<div dir="ltr">That could simplify it, but Mozilla's CRL Reason Code rules would still supersede that section.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Nov 15, 2022 at 2:22 AM Dimitris Zacharopoulos (HARICA) via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org">servercert-wg@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <div>On 15/11/2022 1:02 π.μ., Ben Wilson via
      Servercert-wg wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div>Thanks.</div>
        <div><br>
        </div>
        <div>Any additional thoughts, recommendations, etc.?</div>
      </div>
    </blockquote>
    <br>
    Hi Ben,<br>
    <br>
    I assume that the use cases described within the parenthesis under
    4.9.1.1 are "examples" which means that the "i.e." should be
    replaced with "e.g.". <br>
    <br>
    I am not very much in favor of the breakown of subsections for each
    revocation reasonCode which repeats the language "SHOULD revoke
    within 24 hours and SHALL revoke within 5 days" in various cases,
    and gets especially confusing when the Subscriber requests in
    writing, which can apply to several reasonCodes.<br>
    <br>
    The previous attempt keeping the existing structure that
    CAs/Auditors are already familiar with, seems like a better
    approach. That's because CAs already have controls in place to
    handle "specific revocation use cases" as they are listed in the
    current sections 4.9.1.1 and 4.9.1.2. All we need to do now is map
    those known cases to a specific RFC5280 reasonCode.<br>
    <br>
    If additional revocation use cases have been documented in MRSP, we
    can add those in <a href="http://4.9.1.1/2" target="_blank">4.9.1.1/2</a> as needed.<br>
    <br>
    What do others think? Should we try to minimize the changes to
    4.9.1.1 and 4.9.1.2 or do a complete restructuring?<br>
    <br>
    <br>
    Thanks,<br>
    Dimitris.<br>
    <br>
    <br>
    <blockquote type="cite">
      <div dir="ltr">
        <div><br>
        </div>
        <div>Ben<br>
        </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Thu, Nov 10, 2022 at 11:33
          PM Roman Fischer via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div>
            <div lang="DE">
              <div>
                <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif">Dear
                    Ben,</span></p>
                <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif"> </span></p>
                <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US">Thanks for your effort to make it
                    better understandable. Even for me as a non-native
                    speaker it’s now much clearer when to use which
                    reasonCode (but it’s still very complex!).</span></p>
                <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US"> </span></p>
                <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US">Could the section</span></p>
                <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US"> </span></p>
                <p class="MsoNormal"><span lang="EN-US">** The
                    privilegeWithdrawn reasonCode <span style="background:yellow">
                      does not need to be made available</span> to the
                    Subscriber as a revocation reason option, because
                    the use of this reasonCode is determined by the CA
                    and not the Subscriber.</span><span style="font-size:11pt" lang="EN-US"></span></p>
                <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US"> </span></p>
                <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US">be reformulated to use one of the RFC
                    2119 terms? Maybe your intention was “SHALL NOT be
                    made available”?</span></p>
                <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US"> </span></p>
                <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US">Kind regards<br>
                    Roman Fischer, SwissSign</span></p>
                <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US"> </span></p>
                <div style="border-color:rgb(225,225,225) currentcolor currentcolor;border-style:solid none none;border-width:1pt medium medium;padding:3pt 0cm 0cm">
                  <p class="MsoNormal"><b><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US">From:</span></b><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US"> Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">servercert-wg-bounces@cabforum.org</a>>
                      <b>On Behalf Of </b>Ben Wilson via Servercert-wg<br>
                      <b>Sent:</b> Freitag, 11. November 2022 00:53<br>
                      <b>To:</b> CA/B Forum Server Certificate WG Public
                      Discussion List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br>
                      <b>Subject:</b> Re: [Servercert-wg] Proposal to
                      Incorporate Mozilla's CRL Revocation Reason Code
                      Requirements into the BRs</span></p>
                </div>
                <p class="MsoNormal"> </p>
                <div>
                  <div>
                    <p class="MsoNormal">All,</p>
                  </div>
                  <div>
                    <p class="MsoNormal">Here is another iteration of a
                      proposal to incorporate Mozilla's CRL reason code
                      requirements into the Baseline Requirements.
                    </p>
                  </div>
                  <div>
                    <p class="MsoNormal">I am open to your suggestions
                      and recommendations on how to make this better.
                    </p>
                  </div>
                  <div>
                    <p class="MsoNormal">I'll put another draft in
                      GitHub again after I receive feedback.</p>
                  </div>
                  <div>
                    <p class="MsoNormal">Thanks,</p>
                  </div>
                  <div>
                    <p class="MsoNormal">Ben</p>
                  </div>
                </div>
                <p class="MsoNormal"> </p>
                <div>
                  <div>
                    <p class="MsoNormal">On Tue, Sep 20, 2022 at 10:16
                      PM Ben Wilson via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
                      wrote:</p>
                  </div>
                  <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                    <div>
                      <div>
                        <p class="MsoNormal">Hi Corey,</p>
                      </div>
                      <div>
                        <p class="MsoNormal"> </p>
                      </div>
                      <div>
                        <p class="MsoNormal">See responses below.</p>
                      </div>
                      <p class="MsoNormal"> </p>
                      <div>
                        <div>
                          <p class="MsoNormal">On Wed, Sep 14, 2022 at
                            11:38 AM Corey Bonnell <<a href="mailto:Corey.Bonnell@digicert.com" target="_blank">Corey.Bonnell@digicert.com</a>>
                            wrote:</p>
                        </div>
                        <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                          <div>
                            <div>
                              <div>
                                <p class="MsoNormal"><span lang="EN-US">Hi
                                    Ben,</span></p>
                                <p class="MsoNormal"><span lang="EN-US">It
                                    appears the ballot text has
                                    potential divergences from the
                                    published MRSP:</span></p>
                                <p class="MsoNormal"><span lang="EN-US"> 
                                  </span></p>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                        <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                          <div>
                            <div>
                              <div>
                                <p class="MsoNormal"><span lang="EN-US">1.
                                    This ballot prohibits other
                                    CRLReasons from appearing in CRLs.
                                    This is meaningfully different from
                                    MRSP, where the new requirements are
                                    applicable solely to revocations
                                    that occur on or after the effective
                                    date.</span></p>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <div>
                          <p class="MsoNormal"> I think this can be
                            fixed with some language changes.</p>
                        </div>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                          <div>
                            <div>
                              <div>
                                <p class="MsoNormal"><span lang="EN-US">2.
                                    There is no requirement to document
                                    reason codes in the Subscriber
                                    Agreement, whereas there is in MRSP.
                                    Is this change intentional?</span></p>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <div>
                          <p class="MsoNormal">Not exactly an
                            intentional elimination of the requirement,
                            but I can make the ballot consistent with
                            the MRSP with some language changes as well.
                            My idea was to suggest that CAs could
                            incorporate the necessary information "by
                            reference" so that the CRL reason code
                            explanations wouldn't have to appear fully
                            in Subscriber Agreements or Terms of Use.</p>
                        </div>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                          <div>
                            <div>
                              <div>
                                <p class="MsoNormal"><span lang="EN-US">3.
                                    Regarding 24-hour revocation reason
                                    #5: it appears that
                                    privilegeWithdrawn is now allowed.
                                    According to MRSP, only superseded
                                    is appropriate for this case.</span></p>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <div>
                          <p class="MsoNormal">For consistency, I'll
                            change this to superseded only. </p>
                        </div>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                          <div>
                            <div>
                              <div>
                                <p class="MsoNormal"><span lang="EN-US">4.
                                    Regarding 5-day revocation reason
                                    #9: this is not a scenario listed in
                                    MRSP. In other words, this
                                    revocation scenario must be denoted
                                    as “unspecified” as the CRLReason
                                    under MRSP. Therefore, it is not
                                    possible to satisfy both the
                                    proposed BR text and MRSP.</span></p>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <div>
                          <p class="MsoNormal">That's probably the
                            approach to take - thanks.  Another
                            possibility is to move this revocation
                            reason down to 4.9.1.2 - CAs should revoke
                            the intermediate CA certificate(s) rather
                            than all end entity certificates.
                          </p>
                        </div>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                          <div>
                            <div>
                              <div>
                                <p class="MsoNormal"><span lang="EN-US">5. 
                                    Regarding 5-day revocation reason
                                    #10: this appears to be like
                                    scenario #7, but it is different in
                                    that revocation may be required even
                                    if there’s no violation of the
                                    CP/CPS. I don’t think this scenario
                                    is enumerated in MRSP, so it is not
                                    possible to specify a reason code
                                    that satisfies both MRSP and this
                                    ballot for this scenario.</span></p>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <div>
                          <p class="MsoNormal">Kathleen and I think that
                            this reason is in the MRSP under the section
                            for the superseded CRLReason -  "the CA
                            operator has revoked the certificate for
                            compliance reasons such as the certificate
                            does not comply with this policy, the
                            CA/Browser Forum's Baseline Requirements, or
                            the CA operator’s CP or CPS". </p>
                        </div>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                          <div>
                            <div>
                              <div>
                                <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                <p class="MsoNormal"><span lang="EN-US">More
                                    generally, the Defined Term
                                    “Certificate” should be used
                                    throughout the ballot for
                                    consistency.</span></p>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <div>
                          <p class="MsoNormal">Agreed.  Thanks.</p>
                        </div>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                          <div>
                            <div>
                              <div>
                                <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                <p class="MsoNormal"><span lang="EN-US">Thanks,</span></p>
                                <p class="MsoNormal"><span lang="EN-US">Corey</span></p>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                        <div>
                          <p class="MsoNormal"> </p>
                        </div>
                        <div>
                          <p class="MsoNormal">Thanks,</p>
                        </div>
                        <div>
                          <p class="MsoNormal">Ben </p>
                        </div>
                        <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                          <div>
                            <div>
                              <div>
                                <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                <div style="border-style:solid none none;border-width:1pt medium medium;padding:3pt 0cm 0cm;border-color:currentcolor">
                                  <p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">servercert-wg-bounces@cabforum.org</a>>
                                      <b>On Behalf Of </b>Ben Wilson
                                      via Servercert-wg<br>
                                      <b>Sent:</b> Tuesday, September
                                      13, 2022 11:37 PM<br>
                                      <b>To:</b> Ben Wilson <<a href="mailto:bwilson@mozilla.com" target="_blank">bwilson@mozilla.com</a>>;
                                      CA/B Forum Server Certificate WG
                                      Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br>
                                      <b>Subject:</b> Re:
                                      [Servercert-wg] Proposal to
                                      Incorporate Mozilla's CRL
                                      Revocation Reason Code
                                      Requirements into the BRs</span></p>
                                </div>
                                <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                <div>
                                  <div>
                                    <p class="MsoNormal"><span lang="EN-US">Here is the most
                                        current comparison:</span></p>
                                  </div>
                                  <div>
                                    <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                  </div>
                                  <div>
                                    <p class="MsoNormal"><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2Fbbca71465ed8a8a76383086039f52c750009286a..1699612e5157423f607d67cc8ab9dc3a1d52b318&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6U2qShXXY%2FWlUn2vWCqq0YB8yQAQxEiQXejzc6pCawE%3D&reserved=0" target="_blank">https://github.com/cabforum/servercert/compare/bbca71465ed8a8a76383086039f52c750009286a..1699612e5157423f607d67cc8ab9dc3a1d52b318</a></span></p>
                                  </div>
                                  <div>
                                    <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                  </div>
                                  <div>
                                    <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                  </div>
                                </div>
                                <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                <div>
                                  <div>
                                    <p class="MsoNormal"><span lang="EN-US">On Mon, Sep 12,
                                        2022 at 11:00 AM Ben Wilson <<a href="mailto:bwilson@mozilla.com" target="_blank">bwilson@mozilla.com</a>>
                                        wrote:</span></p>
                                  </div>
                                  <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                    <div>
                                      <div>
                                        <p class="MsoNormal"><span lang="EN-US">Here is another
                                            edit that tries to make
                                            minimal changes to BR
                                            section 4.9.1.1.</span></p>
                                      </div>
                                      <div>
                                        <p class="MsoNormal"><span lang="EN-US"><a href="http://goog_144053405" target="_blank"><br>
                                            </a></span></p>
                                      </div>
                                      <div>
                                        <p class="MsoNormal"><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FBenWilson-Mozilla%2Fservercert%2Fcommit%2F94a07d08855cf489a2bdddff7d8a9490969d5d06&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=h0d4CsixQeyG7GMzM2nqO3ScDRRM1EomVg%2BuwI3lBIc%3D&reserved=0" target="_blank">https://github.com/BenWilson-Mozilla/servercert/commit/94a07d08855cf489a2bdddff7d8a9490969d5d06</a></span></p>
                                      </div>
                                      <div>
                                        <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                      </div>
                                      <div>
                                        <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                      </div>
                                    </div>
                                    <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                    <div>
                                      <div>
                                        <p class="MsoNormal"><span lang="EN-US">On Mon, Sep 12,
                                            2022 at 9:51 AM Ben Wilson
                                            via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
                                            wrote:</span></p>
                                      </div>
                                      <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                        <div>
                                          <div>
                                            <p class="MsoNormal"><span lang="EN-US">Thanks,
                                                Dimitris. I'll work on
                                                that approach and get
                                                something back to you
                                                soon.</span></p>
                                          </div>
                                          <div>
                                            <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                          </div>
                                        </div>
                                        <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                        <div>
                                          <div>
                                            <p class="MsoNormal"><span lang="EN-US">On Mon, Sep
                                                12, 2022 at 2:56 AM
                                                Dimitris Zacharopoulos
                                                (HARICA) <<a href="mailto:dzacharo@harica.gr" target="_blank">dzacharo@harica.gr</a>> wrote:</span></p>
                                          </div>
                                          <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                            <div>
                                              <p class="MsoNormal"><span lang="EN-US">Hi Ben,<br>
                                                  <br>
                                                  After a quick reading,
                                                  I noticed that the
                                                  subsections are not
                                                  symmetrical and a bit
                                                  inconsistent. For
                                                  example, some of them
                                                  contain the statement
                                                  "the CA SHOULD revoke
                                                  a certificate within
                                                  24 hours and MUST
                                                  revoke a Certificate
                                                  within 5 days", some
                                                  do not.<br>
                                                  <br>
                                                  Other examples:</span></p>
                                              <ul type="disc">
                                                <li class="MsoNormal">
                                                  <span lang="EN-US">4.9.1.1.1,
                                                    is labeled
                                                    "Subscriber-Requested
                                                    Revocation", however
                                                    there are other
                                                    subsections that are
                                                    also
                                                    "Subscriber-Requested".
                                                    This separation
                                                    seems confusing.</span></li>
                                                <li class="MsoNormal">
                                                  <span lang="EN-US">4.9.1.1.4
                                                    is about unreliable
                                                    validation but most
                                                    of the remaining
                                                    subsections are
                                                    titled after the RFC
                                                    5280 revocation
                                                    reasons.</span></li>
                                              </ul>
                                              <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US">Finally,
                                                  it's not very clear
                                                  when the "unspecified
                                                  (0)" reason must be
                                                  used because of
                                                  section 4.9.1.1.8
                                                  (Other Circumstances)
                                                  which doesn't point to
                                                  a revocation reason.<br>
                                                  <br>
                                                  >From my
                                                  perspective, I'm not
                                                  sure if breaking down
                                                  each subsection is
                                                  more helpful for
                                                  reading the revocation
                                                  requirements than the
                                                  current listing. I
                                                  understand there is a
                                                  desire to copy the
                                                  MRSP language as much
                                                  as possible but
                                                  perhaps we need to
                                                  consider a less
                                                  "intrusive" set of
                                                  changes to a section
                                                  that CAs already have
                                                  a difficult time
                                                  reading and
                                                  implementing.<br>
                                                  <br>
                                                  IMO we either need to
                                                  describe the
                                                  revocation scenario
                                                  and point to the RFC
                                                  5280 revocation reason
                                                  (closer to what the
                                                  BRs have today), or
                                                  start with the RFC
                                                  5280 revocation
                                                  reasons and enumerate
                                                  the revocation
                                                  scenarios (closer to
                                                  what MRSP has today).
                                                  I find it confusing to
                                                  mix the two
                                                  approaches.<br>
                                                  <br>
                                                  <br>
                                                  Thanks,<br>
                                                  Dimitris.</span></p>
                                              <div>
                                                <p class="MsoNormal"><span lang="EN-US">On
                                                    12/9/2022 6:32 π.μ.,
                                                    Ben Wilson wrote:</span></p>
                                              </div>
                                              <blockquote style="margin-top:5pt;margin-bottom:5pt">
                                                <div>
                                                  <div>
                                                    <p class="MsoNormal"><span lang="EN-US">For
                                                        review - here is
                                                        another proposal
                                                        that takes BR
                                                        section 4.9.1.1
                                                        and puts the
                                                        24-hour and
                                                        5-day revocation
                                                        times into
                                                        subsections that
                                                        match the CRL
                                                        reason codes.  </span></p>
                                                  </div>
                                                  <div>
                                                    <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                  </div>
                                                  <div>
                                                    <p class="MsoNormal"><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FBenWilson-Mozilla%2Fservercert%2Fcommit%2Fb185a28fcc20d5853747e4506103823e3dc7c282&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=opmFVkFFcOqc3DWpy%2BwP%2B79ihMxBOPnZE34AGDSKjWY%3D&reserved=0" target="_blank">https://github.com/BenWilson-Mozilla/servercert/commit/b185a28fcc20d5853747e4506103823e3dc7c282</a></span></p>
                                                  </div>
                                                  <div>
                                                    <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                  </div>
                                                  <div>
                                                    <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                                  </div>
                                                </div>
                                                <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                <div>
                                                  <div>
                                                    <p class="MsoNormal"><span lang="EN-US">On
                                                        Thu, Sep 8, 2022
                                                        at 12:05 PM
                                                        Dimitris
                                                        Zacharopoulos
                                                        (HARICA) <<a href="mailto:dzacharo@harica.gr" target="_blank">dzacharo@harica.gr</a>> wrote:</span></p>
                                                  </div>
                                                  <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                                    <div>
                                                      <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US">Good point.<br>
                                                          <br>
                                                          s/<i>expected/shall
                                                          use/<br>
                                                          <br>
                                                          </i></span></p>
                                                      <div>
                                                        <p class="MsoNormal"><span lang="EN-US">On
                                                          8/9/2022 8:26
                                                          μ.μ., Tim
                                                          Hollebeek
                                                          wrote:</span></p>
                                                      </div>
                                                      <blockquote style="margin-top:5pt;margin-bottom:5pt">
                                                        <div>
                                                          <p class="MsoNormal"><span lang="EN-US">I
                                                          would prefer
                                                          standard 2119
                                                          language
                                                          instead of an
“expectation”.  There are no documented rules for what it means for a
                                                          CRLReason to
                                                          be expected to
                                                          be a certain
                                                          value.</span></p>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <p class="MsoNormal"><span lang="EN-US">-Tim</span></p>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <div style="border-style:none none none solid;border-width:medium medium medium 1.5pt;padding:0cm 0cm 0cm 4pt;border-color:currentcolor currentcolor currentcolor blue">
                                                          <div>
                                                          <div style="border-style:solid none none;border-width:1pt medium medium;padding:3pt 0cm 0cm;border-color:currentcolor">
                                                          <p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US">
                                                          Servercert-wg
                                                          <a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank"><servercert-wg-bounces@cabforum.org></a>
                                                          <b>On Behalf
                                                          Of </b>Dimitris
                                                          Zacharopoulos
                                                          (HARICA) via
                                                          Servercert-wg<br>
                                                          <b>Sent:</b>
                                                          Thursday,
                                                          September 8,
                                                          2022 3:21 AM<br>
                                                          <b>To:</b> Ben
                                                          Wilson <a href="mailto:bwilson@mozilla.com" target="_blank"><bwilson@mozilla.com></a>;
                                                          CA/B Forum
                                                          Server
                                                          Certificate WG
                                                          Public
                                                          Discussion
                                                          List
                                                          <a href="mailto:servercert-wg@cabforum.org" target="_blank"><servercert-wg@cabforum.org></a><br>
                                                          <b>Subject:</b>
                                                          Re:
                                                          [Servercert-wg]
                                                          Proposal to
                                                          Incorporate
                                                          Mozilla's CRL
                                                          Revocation
                                                          Reason Code
                                                          Requirements
                                                          into the BRs</span></p>
                                                          </div>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US"> </span></p>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          7/9/2022 8:22
                                                          μ.μ., Ben
                                                          Wilson wrote:</span></p>
                                                          </div>
                                                          <blockquote style="margin-top:5pt;margin-bottom:5pt">
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Good
                                                          suggestion. I
                                                          can re-work a
                                                          proposal that
                                                          re-writes BR
                                                          sec. 4.9.1.1
                                                          to re-group
                                                          the revocation
                                                          reasons into
                                                          the reason
                                                          codes that
                                                          should be
                                                          used. Is that
                                                          what you were
                                                          thinking? </span></p>
                                                          </div>
                                                          </div>
                                                          </blockquote>
                                                          <p class="MsoNormal"><span lang="EN-US"><br>
                                                          Yes. We should
                                                          also try to
                                                          keep the
                                                          current BRs
                                                          prioritization.
                                                          The section
                                                          begins with
                                                          the cases
                                                          where the
                                                          Certificate(s)
                                                          need to be
                                                          revoked within
                                                          24h and then
                                                          moves to the
                                                          5-day
                                                          revocation
                                                          cases.<br>
                                                          <br>
                                                          We could walk
                                                          this list down
                                                          making sure
                                                          that all
                                                          Mozilla cases
                                                          are listed
                                                          (add the ones
                                                          that are not)
                                                          and add the
                                                          expected
                                                          revocationReason
                                                          for each case.
                                                          For example:</span></p>
                                                          <p><i><span lang="EN-US">The
                                                          CA SHALL
                                                          revoke a
                                                          Certificate
                                                          within 24
                                                          hours if one
                                                          or more of the
                                                          following
                                                          occurs:</span></i><span lang="EN-US"></span></p>
                                                          <ol type="1" start="1">
                                                          <li class="MsoNormal">
                                                          <i><span lang="EN-US">The
                                                          Subscriber
                                                          requests in
                                                          writing that
                                                          the CA revoke
                                                          the
                                                          Certificate
                                                          (expected
                                                          CRLReason:<b>unspecified</b>);</span></i><span lang="EN-US"></span></li>
                                                          <li class="MsoNormal">
                                                          <i><span lang="EN-US">The
                                                          Subscriber
                                                          notifies the
                                                          CA that the
                                                          original
                                                          certificate
                                                          request was
                                                          not authorized
                                                          and does not
                                                          retroactively
                                                          grant
                                                          authorization
                                                          (expected
                                                          CRLReason:</span></i><b><i><span style="font-family:"Calibri",sans-serif" lang="EN-US">privilegeWithdrawn</span></i></b><i><span lang="EN-US">);</span></i><span lang="EN-US"></span></li>
                                                          <li class="MsoNormal">
                                                          <i><span lang="EN-US">The
                                                          CA obtains
                                                          evidence that
                                                          the
                                                          Subscriber's
                                                          Private Key
                                                          corresponding
                                                          to the Public
                                                          Key in the
                                                          Certificate
                                                          suffered a Key
                                                          Compromise
                                                          (expected
                                                          CRLReason:<b>keyCompromise</b>);</span></i><span lang="EN-US"></span></li>
                                                          <li class="MsoNormal">
                                                          <i><span lang="EN-US">The
                                                          CA is made
                                                          aware of a
                                                          demonstrated
                                                          or proven
                                                          method that
                                                          can easily
                                                          compute the
                                                          Subscriber's
                                                          Private Key
                                                          based on the
                                                          Public Key in
                                                          the
                                                          Certificate
                                                          (such as a
                                                          Debian weak
                                                          key, see
                                                          </span></i><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FV7HivQUf9v8s2xTxi1rVgVbg7XfH9TtU4RjlKL0T6c%3D&reserved=0" target="_blank"><i>https://wiki.debian.org/SSLkeys</i></a><i>)
                                                          (expected
                                                          CRLReason:<b>keyCompromise</b>);</i></span></li>
                                                          <li class="MsoNormal">
                                                          <i><span lang="EN-US">The
                                                          CA obtains
                                                          evidence that
                                                          the validation
                                                          of domain
                                                          authorization
                                                          or control for
                                                          any
                                                          Fully-Qualified
                                                          Domain Name or
                                                          IP address in
                                                          the
                                                          Certificate
                                                          should not be
                                                          relied upon
                                                          (expected
                                                          CRLReason:
                                                          </span></i><b><i><span style="font-family:"Calibri",sans-serif" lang="EN-US">superseded</span></i></b><i><span lang="EN-US">).</span></i><span lang="EN-US"></span></li>
                                                          </ol>
                                                          <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US">and so on.<br>
                                                          <br>
                                                          Does that
                                                          work?<br>
                                                          <br>
                                                          Dimitris.</span></p>
                                                          <blockquote style="margin-top:5pt;margin-bottom:5pt">
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Thanks,</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                                          </div>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          Wed, Sep 7,
                                                          2022 at 6:01
                                                          AM Dimitris
                                                          Zacharopoulos
                                                          (HARICA) via
                                                          Servercert-wg
                                                          <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
                                                          wrote:</span></p>
                                                          </div>
                                                          <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                                          <div>
                                                          <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US">Hi Ben,<br>
                                                          <br>
                                                          I believe the
                                                          proposal, as
                                                          written,
                                                          causes
                                                          confusion in
                                                          regards to
                                                          4.9.1.1. Some
                                                          of the reasons
                                                          described in
                                                          your proposal
                                                          are already
                                                          mentioned in
                                                          4.9.1.1.
                                                          Perhaps we
                                                          should work
                                                          some more to
                                                          "unify" the
                                                          two sections.<br>
                                                          <br>
                                                          My proposal
                                                          would be to
                                                          update 4.9.1.1
                                                          and include
                                                          the expected
                                                          CRLReason
                                                          after each
                                                          case.<br>
                                                          <br>
                                                          <br>
                                                          Thoughts?<br>
                                                          Dimitris.</span></p>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          6/9/2022 8:13
                                                          μ.μ., Ben
                                                          Wilson via
                                                          Servercert-wg
                                                          wrote:</span></p>
                                                          </div>
                                                          <blockquote style="margin-top:5pt;margin-bottom:5pt">
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">All,</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">I'm
                                                          looking for
                                                          one more
                                                          endorser.</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Thanks,</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                                          </div>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          Fri, Jul 29,
                                                          2022 at 12:40
                                                          PM Ben Wilson
                                                          via
                                                          Servercert-wg
                                                          <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
                                                          wrote:</span></p>
                                                          </div>
                                                          <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">All,</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">I
                                                          have created a
                                                          proposal in
                                                          Github to
                                                          incorporate
                                                          Mozilla's CRL
                                                          Revocation
                                                          Reason Code
                                                          requirements
                                                          into the
                                                          Baseline
                                                          Requirements. 
                                                          </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">See
                                                          <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fissues%2F377&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=D4KPoI9FuCxKdr9yp378P8kEzjJq9wX%2FUEj%2F0SDufv4%3D&reserved=0" target="_blank">
https://github.com/cabforum/servercert/issues/377</a></span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FBenWilson-Mozilla%2Fservercert%2Fcommit%2F52a480803beff1f96d61c4b6d76570ac7adff4d5&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LOfjUsptzgpQxI1k6K8oUgU0aj2LDncd48ZzuXe86Hs%3D&reserved=0" target="_blank">https://github.com/BenWilson-Mozilla/servercert/commit/52a480803beff1f96d61c4b6d76570ac7adff4d5</a></span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">I'm
                                                          looking for
                                                          comments,
                                                          suggestions,
                                                          and two
                                                          endorsers.</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Thanks,</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                                          </div>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US">_______________________________________________<br>
                                                          Servercert-wg
                                                          mailing list<br>
                                                          <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
                                                          <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iis%2B0QIl3jXlnwoZxV15jIUE%2FGB%2FtJyHdECcBBoSrcQ%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span></p>
                                                          </blockquote>
                                                          </div>
                                                          <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US"> </span></p>
                                                          <pre><span lang="EN-US">_______________________________________________</span></pre>
                                                          <pre><span lang="EN-US">Servercert-wg mailing list</span></pre>
                                                          <pre><span lang="EN-US"><a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a></span></pre>
                                                          <pre><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iis%2B0QIl3jXlnwoZxV15jIUE%2FGB%2FtJyHdECcBBoSrcQ%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span></pre>
                                                          </blockquote>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US">_______________________________________________<br>
                                                          Servercert-wg
                                                          mailing list<br>
                                                          <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
                                                          <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iis%2B0QIl3jXlnwoZxV15jIUE%2FGB%2FtJyHdECcBBoSrcQ%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span></p>
                                                          </blockquote>
                                                          </div>
                                                          </blockquote>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                        </div>
                                                      </blockquote>
                                                      <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                    </div>
                                                  </blockquote>
                                                </div>
                                              </blockquote>
                                              <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                            </div>
                                          </blockquote>
                                        </div>
                                        <p class="MsoNormal"><span lang="EN-US">_______________________________________________<br>
                                            Servercert-wg mailing list<br>
                                            <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
                                            <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iis%2B0QIl3jXlnwoZxV15jIUE%2FGB%2FtJyHdECcBBoSrcQ%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span></p>
                                      </blockquote>
                                    </div>
                                  </blockquote>
                                </div>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                      </div>
                    </div>
                    <p class="MsoNormal">_______________________________________________<br>
                      Servercert-wg mailing list<br>
                      <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
                      <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688965625%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rOfjT8%2B0oEL1XaQtLBTQ5EQOkSK3lJR0AbU1lVyZF68%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></p>
                  </blockquote>
                </div>
              </div>
            </div>
            _______________________________________________<br>
            Servercert-wg mailing list<br>
            <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
            <a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
          </div>
        </blockquote>
      </div>
      <br>
      <fieldset></fieldset>
      <pre>_______________________________________________
Servercert-wg mailing list
<a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a>
<a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
    </blockquote>
    <br>
  </div>

_______________________________________________<br>
Servercert-wg mailing list<br>
<a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
<a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
</blockquote></div>