facts if this case, I’ll leave it to him to come up with any amending language.</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> geoffk@apple.com [mailto:geoffk@apple.com] <br><b>Sent:</b> Thursday, August 31, 2017 1:24 PM<br><b>To:</b> Kirk Hall <Kirk.Hall@entrustdatacard.com>; CA/Browser Forum Public Discussion List <public@cabforum.org><br><b>Cc:</b> Ryan Sleevi <sleevi@google.com><br><b>Subject:</b> Re: [cabfpub] [EXTERNAL] EV 11.2.1 Private Organization registration number or date<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>On 31 Aug 2017, at 1:21 pm, Kirk Hall via Public <<a href="mailto:public@cabforum.org">public@cabforum.org</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>There is a well-established legal doctrine of “Impossibility”, which excuses performance of a requirement under certain limited conditions.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><a href="https://en.wikipedia.org/wiki/Impossibility"><span style='color:purple'>https://en.wikipedia.org/wiki/Impossibility</span></a></span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>In limited cases, it seems that doctrine could apply to the BRs. </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Here, we assumed every jurisdiction would provide a registration number or date when passing the EVGL rule, but we were incorrect. It seems that substitute performance by a CA would fulfill the spirit and purpose of the EVGL rule (where absolute compliance is impossible), which doesn’t bother me. In the meantime, we should also amend the EVGL to allow for this case (where there is no registration number or date).</span><o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>In general, for EV certificate issuance, I believe that if a certificate can’t be issued under the EV criteria, it must not be issued. It’s expected that some organizations or entities will not be able to get an EV certificate for one reason or another, and “there is no way to uniquely identify the entity” is definitely one of those reasons.<o:p></o:p></p></div></div></div></body></html>