<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:微软雅黑;
panose-1:2 11 5 3 2 2 4 2 2 4;}
@font-face
{font-family:"\@宋体";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"\@微软雅黑";
panose-1:2 11 5 3 2 2 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ZH-CN link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'>GDCA votes YES on Ballot 219.<o:p></o:p></span></p><div><div class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"微软雅黑","sans-serif";color:black'><hr size=1 width=210 style='width:157.5pt' noshade style='color:#B5C4DF' align=left></span></div><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span lang=EN-US style='font-size:10.5pt;color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><b><span lang=EN-US style='font-size:10.5pt;color:#1F497D'>Xiu Lei<o:p></o:p></span></b></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><b><span lang=EN-US style='font-size:10.5pt;color:#1F497D'>Security Policy Committee<o:p></o:p></span></b></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><b><span lang=EN-US style='font-size:10.5pt;color:#1F497D'>Global Digital Cybersecurity Authority CO., LTD. (GDCA)</span></b><span lang=EN-US style='font-size:10.5pt;color:#1F497D'> <o:p></o:p></span></p><p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span lang=EN-US style='font-size:10.5pt;color:#1F497D'><a href="http://www.gdca.com.cn"><span style='color:blue'>http://www.gdca.com.cn</span></a> <o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:宋体'>发件人<span lang=EN-US>:</span></span></b><span lang=EN-US style='font-size:10.0pt;font-family:宋体'> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] </span><b><span style='font-size:10.0pt;font-family:宋体'>代表 </span></b><span lang=EN-US style='font-size:10.0pt;font-family:宋体'>Corey Bonnell via Public<br></span><b><span style='font-size:10.0pt;font-family:宋体'>发送时间<span lang=EN-US>:</span></span></b><span lang=EN-US style='font-size:10.0pt;font-family:宋体'> 2018</span><span style='font-size:10.0pt;font-family:宋体'>年<span lang=EN-US>4</span>月<span lang=EN-US>4</span>日<span lang=EN-US> 0:13<br></span><b>收件人<span lang=EN-US>:</span></b><span lang=EN-US> public@cabforum.org<br></span><b>主题<span lang=EN-US>:</span></b><span lang=EN-US> [cabfpub] Voting Begins: Ballot 219 v2: Clarify handling of CAA Record Sets with no "issue"/"issuewild" property tag<o:p></o:p></span></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>Ballot 219 v2: Clarify handling of CAA Record Sets with no "issue"/"issuewild" property tag</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:black'> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>Purpose of this ballot:</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'> </span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>RFC 6844 contains an ambiguity in regard to the correct processing of a non-empty CAA Resource Record Set that does not contain any issue property tag (and also does not contain any issuewild property tag in the case of a Wildcard Domain Name). It is ambiguous if a CA must not issue when such a CAA Resource Record Set is encountered, or if such a Resource Record Set is implicit permission to issue.</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'> </span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>Given that the intent of the RFC is clear (such a CAA Resource Record Set is implicit permission to issue), we are proposing the following change to allow for CAA processing consistent with the intent of the RFC.</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'> </span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>The following motion has been proposed by Corey Bonnell of Trustwave and endorsed by Tim Hollebeek of Digicert and Mads Egil Henriksveen of Buypass.</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'> </span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>-- MOTION BEGINS --</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” as follows, based upon Version 1.5.6:</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'> </span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>In section 3.2.2.8, add this sentence:</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>CAs MAY treat a non-empty CAA Resource Record Set that does not contain any issue property tags (and also does not contain any issuewild property tags when performing CAA processing for a Wildcard Domain Name) as permission to issue, provided that no records in the CAA Resource Record Set otherwise prohibit issuance.</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'> </span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>to the end of this paragraph:</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>When processing CAA records, CAs MUST process the issue, issuewild, and iodef property tags as specified in RFC 6844, although they are not required to act on the contents of the iodef property tag. Additional property tags MAY be supported, but MUST NOT conflict with or supersede the mandatory property tags set out in this document. CAs MUST respect the critical flag and not issue a certificate if they encounter an unrecognized property with this flag set.</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'> </span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>-- MOTION ENDS –</span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'> </span><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:black'>The procedure for approval of this ballot is as follows:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:black'>Discussion (7+ days)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:black'> Start Time: 2018-03-07 19:00:00 UTC <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:black'> End Time: 2018-04-03 19:00:00 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:black'> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:black'>Vote for approval (7 days)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:black'> Start Time: 2018-04-03 19:00:00 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;color:black'> End Time: 2018-04-10 19:00:00 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:black'><o:p> </o:p></span></p><div><p class=MsoNormal><b><span lang=EN-US style='font-size:10.5pt;font-family:"Arial","sans-serif";color:#428FC5'>Corey Bonnell</span></b><span lang=EN-US style='font-size:10.5pt;color:#428FC5'><o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Arial","sans-serif";color:gray'>Senior Software Engineer</span><span lang=EN-US style='font-size:10.5pt;color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Arial","sans-serif";color:gray'>t: +1 412.395.2233</span><span lang=EN-US style='font-size:10.5pt;color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><p class=MsoNormal><b><span lang=EN-US style='font-size:10.5pt;font-family:"Arial","sans-serif";color:#428FC5'>Trustwave</span></b><b><span lang=EN-US style='font-size:10.5pt;font-family:"Arial","sans-serif";color:gray'> </span></b><span lang=EN-US style='font-size:10.5pt;font-family:"Arial","sans-serif";color:gray'>| SMART SECURITY ON DEMAND</span><span lang=EN-US><a href="http://www.trustwave.com/"><span style='font-size:10.5pt;font-family:"Arial","sans-serif";color:gray;text-decoration:none'><br>www.trustwave.com</span></a><o:p></o:p></span></p></div></body></html>