<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <font face="Cambria">One more reference, see section 5.1.4 in:<br>
      <br>
       <a class="moz-txt-link-freetext" href="http://www.etsi.org/deliver/etsi_en/319400_319499/31941201/01.01.01_60/en_31941201v010101p.pdf">http://www.etsi.org/deliver/etsi_en/319400_319499/31941201/01.01.01_60/en_31941201v010101p.pdf</a></font><br>
    <br>
    Thanks,<br>
    M.D.<br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 10/23/2017 6:02 PM, 陳立群 via Public
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:009b01d34c0f$fe408ce0$fac1a6a0$@cht.com.tw">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <meta name="Generator" content="Microsoft Word 14 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:Helvetica;
        panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
        {font-family:新細明體;
        panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
        {font-family:新細明體;
        panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:"\@新細明體";
        panose-1:2 2 5 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"新細明體","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"註解方塊文字 字元";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:9.0pt;
        font-family:"Cambria","serif";}
p.m9145430664166345883gmail-m-4595804663788861089line867, li.m9145430664166345883gmail-m-4595804663788861089line867, div.m9145430664166345883gmail-m-4595804663788861089line867
        {mso-style-name:m_9145430664166345883gmail-m-4595804663788861089line867;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"新細明體","serif";}
p.m9145430664166345883gmail-m-4595804663788861089line874, li.m9145430664166345883gmail-m-4595804663788861089line874, div.m9145430664166345883gmail-m-4595804663788861089line874
        {mso-style-name:m_9145430664166345883gmail-m-4595804663788861089line874;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"新細明體","serif";}
span.m9145430664166345883gmail-m-4595804663788861089apple-converted-space
        {mso-style-name:m_9145430664166345883gmail-m-4595804663788861089apple-converted-space;}
p.m9145430664166345883gmail-m-4595804663788861089line862, li.m9145430664166345883gmail-m-4595804663788861089line862, div.m9145430664166345883gmail-m-4595804663788861089line862
        {mso-style-name:m_9145430664166345883gmail-m-4595804663788861089line862;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"新細明體","serif";}
span.a
        {mso-style-name:"註解方塊文字 字元";
        mso-style-priority:99;
        mso-style-link:註解方塊文字;
        font-family:"Cambria","serif";}
span.EmailStyle24
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:1547259148;
        mso-list-template-ids:-56611280;}
@list l0:level1
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:36.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:72.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:108.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:144.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:180.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:216.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:252.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:288.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:324.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span lang="EN-US">What about using
            serialNumber (2.5.4.5)?<o:p></o:p></span></p>
        <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span lang="EN-US">     Li-Chun Chen </span><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US"><o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US"><o:p> </o:p></span></p>
        <p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
              lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
            lang="EN-US"> Ryan Sleevi [<a class="moz-txt-link-freetext" href="mailto:sleevi@google.com">mailto:sleevi@google.com</a>] <br>
            <b>Sent:</b> Monday, October 23, 2017 9:54 PM<br>
            <b>To:</b> </span><span style="font-size:10.0pt">陳立群</span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
            lang="EN-US"><br>
            <b>Cc:</b> Geoff Keating; CA/Browser Forum Public Discussion
            List<br>
            <b>Subject:</b> [</span><span style="font-size:10.0pt">外部郵件</span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
            lang="EN-US">] Re: [cabfpub] Ballot 208 - dnQualifiers<o:p></o:p></span></p>
        <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
        <div>
          <p class="MsoNormal"><span lang="EN-US">Given that the naming
              authority is the DNS, and two entities with the same 64
              character prefix domain would be equivalent, it does not
              seem at all incorrect or imprecise to include this
              information in the dnQualifier.<o:p></o:p></span></p>
          <div>
            <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
          </div>
          <div>
            <p class="MsoNormal"><span lang="EN-US">Hopefully we can
                find a solution other than "Don't have long domains
                because the commonName" - a field deprecated nearly two
                decades ago.<o:p></o:p></span></p>
            <div>
              <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
              <div>
                <p class="MsoNormal"><span lang="EN-US">On Sun, Oct 22,
                    2017 at 10:41 AM, </span>陳立群<span lang="EN-US">
                    <<a href="mailto:realsky@cht.com.tw"
                      target="_blank" moz-do-not-send="true">realsky@cht.com.tw</a>>
                    wrote:<o:p></o:p></span></p>
                <div>
                  <div>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        style="font-family:"Times New
                        Roman","serif";color:black"
                        lang="EN-US">I would like to second Geoff's
                        opinion about the dnQualifier attribute. In the
                        ITU-T X.520 standard, the definition of the
                        dnQualifier attribute is as the following:</span><span
                        lang="EN-US"><o:p></o:p></span></p>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        style="font-family:"Times New
                        Roman","serif";color:black"
                        lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        style="font-family:"Times New
                        Roman","serif";color:black"
                        lang="EN-US">The DN Qualifier attribute type
                        specifies disambiguating information to add to
                        the relative distinguished name of an entry. It
                        is intended to be used for entries held in
                        multiple DSAs which would otherwise have the
                        same name, and that its value be the same in a
                        given DSA for all entries to which this
                        information has been added.</span><span
                        lang="EN-US"><o:p></o:p></span></p>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        style="font-family:"Times New
                        Roman","serif";color:black"
                        lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        style="font-family:"Times New
                        Roman","serif";color:black"
                        lang="EN-US">From what I understand, the
                        dnQualifier attribute is intended to distinguish
                        two different entities which would otherwise
                        have the same DN if they are named by different
                        DSAs (or naming authorities). Therefore, the
                        attribute value of the dnQualifier is usually
                        used to indicate the name of the DSA which is in
                        charge of naming the entity.</span><span
                        lang="EN-US"><o:p></o:p></span></p>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        style="font-family:"Times New
                        Roman","serif";color:black"
                        lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        style="font-family:"Times New
                        Roman","serif";color:black"
                        lang="EN-US">If we use the dnQualifier attribute
                        in the manner proposed this ballot, that will be
                        a distortion on its original definition in the
                        X.520 standard.</span><span lang="EN-US"><o:p></o:p></span></p>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        style="font-family:"Times New
                        Roman","serif";color:black"
                        lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
                        lang="EN-US">         </span><span
                        style="font-family:"Times New
                        Roman","serif";color:black"
                        lang="EN-US">Li-Chun Chen</span><span
                        lang="EN-US"><o:p></o:p></span></p>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        style="font-family:"Times New
                        Roman","serif";color:black"
                        lang="EN-US">        Chunghwa Telecom</span><span
                        lang="EN-US"><o:p></o:p></span></p>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
                        lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
                    <div>
                      <div style="border:none;border-top:solid #B5C4DF
                        1.0pt;padding:3.0pt 0cm 0cm 0cm">
                        <p class="MsoNormal"
                          style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
                              lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
                            lang="EN-US"> Public [mailto:<a
                              href="mailto:public-bounces@cabforum.org"
                              target="_blank" moz-do-not-send="true">public-bounces@cabforum.org</a>]
                            <b>On Behalf Of </b>Geoff Keating via
                            Public<br>
                            <b>Sent:</b> Saturday, October 21, 2017 3:15
                            AM<br>
                            <b>To:</b> Ryan Sleevi<br>
                            <b>Cc:</b> CA/Browser Forum Public
                            Discussion List<br>
                            <b>Subject:</b> [</span><span
                            style="font-size:10.0pt">外部郵件</span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
                            lang="EN-US">] Re: [cabfpub] Ballot 208 -
                            dnQualifiers</span><span lang="EN-US"><o:p></o:p></span></p>
                      </div>
                    </div>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        lang="EN-US"> <o:p></o:p></span></p>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        lang="EN-US"> <o:p></o:p></span></p>
                    <div>
                      <p class="MsoNormal"
                        style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span
                          lang="EN-US"><o:p> </o:p></span></p>
                      <div>
                        <p class="MsoNormal"
                          style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                            lang="EN-US">On Oct 20, 2017, at 11:30 AM,
                            Ryan Sleevi <<a
                              href="mailto:sleevi@google.com"
                              target="_blank" moz-do-not-send="true">sleevi@google.com</a>>
                            wrote:<o:p></o:p></span></p>
                      </div>
                      <p class="MsoNormal"
                        style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                          lang="EN-US"> <o:p></o:p></span></p>
                      <div>
                        <div>
                          <p class="MsoNormal"
                            style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                              lang="EN-US"> <o:p></o:p></span></p>
                          <div>
                            <p class="MsoNormal"
                              style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                lang="EN-US"> <o:p></o:p></span></p>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">On Fri, Oct 20, 2017 at
                                  2:20 PM, Geoff Keating via Public <<a
                                    href="mailto:public@cabforum.org"
                                    target="_blank"
                                    moz-do-not-send="true">public@cabforum.org</a>>
                                  wrote:<o:p></o:p></span></p>
                            </div>
                          </div>
                        </div>
                      </div>
                      <p class="MsoNormal"
                        style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span
                          lang="EN-US"><o:p> </o:p></span></p>
                      <div>
                        <div>
                          <div>
                            <blockquote
                              style="border:none;border-left:solid
                              #CCCCCC 1.0pt;padding:0cm 0cm 0cm
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
                              <div>
                                <div>
                                  <p class="MsoNormal"
                                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                      lang="EN-US">- How this matches
                                      with the X.520 definition of
                                      dnQualifier, in particular the
                                      second sentence:<o:p></o:p></span></p>
                                </div>
                                <div>
                                  <p class="MsoNormal"
                                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                      lang="EN-US"> <o:p></o:p></span></p>
                                </div>
                                <div>
                                  <p class="MsoNormal"
                                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                      lang="EN-US">The DN Qualifier attribute
                                      type specifies disambiguating
                                      information to add to
                                      the relative distinguished name of
                                      an entry. It is intended to
                                      be used for entries held
                                      in multiple DSAs
                                      which would otherwise have the
                                      same name, and that its value be
                                      the same in a given DSA for
                                      all entries to which
                                      this information has been added.<o:p></o:p></span></p>
                                </div>
                              </div>
                            </blockquote>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US"> <o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">This matches 1:1. Is
                                  there a concern that it doesn't match,
                                  or that more rules are necessary?<o:p></o:p></span></p>
                            </div>
                          </div>
                        </div>
                      </div>
                      <div>
                        <p class="MsoNormal"
                          style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                            lang="EN-US"> <o:p></o:p></span></p>
                      </div>
                      <div>
                        <p class="MsoNormal"
                          style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                            lang="EN-US">What I quoted above is X.520. 
                            It doesn't seem to me to be describing the
                            same thing as the ballot.  In particular,
                            normally you would consider a CA’s issuing
                            infrastructure to be one single DSA, which
                            produces a contradiction between the ballot
                            text "The CA MAY set the dnQualifer value to
                            the base64 encoding of the SHA1 hash of
                            the subjectAlternativeName” and X.520’s text
                            “its value be the same in a given DSA”.<o:p></o:p></span></p>
                      </div>
                      <p class="MsoNormal"
                        style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span
                          lang="EN-US"><o:p> </o:p></span></p>
                      <div>
                        <div>
                          <div>
                            <blockquote
                              style="border:none;border-left:solid
                              #CCCCCC 1.0pt;padding:0cm 0cm 0cm
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
                              <div>
                                <div>
                                  <p class="MsoNormal"
                                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                      lang="EN-US">- How this is
                                      actually intended to be used in
                                      the web PKI?<o:p></o:p></span></p>
                                </div>
                                <div>
                                  <p class="MsoNormal"
                                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                      lang="EN-US"> <o:p></o:p></span></p>
                                </div>
                              </div>
                            </blockquote>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US"> <o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">As raised on our most
                                  recent call, one notable thing is that
                                  this allows CAs to issue single
                                  certificates for domain names greater
                                  than 64 characters, at a DV level,
                                  while interoperably working with the
                                  Web PKI. This flows as follows:<o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US"> <o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">- The X.509/RFC 5280
                                  definition for commonName is limited
                                  to 64 characters.<o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">- If you have a
                                  certificate with a domain name greater
                                  than 64 characters, you cannot place
                                  it in the common name of the subject.<o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">- The common name of the
                                  subject may only contain domain names
                                  and IP addresses.<o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">- All other specified
                                  fields of the Subject must be
                                  validated to OV level.<o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US"> <o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">As a consequence, the
                                  only way with DV today to represent
                                  these certificates is with an empty
                                  sequence for the subject name and a
                                  critical subjectAltName, pursuant with
                                  RFC5280. You can see this at <a
                                    href="https://no-subject.badssl.com"
                                    target="_blank"
                                    moz-do-not-send="true">https://no-subject.badssl.com</a><o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US"> <o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">If you tried to load that
                                  on Apple iOS, it would load.<o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">If you tried to load that
                                  on Apple macOS earlier than 10.10, it
                                  would load.<o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">If you tried to load that
                                  on Apple macOS since 10.10, it will
                                  fail, as empty subjects are no longer
                                  supported.<o:p></o:p></span></p>
                            </div>
                          </div>
                        </div>
                      </div>
                      <div>
                        <p class="MsoNormal"
                          style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                            lang="EN-US"> <o:p></o:p></span></p>
                      </div>
                      <div>
                        <p class="MsoNormal"
                          style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                            lang="EN-US">It works for me in 10.11—so
                            does that mean this ballot is no longer
                            needed?<o:p></o:p></span></p>
                      </div>
                      <p class="MsoNormal"
                        style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span
                          lang="EN-US"><o:p> </o:p></span></p>
                      <div>
                        <div>
                          <div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">This provides a way for a
                                  CA to ensure that a DV certificate
                                  with a domain name of more than 64
                                  characters can be issued, by using the
                                  dnQualifier field (which is
                                  CA-controlled, as noted in the
                                  relevant X.520 text you cited) to
                                  serve as a disambiguator between
                                  certificates the CA has issued.<o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US"> <o:p></o:p></span></p>
                            </div>
                            <div>
                              <p class="MsoNormal"
                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                  lang="EN-US">Does that help capture
                                  it?<o:p></o:p></span></p>
                            </div>
                          </div>
                        </div>
                      </div>
                      <div>
                        <p class="MsoNormal"
                          style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                            lang="EN-US"> <o:p></o:p></span></p>
                      </div>
                      <div>
                        <p class="MsoNormal"
                          style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                            lang="EN-US">I see the problem but I’m very
                            hesitant to standardise something in
                            CABforum which contradicts X.520.<o:p></o:p></span></p>
                      </div>
                      <div>
                        <p class="MsoNormal"
                          style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                            lang="EN-US"> <o:p></o:p></span></p>
                      </div>
                      <div>
                        <p class="MsoNormal"
                          style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                            lang="EN-US">Have we really explored other
                            alternatives?  For example, truncate the
                            commonName to 60 characters and append an
                            ellipsis in Unicode (“…”) so that it can’t
                            be confused with a domain name.<o:p></o:p></span></p>
                      </div>
                      <div>
                        <p class="MsoNormal"
                          style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                            lang="EN-US"> <o:p></o:p></span></p>
                      </div>
                      <blockquote
                        style="margin-top:5.0pt;margin-bottom:5.0pt">
                        <div>
                          <div>
                            <div>
                              <div>
                                <p class="MsoNormal"
                                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                    lang="EN-US"> <o:p></o:p></span></p>
                              </div>
                              <blockquote
                                style="border:none;border-left:solid
                                #CCCCCC 1.0pt;padding:0cm 0cm 0cm
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
                                <div>
                                  <div>
                                    <div>
                                      <blockquote
                                        style="margin-top:5.0pt;margin-bottom:5.0pt">
                                        <div>
                                          <div>
                                            <div>
                                              <p class="MsoNormal"
                                                style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                                  lang="EN-US">On Oct
                                                  12, 2017, at 11:04 AM,
                                                  Ben Wilson via Public
                                                  <<a
                                                    href="mailto:public@cabforum.org"
                                                    target="_blank"
                                                    moz-do-not-send="true">public@cabforum.org</a>>
                                                  wrote:<o:p></o:p></span></p>
                                            </div>
                                            <p class="MsoNormal"
                                              style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                                lang="EN-US"> <o:p></o:p></span></p>
                                          </div>
                                        </div>
                                        <div>
                                          <div>
                                            <div>
                                              <div>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line867"><strong><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                      lang="EN-US">Ballot
                                                      208 - dnQualifiers</span></strong><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">This
                                                    ballot allows CAs to
                                                    use dnQualifiers in
                                                    certificates to
                                                    partition groups of
                                                    certificates into
                                                    different sets and
                                                    to allow
                                                    non-identity
                                                    information to be
                                                    included in DV
                                                    certificates.<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line862"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">The
                                                    following motion has
                                                    been proposed by
                                                    Peter Bowen of
                                                    Amazon and endorsed
                                                    by Ben Wilson of
                                                    DigiCert and Ryan
                                                    Sleevi of Google.<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">--
                                                    MOTION BEGINS --<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">In the
                                                    Baseline
                                                    Requirements,
                                                    REPLACE the
                                                    definition of
                                                    "Subject Identity
                                                    Information" with:<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">"Information
                                                    that identifies the
                                                    Certificate Subject.
                                                    Subject Identity
                                                    Information does not
                                                    include [strikeout]<s>a
                                                      domain name listed
                                                      in the
                                                      subjectAltName
                                                      extension or the
                                                      Subject commonName
                                                      field</s>[/strikeout]
                                                    [insert]<u>dnQualifier
                                                      attributes in
                                                      Distinguished
                                                      Names, commonName
                                                      attributes in
                                                      Distinguished
                                                      Names, dNSName
                                                      Subject
                                                      Alternative Names,
                                                      iPAddress Subject
                                                      Alternative Names,
                                                      or SRVName Subject
                                                      Alternative Names</u>[/insert]."<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">In
                                                    Section 7.1.4.2.2
                                                    Subject
                                                    Distinguished Name
                                                    Fields, re-letter
                                                    "j" (Other Subject
                                                    Attributes) as
                                                    letter "k" and
                                                    INSERT a new
                                                    subsection j. that
                                                    reads:<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">j.
                                                    Certificate Field:
                                                    subject:dnQualifier<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <ul type="disc">
                                                  <li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0
                                                    level1 lfo1"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                      lang="EN-US">Optional.
                                                      Contents: This
                                                      field is intended
                                                      to be used when
                                                      several
                                                      certificates with
                                                      the same subject
                                                      can be partitioned
                                                      into sets of
                                                      related
                                                      certificates. Each
                                                      related
                                                      certificate set
                                                      MAY have the same
                                                      dnQualifier. The
                                                      CA may include a
                                                      dnQualifier
                                                      attribute with a
                                                      zero length value
                                                      to explicitly
                                                      indicate that the
                                                      CA makes no
                                                      assertion about
                                                      relationship with
                                                      other certificates
                                                      with the same
                                                      subject. The CA
                                                      MAY set the
                                                      dnQualifer value
                                                      to the base64
                                                      encoding of the
                                                      SHA1 hash of the
                                                      subjectAlternativeName
                                                      extnValue if it
                                                      wishes to indicate
                                                      grouping of
                                                      certificates by
                                                      alternative name
                                                      set.<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                      lang="EN-US"><o:p></o:p></span></li>
                                                </ul>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">--
                                                    MOTION ENDS --<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">The
                                                    procedure for
                                                    approval of this
                                                    Final Maintenance
                                                    Guideline ballot is
                                                    as follows (exact
                                                    start and end times
                                                    may be adjusted to
                                                    comply with
                                                    applicable Bylaws
                                                    and IPR Agreement):<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">BALLOT
                                                    208 Status: Final
                                                    Maintenance
                                                    Guideline Start time
                                                    (22:00 UTC) End time
                                                    (22:00 UTC)<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">Discussion
                                                    begins October 12,
                                                    2017 22:00 UTC and
                                                    ends October 19,
                                                    2017 22:00 UTC (7
                                                    days)<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">Vote
                                                    for approval begins
                                                    October 19, 2017
                                                    22:00 UTC and ends
                                                    October 26, 2017
                                                    22:00 UTC (7 days)<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">If vote
                                                    approves ballot:
                                                    Review Period (Chair
                                                    to send Review
                                                    Notice) (30 days).
                                                    If Exclusion
                                                    Notice(s) filed,
                                                    ballot approval is
                                                    rescinded and PAG to
                                                    be created. If no
                                                    Exclusion Notices
                                                    filed, ballot
                                                    becomes effective at
                                                    end of Review
                                                    Period. Upon filing
                                                    of Review Notice by
                                                    Chair 30 days after
                                                    filing of Review
                                                    Notice by Chair<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">From
                                                    Bylaw 2.3: If the
                                                    Draft Guideline
                                                    Ballot is proposing
                                                    a Final Maintenance
                                                    Guideline, such
                                                    ballot will include
                                                    a redline or
                                                    comparison showing
                                                    the set of changes
                                                    from the Final
                                                    Guideline section(s)
                                                    intended to become a
                                                    Final Maintenance
                                                    Guideline, and need
                                                    not include a copy
                                                    of the full set of
                                                    guidelines. Such
                                                    redline or
                                                    comparison shall be
                                                    made against the
                                                    Final Guideline
                                                    section(s) as they
                                                    exist at the time a
                                                    ballot is proposed,
                                                    and need not take
                                                    into consideration
                                                    other ballots that
                                                    may be proposed
                                                    subsequently, except
                                                    as provided in Bylaw
                                                    Section 2.3(j).<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line862"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">Votes
                                                    must be cast by
                                                    posting an on-list
                                                    reply to this thread
                                                    on the Public list.
                                                    A vote in favor of
                                                    the motion must
                                                    indicate a clear
                                                    'yes' in the
                                                    response. A vote
                                                    against must
                                                    indicate a clear
                                                    'no' in the
                                                    response. A vote to
                                                    abstain must
                                                    indicate a clear
                                                    'abstain' in the
                                                    response. Unclear
                                                    responses will not
                                                    be counted. The
                                                    latest vote received
                                                    from any
                                                    representative of a
                                                    voting member before
                                                    the close of the
                                                    voting period will
                                                    be counted. Voting
                                                    members are listed
                                                    here:<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span><a
href="https://cabforum.org/members/" target="_blank"
                                                      moz-do-not-send="true"><span
style="color:#954F72">https://cabforum.org/members/</span></a></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <p
                                                  class="m9145430664166345883gmail-m-4595804663788861089line874"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                    lang="EN-US">In
                                                    order for the motion
                                                    to be adopted, two
                                                    thirds or more of
                                                    the votes cast by
                                                    members in the CA
                                                    category and greater
                                                    than 50% of the
                                                    votes cast by
                                                    members in the
                                                    browser category
                                                    must be in favor.
                                                    Quorum is shown on
                                                    CA/Browser Forum
                                                    wiki. Under Bylaw
                                                    2.2(g), at least the
                                                    required quorum
                                                    number must
                                                    participate in the
                                                    ballot for the
                                                    ballot to be valid,
                                                    either by voting in
                                                    favor, voting
                                                    against, or
                                                    abstaining.<span
class="m9145430664166345883gmail-m-4595804663788861089apple-converted-space"> </span></span><span
                                                    lang="EN-US"><o:p></o:p></span></p>
                                                <div>
                                                  <p class="MsoNormal"
                                                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
                                                      lang="EN-US"> </span><span
                                                      lang="EN-US"><o:p></o:p></span></p>
                                                </div>
                                              </div>
                                            </div>
                                          </div>
                                          <p class="MsoNormal"
                                            style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                              lang="EN-US"><pre-ballot-208-dnQualifier.pdf></span><span
style="font-size:9.0pt;font-family:"Helvetica","sans-serif""
                                              lang="EN-US">_______________________________________________<br>
                                              Public mailing list<br>
                                            </span><span lang="EN-US"><a
href="mailto:Public@cabforum.org" target="_blank" moz-do-not-send="true"><span
style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:#954F72">Public@cabforum.org</span></a></span><span
style="font-size:9.0pt;font-family:"Helvetica","sans-serif""
                                              lang="EN-US"><br>
                                            </span><span lang="EN-US"><a
href="https://cabforum.org/mailman/listinfo/public" target="_blank"
                                                moz-do-not-send="true"><span
style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:#954F72">https://cabforum.org/mailman/listinfo/public</span></a><o:p></o:p></span></p>
                                        </div>
                                      </blockquote>
                                    </div>
                                    <p class="MsoNormal"
                                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                        lang="EN-US"> <o:p></o:p></span></p>
                                  </div>
                                </div>
                                <p class="MsoNormal"
                                  style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span
                                    lang="EN-US"><br>
_______________________________________________<br>
                                    Public mailing list<br>
                                    <a href="mailto:Public@cabforum.org"
                                      target="_blank"
                                      moz-do-not-send="true">Public@cabforum.org</a><br>
                                    <a
                                      href="https://cabforum.org/mailman/listinfo/public"
                                      target="_blank"
                                      moz-do-not-send="true">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></span></p>
                              </blockquote>
                            </div>
                            <p class="MsoNormal"
                              style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                                lang="EN-US"> <o:p></o:p></span></p>
                          </div>
                        </div>
                      </blockquote>
                    </div>
                    <p class="MsoNormal"
                      style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
                        lang="EN-US"> <o:p></o:p></span></p>
                  </div>
                </div>
                <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
                <div>
                  <div>
                    <p class="MsoNormal">本信件可能包含中華電信股份有限公司機密資訊<span
                        lang="EN-US">,</span>非指定之收件者<span lang="EN-US">,</span>請勿蒐集、處理或利用本信件內容<span
                        lang="EN-US">,</span>並請銷毀此信件<span lang="EN-US">.
                      </span>如為指定收件者<span lang="EN-US">,</span>應確實保護郵件中本公司之營業機密及個人資料<span
                        lang="EN-US">,</span>不得任意傳佈或揭露<span lang="EN-US">,</span>並應自行確認本郵件之附檔與超連結之安全性<span
                        lang="EN-US">,</span>以共同善盡資訊安全與個資保護責任<span
                        lang="EN-US">. <o:p></o:p></span></p>
                  </div>
                  <div>
                    <p class="MsoNormal"><span lang="EN-US">Please be
                        advised that this email message (including any
                        attachments) contains confidential information
                        and may be legally privileged. If you are not
                        the intended recipient, please destroy this
                        message and all attachments from your system and
                        do not further collect, process, or use them.
                        Chunghwa Telecom and all its subsidiaries and
                        associated companies shall not be liable for the
                        improper or incomplete transmission of the
                        information contained in this email nor for any
                        delay in its receipt or damage to your system.
                        If you are the intended recipient, please
                        protect the confidential and/or personal
                        information contained in this email with due
                        care. Any unauthorized use, disclosure or
                        distribution of this message in whole or in part
                        is strictly prohibited. Also, please
                        self-inspect attachments and hyperlinks
                        contained in this email to ensure the
                        information security and to protect personal
                        information.<o:p></o:p></span></p>
                  </div>
                </div>
                <div>
                  <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
                </div>
              </div>
              <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
            </div>
          </div>
        </div>
      </div>
      <br>
      <div>
        <div>本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件.
如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. </div>
        <div>Please be advised that this email message (including any
          attachments) contains confidential information and may be
          legally privileged. If you are not the intended recipient,
          please destroy this message and all attachments from your
          system and do not further collect, process, or use them.
          Chunghwa Telecom and all its subsidiaries and associated
          companies shall not be liable for the improper or incomplete
          transmission of the information contained in this email nor
          for any delay in its receipt or damage to your system. If you
          are the intended recipient, please protect the confidential
          and/or personal information contained in this email with due
          care. Any unauthorized use, disclosure or distribution of this
          message in whole or in part is strictly prohibited. Also,
          please self-inspect attachments and hyperlinks contained in
          this email to ensure the information security and to protect
          personal information.</div>
      </div>
      <div><br>
      </div>
      <div><br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>