<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:"MS PGothic";

        panose-1:2 11 6 0 7 2 5 8 2 4;}

@font-face

        {font-family:"\@MS PGothic";

        panose-1:2 11 6 0 7 2 5 8 2 4;}

@font-face

        {font-family:ArialMT;

        panose-1:0 0 0 0 0 0 0 0 0 0;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;

        mso-fareast-language:JA;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:#0563C1;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:#954F72;

        text-decoration:underline;}

p.msonormal0, li.msonormal0, div.msonormal0

        {mso-style-name:msonormal;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"MS PGothic",sans-serif;

        mso-fareast-language:JA;}

p.line874, li.line874, div.line874

        {mso-style-name:line874;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;

        mso-fareast-language:JA;}

p.line891, li.line891, div.line891

        {mso-style-name:line891;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;

        mso-fareast-language:JA;}

p.line862, li.line862, div.line862

        {mso-style-name:line862;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;

        mso-fareast-language:JA;}

span.EmailStyle21

        {mso-style-type:personal;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

span.EmailStyle24

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="#0563C1" vlink="#954F72">

<div class="WordSection1">

<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Jeremy, is it possible to distribute this in a redline or comparison format so people can see the changes – Bylaw 2.3 says the following: $B!H(B</span><span style="mso-fareast-language:EN-US">If the Draft

 Guideline Ballot is proposing a Final Maintenance Guideline, such ballot will include a redline or comparison showing the set of changes from the Final Guideline section(s) intended to become a Final Maintenance Guideline ***$B!I(B.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b>From:</b> Public [mailto:public-bounces@cabforum.org] <b>

On Behalf Of </b>Jeremy Rowley via Public<br>

<b>Sent:</b> Wednesday, October 4, 2017 1:39 PM<br>

<b>To:</b> CA/Browser Forum Public Discussion List <public@cabforum.org><br>

<b>Subject:</b> [EXTERNAL][cabfpub] Ballot 184 - SRVnames<o:p></o:p></p>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="line874" style="background:white"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">Probably time to finish this ballot off.  This is the last version I have, slightly modified to remove the 822 and other language.  Thoughts?

  <o:p></o:p></span></p>

<p class="line874" style="background:white"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">Ballot 184 – SRVNames<o:p></o:p></span></p>

<p class="line874" style="background:white"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">Amend Section 7.1.4.2.1 as follows:<o:p></o:p></span></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<strong><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:black">7.1.4.2.1.

<i>Subject Alternative Name Extension </i></span></strong><strong><i><span style="font-family:"Calibri",sans-serif"><o:p></o:p></span></i></strong></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">Certificate Field:</span></b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"> extensions:subjectAltName </span><span style="font-family:"Times New Roman",serif"><o:p></o:p></span></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">Required/Optional</span></b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">: Required <o:p></o:p></span></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">Contents</span></b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">: This extension MUST contain at least one entry where each included entry is

 one of the following:<o:p></o:p></span></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<strong><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></strong></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<strong><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:black">7.1.4.2.1.1. dNSName <o:p></o:p></span></strong></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">The subjectAltName extension MAY include one or more dNSName entries provided each entry is either a Fully</span><span style="font-size:12.0pt;font-family:"Cambria Math",serif;color:black">$B!>(B</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">Qualified

 Domain Name or a Wildcard Domain Name. The CA MUST confirm the Applicant$B!G(Bs ownership or control over each Fully-Qualified Domain Name and Wildcard Domain Name entry in accordance with Section 3.2.2.4. Except where the entry is an Internal Name with onion as

 the right</span><span style="font-size:12.0pt;font-family:"Cambria Math",serif;color:black">$B!>(B</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">most label in an entry in the subjectAltName Extension or commonName field in

 accordance with Appendix F of the EV Guidelines, CAs MUST NOT include an Internal Name in a dNSName entry.</span><span style="font-family:"Times New Roman",serif"><o:p></o:p></span></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<strong><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></strong></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<strong><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:black">7.1.4.2.1.2. iPAddress</span></strong><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"> </span><span style="font-family:"Times New Roman",serif"><o:p></o:p></span></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">The subjectAltName MAY include one or more iPAddress entries provided the CA has confirmed the Applicant$B!G(Bs ownership or control over each IP address entry in accordance with Section

 3.2.2.5. CAs MUST NOT include any entry that is a Reserved IP Address.<o:p></o:p></span></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p> </o:p></span></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<em><b><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:black;font-style:normal">7.1.4.2.1.4. otherName with SRVName { 1.3.6.1.5.5.7.0.18.8.7 } type-id</span></b></em><strong><i><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:black"> </span></i></strong><strong><i><span style="font-family:"Calibri",sans-serif"><o:p></o:p></span></i></strong></p>

<p class="line891" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;background:white">

<strong><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:black;font-weight:normal">The subjectAltName MAY include one or more SRVNames (as defined in RFC4986) as an otherName entry with the SRVName type-id. The CA MUST verify the name portion

 of the entry in accordance with Section 3.2.2.4.  A CA MUST NOT include a Wildcard Domain Name in any SRVName entry. If a Technically Constrained Subordinate CA Certificate includes a dNSName constraint but does not have a technical constraint for SRVNames,

 the CA MUST NOT issue certificates containing SRVNames from the Technically Constrained Subordinate CA Certificate. The CA MUST include permitted name subtrees and MAY include excluded name subtrees in all Technically Constrained Subordinate CA Certificate

 that includes a technical constraint for SRVNames.</span></strong><span style="font-family:"Times New Roman",serif"><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>

</div>

</body>

</html>