<div dir="ltr">Great - thanks.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jan 5, 2023 at 10:06 AM Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr">dzacharo@harica.gr</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    Hi Ben,<br>
    <br>
    I saw your comments with proposed language, and here are my
    thoughts, in-line:<br>
    <br>
    <div>On 4/1/2023 8:50 μ.μ., Ben Wilson
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div>Hi Dimitris, <br>
        </div>
        <div><br>
        </div>
        <div>I have submitted two comments that I think need to be
          resolved.</div>
        <div><br>
        </div>
        <div>I think the first "1" should be written as:</div>
        <div><br>
        </div>
        <div>
          The Subscriber requests in writing, <em><strong>without
              giving a reason required to be specified by this section
              4.9.1.1,</strong></em> that the CA revoke the ..."
        </div>
        <div><br>
        </div>
      </div>
    </blockquote>
    <br>
    I prefer your <a href="https://github.com/cabforum/servercert/pull/405/files#r1061778056" target="_blank">earlier
      comment</a> which says<br>
    <br>
    "1. The Subscriber requests in writing, <em><strong>without giving
        a reason,</strong></em> that the CA revoke the ..."<br>
    <br>
    I believe this language is simpler as long as this option is
    available to Subscribers that just want to revoke a certificate and
    don't want to suggest a specific reason. I assume this is still
    allowed.<br>
    <br>
    <br>
    <blockquote type="cite">
      <div dir="ltr">
        <div>Number 10 in the second list should be written as:</div>
        <div><br>
        </div>
        <div>
          "10. Revocation is required by the CA's Certificate Policy
          and/or Certification Practice Statement <em><strong>for a
              reason that is not otherwise required to be specified by
              this section 4.9.1.1</strong></em> ..." <br>
        </div>
      </div>
    </blockquote>
    <br>
    +1<br>
    <br>
    If you are ok with the first option, I will update the PR.<br>
    <br>
    Thanks!<br>
    Dimitris.<br>
    <br>
    <blockquote type="cite">
      <div dir="ltr">
        <div><br>
        </div>
        <div>Ben<br>
        </div>
        <span><span></span></span>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Tue, Nov 22, 2022 at 1:12
          AM Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr" target="_blank">dzacharo@harica.gr</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div> I created <a href="https://github.com/cabforum/servercert/pull/405/files" target="_blank">https://github.com/cabforum/servercert/pull/405/files</a>
            which includes some elements from your proposal and MRSP
            language. <br>
            <br>
            I also did a comparison of BRs section 4.9.1.1 revocation
            use cases that are already mentioned in MRSP section 6.1.1
            (attached). There are only a few revocation use cases
            mentioned in MRSP that are not explicitly described in
            4.9.1.1 so we could try adding those to 4.9.1.1 for full
            consistency.<br>
            <br>
            This proposal:<br>
            <ul>
              <li>explains the expectations for each reasonCode</li>
              <li>preserves the existing 5 revocation use cases for 24h
                and the 11 cases for 5-day that CAs/auditors are already
                familiar with, and adds an explicit reasonCode per MRSP.<br>
              </li>
            </ul>
            This presentation format is already familiar to CAs, less
            ambiguous, and IMO minimizes the risk of implementing
            incorrectly.<br>
            <br>
            <br>
            Thanks,<br>
            Dimitris.<br>
            <br>
            <br>
            <div>On 17/11/2022 5:46 μ.μ., Ben Wilson wrote:<br>
            </div>
            <blockquote type="cite">
              <div dir="ltr">
                <div>Sounds good. Thanks, Dimitris.</div>
                <div>Ben<br>
                </div>
              </div>
              <br>
              <div class="gmail_quote">
                <div dir="ltr" class="gmail_attr">On Wed, Nov 16, 2022
                  at 11:23 PM Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr" target="_blank">dzacharo@harica.gr</a>>
                  wrote:<br>
                </div>
                <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                  <div> <br>
                    <br>
                    <div>On 15/11/2022 6:11 μ.μ., Ben Wilson wrote:<br>
                    </div>
                    <blockquote type="cite">
                      <div dir="ltr">That could simplify it, but
                        Mozilla's CRL Reason Code rules would still
                        supersede that section.<br>
                      </div>
                    </blockquote>
                    <br>
                    I don't see it as "superseding" but differently
                    "presented". Mozilla chose that particular
                    presentation format without taking into
                    consideration the time limits for revocation. <a href="https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md#611-end-entity-tls-certificate-crlrevocation-reasons" target="_blank">MRSP </a>only
                    mentions the reasons and expectations for using such
                    reasons. The BRs are more explicit in the use cases
                    and it's more important for the CA to know which
                    cases must be revoked within 24 hours and which ones
                    must be revoked within 5 days. It's a better
                    "starting point" for CAs, and that's that they are
                    used to follow. <br>
                    <br>
                    I believe we can successfully update 4.9.1.1 to
                    aligned with MRSP section 6.1 without changing the
                    current presentation format of revocation use cases
                    in the BRs. If you are open to the idea, I can work
                    with you on a more concrete proposal and see how it
                    looks.<br>
                    <br>
                    <br>
                    Thanks,<br>
                    Dimitris.<br>
                    <br>
                    <blockquote type="cite"><br>
                      <div class="gmail_quote">
                        <div dir="ltr" class="gmail_attr">On Tue, Nov
                          15, 2022 at 2:22 AM Dimitris Zacharopoulos
                          (HARICA) via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
                          wrote:<br>
                        </div>
                        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                          <div>
                            <div>On 15/11/2022 1:02 π.μ., Ben Wilson via
                              Servercert-wg wrote:<br>
                            </div>
                            <blockquote type="cite">
                              <div dir="ltr">
                                <div>Thanks.</div>
                                <div><br>
                                </div>
                                <div>Any additional thoughts,
                                  recommendations, etc.?</div>
                              </div>
                            </blockquote>
                            <br>
                            Hi Ben,<br>
                            <br>
                            I assume that the use cases described within
                            the parenthesis under 4.9.1.1 are "examples"
                            which means that the "i.e." should be
                            replaced with "e.g.". <br>
                            <br>
                            I am not very much in favor of the breakown
                            of subsections for each revocation
                            reasonCode which repeats the language
                            "SHOULD revoke within 24 hours and SHALL
                            revoke within 5 days" in various cases, and
                            gets especially confusing when the
                            Subscriber requests in writing, which can
                            apply to several reasonCodes.<br>
                            <br>
                            The previous attempt keeping the existing
                            structure that CAs/Auditors are already
                            familiar with, seems like a better approach.
                            That's because CAs already have controls in
                            place to handle "specific revocation use
                            cases" as they are listed in the current
                            sections 4.9.1.1 and 4.9.1.2. All we need to
                            do now is map those known cases to a
                            specific RFC5280 reasonCode.<br>
                            <br>
                            If additional revocation use cases have been
                            documented in MRSP, we can add those in <a href="http://4.9.1.1/2" target="_blank">4.9.1.1/2</a> as
                            needed.<br>
                            <br>
                            What do others think? Should we try to
                            minimize the changes to 4.9.1.1 and 4.9.1.2
                            or do a complete restructuring?<br>
                            <br>
                            <br>
                            Thanks,<br>
                            Dimitris.<br>
                            <br>
                            <br>
                            <blockquote type="cite">
                              <div dir="ltr">
                                <div><br>
                                </div>
                                <div>Ben<br>
                                </div>
                              </div>
                              <br>
                              <div class="gmail_quote">
                                <div dir="ltr" class="gmail_attr">On
                                  Thu, Nov 10, 2022 at 11:33 PM Roman
                                  Fischer via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
                                  wrote:<br>
                                </div>
                                <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                                  <div>
                                    <div lang="DE">
                                      <div>
                                        <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif">Dear
                                            Ben,</span></p>
                                        <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif"> </span></p>
                                        <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US">Thanks for your
                                            effort to make it better
                                            understandable. Even for me
                                            as a non-native speaker it’s
                                            now much clearer when to use
                                            which reasonCode (but it’s
                                            still very complex!).</span></p>
                                        <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US"> </span></p>
                                        <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US">Could the
                                            section</span></p>
                                        <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US"> </span></p>
                                        <p class="MsoNormal"><span lang="EN-US">** The
                                            privilegeWithdrawn
                                            reasonCode <span style="background:yellow">
                                              does not need to be made
                                              available</span> to the
                                            Subscriber as a revocation
                                            reason option, because the
                                            use of this reasonCode is
                                            determined by the CA and not
                                            the Subscriber.</span><span style="font-size:11pt" lang="EN-US"></span></p>
                                        <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US"> </span></p>
                                        <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US">be reformulated
                                            to use one of the RFC 2119
                                            terms? Maybe your intention
                                            was “SHALL NOT be made
                                            available”?</span></p>
                                        <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US"> </span></p>
                                        <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US">Kind regards<br>
                                            Roman Fischer, SwissSign</span></p>
                                        <p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US"> </span></p>
                                        <div style="border-color:rgb(225,225,225) currentcolor currentcolor;border-style:solid none none;border-width:1pt medium medium;padding:3pt 0cm 0cm">
                                          <p class="MsoNormal"><b><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US">From:</span></b><span style="font-size:11pt;font-family:"Calibri",sans-serif" lang="EN-US">
                                              Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">servercert-wg-bounces@cabforum.org</a>>
                                              <b>On Behalf Of </b>Ben
                                              Wilson via Servercert-wg<br>
                                              <b>Sent:</b> Freitag, 11.
                                              November 2022 00:53<br>
                                              <b>To:</b> CA/B Forum
                                              Server Certificate WG
                                              Public Discussion List
                                              <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br>
                                              <b>Subject:</b> Re:
                                              [Servercert-wg] Proposal
                                              to Incorporate Mozilla's
                                              CRL Revocation Reason Code
                                              Requirements into the BRs</span></p>
                                        </div>
                                        <p class="MsoNormal"> </p>
                                        <div>
                                          <div>
                                            <p class="MsoNormal">All,</p>
                                          </div>
                                          <div>
                                            <p class="MsoNormal">Here is
                                              another iteration of a
                                              proposal to incorporate
                                              Mozilla's CRL reason code
                                              requirements into the
                                              Baseline Requirements. </p>
                                          </div>
                                          <div>
                                            <p class="MsoNormal">I am
                                              open to your suggestions
                                              and recommendations on how
                                              to make this better. </p>
                                          </div>
                                          <div>
                                            <p class="MsoNormal">I'll
                                              put another draft in
                                              GitHub again after I
                                              receive feedback.</p>
                                          </div>
                                          <div>
                                            <p class="MsoNormal">Thanks,</p>
                                          </div>
                                          <div>
                                            <p class="MsoNormal">Ben</p>
                                          </div>
                                        </div>
                                        <p class="MsoNormal"> </p>
                                        <div>
                                          <div>
                                            <p class="MsoNormal">On Tue,
                                              Sep 20, 2022 at 10:16 PM
                                              Ben Wilson via
                                              Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
                                              wrote:</p>
                                          </div>
                                          <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                                            <div>
                                              <div>
                                                <p class="MsoNormal">Hi
                                                  Corey,</p>
                                              </div>
                                              <div>
                                                <p class="MsoNormal"> </p>
                                              </div>
                                              <div>
                                                <p class="MsoNormal">See
                                                  responses below.</p>
                                              </div>
                                              <p class="MsoNormal"> </p>
                                              <div>
                                                <div>
                                                  <p class="MsoNormal">On
                                                    Wed, Sep 14, 2022 at
                                                    11:38 AM Corey
                                                    Bonnell <<a href="mailto:Corey.Bonnell@digicert.com" target="_blank">Corey.Bonnell@digicert.com</a>> wrote:</p>
                                                </div>
                                                <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <p class="MsoNormal"><span lang="EN-US">Hi
                                                          Ben,</span></p>
                                                        <p class="MsoNormal"><span lang="EN-US">It
                                                          appears the
                                                          ballot text
                                                          has potential
                                                          divergences
                                                          from the
                                                          published
                                                          MRSP:</span></p>
                                                        <p class="MsoNormal"><span lang="EN-US"> 
                                                          </span></p>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </blockquote>
                                                <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <p class="MsoNormal"><span lang="EN-US">1.
                                                          This ballot
                                                          prohibits
                                                          other
                                                          CRLReasons
                                                          from appearing
                                                          in CRLs. This
                                                          is
                                                          meaningfully
                                                          different from
                                                          MRSP, where
                                                          the new
                                                          requirements
                                                          are applicable
                                                          solely to
                                                          revocations
                                                          that occur on
                                                          or after the
                                                          effective
                                                          date.</span></p>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </blockquote>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal"> I
                                                    think this can be
                                                    fixed with some
                                                    language changes.</p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <p class="MsoNormal"><span lang="EN-US">2.
                                                          There is no
                                                          requirement to
                                                          document
                                                          reason codes
                                                          in the
                                                          Subscriber
                                                          Agreement,
                                                          whereas there
                                                          is in MRSP. Is
                                                          this change
                                                          intentional?</span></p>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </blockquote>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal">Not
                                                    exactly an
                                                    intentional
                                                    elimination of the
                                                    requirement, but I
                                                    can make the ballot
                                                    consistent with the
                                                    MRSP with some
                                                    language changes as
                                                    well. My idea was to
                                                    suggest that CAs
                                                    could incorporate
                                                    the necessary
                                                    information "by
                                                    reference" so that
                                                    the CRL reason code
                                                    explanations
                                                    wouldn't have to
                                                    appear fully in
                                                    Subscriber
                                                    Agreements or Terms
                                                    of Use.</p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <p class="MsoNormal"><span lang="EN-US">3.
                                                          Regarding
                                                          24-hour
                                                          revocation
                                                          reason #5: it
                                                          appears that
                                                          privilegeWithdrawn
                                                          is now
                                                          allowed.
                                                          According to
                                                          MRSP, only
                                                          superseded is
                                                          appropriate
                                                          for this case.</span></p>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </blockquote>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal">For
                                                    consistency, I'll
                                                    change this to
                                                    superseded only. </p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <p class="MsoNormal"><span lang="EN-US">4.
                                                          Regarding
                                                          5-day
                                                          revocation
                                                          reason #9:
                                                          this is not a
                                                          scenario
                                                          listed in
                                                          MRSP. In other
                                                          words, this
                                                          revocation
                                                          scenario must
                                                          be denoted as
                                                          “unspecified”
                                                          as the
                                                          CRLReason
                                                          under MRSP.
                                                          Therefore, it
                                                          is not
                                                          possible to
                                                          satisfy both
                                                          the proposed
                                                          BR text and
                                                          MRSP.</span></p>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </blockquote>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal">That's
                                                    probably the
                                                    approach to take -
                                                    thanks.  Another
                                                    possibility is to
                                                    move this revocation
                                                    reason down to
                                                    4.9.1.2 - CAs should
                                                    revoke the
                                                    intermediate CA
                                                    certificate(s)
                                                    rather than all end
                                                    entity certificates.
                                                  </p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <p class="MsoNormal"><span lang="EN-US">5. 
                                                          Regarding
                                                          5-day
                                                          revocation
                                                          reason #10:
                                                          this appears
                                                          to be like
                                                          scenario #7,
                                                          but it is
                                                          different in
                                                          that
                                                          revocation may
                                                          be required
                                                          even if
                                                          there’s no
                                                          violation of
                                                          the CP/CPS. I
                                                          don’t think
                                                          this scenario
                                                          is enumerated
                                                          in MRSP, so it
                                                          is not
                                                          possible to
                                                          specify a
                                                          reason code
                                                          that satisfies
                                                          both MRSP and
                                                          this ballot
                                                          for this
                                                          scenario.</span></p>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </blockquote>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal">Kathleen
                                                    and I think that
                                                    this reason is in
                                                    the MRSP under the
                                                    section for the
                                                    superseded CRLReason
                                                    -  "the CA operator
                                                    has revoked the
                                                    certificate for
                                                    compliance reasons
                                                    such as the
                                                    certificate does not
                                                    comply with this
                                                    policy, the
                                                    CA/Browser Forum's
                                                    Baseline
                                                    Requirements, or the
                                                    CA operator’s CP or
                                                    CPS". </p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                        <p class="MsoNormal"><span lang="EN-US">More
                                                          generally, the
                                                          Defined Term
                                                          “Certificate”
                                                          should be used
                                                          throughout the
                                                          ballot for
                                                          consistency.</span></p>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </blockquote>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal">Agreed. 
                                                    Thanks.</p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                        <p class="MsoNormal"><span lang="EN-US">Thanks,</span></p>
                                                        <p class="MsoNormal"><span lang="EN-US">Corey</span></p>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </blockquote>
                                                <div>
                                                  <p class="MsoNormal"> </p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal">Thanks,</p>
                                                </div>
                                                <div>
                                                  <p class="MsoNormal">Ben
                                                  </p>
                                                </div>
                                                <blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                        <div style="border-style:solid none none;border-width:1pt medium medium;padding:3pt 0cm 0cm;border-color:currentcolor">
                                                          <p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US">
                                                          Servercert-wg
                                                          <<a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">servercert-wg-bounces@cabforum.org</a>>
                                                          <b>On Behalf
                                                          Of </b>Ben
                                                          Wilson via
                                                          Servercert-wg<br>
                                                          <b>Sent:</b>
                                                          Tuesday,
                                                          September 13,
                                                          2022 11:37 PM<br>
                                                          <b>To:</b> Ben
                                                          Wilson <<a href="mailto:bwilson@mozilla.com" target="_blank">bwilson@mozilla.com</a>>; CA/B Forum
                                                          Server
                                                          Certificate WG
                                                          Public
                                                          Discussion
                                                          List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br>
                                                          <b>Subject:</b>
                                                          Re:
                                                          [Servercert-wg]
                                                          Proposal to
                                                          Incorporate
                                                          Mozilla's CRL
                                                          Revocation
                                                          Reason Code
                                                          Requirements
                                                          into the BRs</span></p>
                                                        </div>
                                                        <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                        <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Here
                                                          is the most
                                                          current
                                                          comparison:</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2Fbbca71465ed8a8a76383086039f52c750009286a..1699612e5157423f607d67cc8ab9dc3a1d52b318&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6U2qShXXY%2FWlUn2vWCqq0YB8yQAQxEiQXejzc6pCawE%3D&reserved=0" target="_blank">https://github.com/cabforum/servercert/compare/bbca71465ed8a8a76383086039f52c750009286a..1699612e5157423f607d67cc8ab9dc3a1d52b318</a></span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                                          </div>
                                                        </div>
                                                        <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                        <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          Mon, Sep 12,
                                                          2022 at 11:00
                                                          AM Ben Wilson
                                                          <<a href="mailto:bwilson@mozilla.com" target="_blank">bwilson@mozilla.com</a>>
                                                          wrote:</span></p>
                                                          </div>
                                                          <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Here
                                                          is another
                                                          edit that
                                                          tries to make
                                                          minimal
                                                          changes to BR
                                                          section
                                                          4.9.1.1.</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"><a href="http://goog_144053405" target="_blank"><br>
                                                          </a></span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FBenWilson-Mozilla%2Fservercert%2Fcommit%2F94a07d08855cf489a2bdddff7d8a9490969d5d06&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=h0d4CsixQeyG7GMzM2nqO3ScDRRM1EomVg%2BuwI3lBIc%3D&reserved=0" target="_blank">https://github.com/BenWilson-Mozilla/servercert/commit/94a07d08855cf489a2bdddff7d8a9490969d5d06</a></span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                                          </div>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          Mon, Sep 12,
                                                          2022 at 9:51
                                                          AM Ben Wilson
                                                          via
                                                          Servercert-wg
                                                          <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
                                                          wrote:</span></p>
                                                          </div>
                                                          <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Thanks,
                                                          Dimitris. I'll
                                                          work on that
                                                          approach and
                                                          get something
                                                          back to you
                                                          soon.</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                                          </div>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          Mon, Sep 12,
                                                          2022 at 2:56
                                                          AM Dimitris
                                                          Zacharopoulos
                                                          (HARICA) <<a href="mailto:dzacharo@harica.gr" target="_blank">dzacharo@harica.gr</a>> wrote:</span></p>
                                                          </div>
                                                          <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Hi
                                                          Ben,<br>
                                                          <br>
                                                          After a quick
                                                          reading, I
                                                          noticed that
                                                          the
                                                          subsections
                                                          are not
                                                          symmetrical
                                                          and a bit
                                                          inconsistent.
                                                          For example,
                                                          some of them
                                                          contain the
                                                          statement "the
                                                          CA SHOULD
                                                          revoke a
                                                          certificate
                                                          within 24
                                                          hours and MUST
                                                          revoke a
                                                          Certificate
                                                          within 5
                                                          days", some do
                                                          not.<br>
                                                          <br>
                                                          Other
                                                          examples:</span></p>
                                                          <ul type="disc">
                                                          <li class="MsoNormal">
                                                          <span lang="EN-US">4.9.1.1.1,
                                                          is labeled
                                                          "Subscriber-Requested
                                                          Revocation",
                                                          however there
                                                          are other
                                                          subsections
                                                          that are also
"Subscriber-Requested". This separation seems confusing.</span></li>
                                                          <li class="MsoNormal">
                                                          <span lang="EN-US">4.9.1.1.4
                                                          is about
                                                          unreliable
                                                          validation but
                                                          most of the
                                                          remaining
                                                          subsections
                                                          are titled
                                                          after the RFC
                                                          5280
                                                          revocation
                                                          reasons.</span></li>
                                                          </ul>
                                                          <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US">Finally, it's not very
                                                          clear when the
                                                          "unspecified
                                                          (0)" reason
                                                          must be used
                                                          because of
                                                          section
                                                          4.9.1.1.8
                                                          (Other
                                                          Circumstances)
                                                          which doesn't
                                                          point to a
                                                          revocation
                                                          reason.<br>
                                                          <br>
                                                          >From my
                                                          perspective,
                                                          I'm not sure
                                                          if breaking
                                                          down each
                                                          subsection is
                                                          more helpful
                                                          for reading
                                                          the revocation
                                                          requirements
                                                          than the
                                                          current
                                                          listing. I
                                                          understand
                                                          there is a
                                                          desire to copy
                                                          the MRSP
                                                          language as
                                                          much as
                                                          possible but
                                                          perhaps we
                                                          need to
                                                          consider a
                                                          less
                                                          "intrusive"
                                                          set of changes
                                                          to a section
                                                          that CAs
                                                          already have a
                                                          difficult time
                                                          reading and
                                                          implementing.<br>
                                                          <br>
                                                          IMO we either
                                                          need to
                                                          describe the
                                                          revocation
                                                          scenario and
                                                          point to the
                                                          RFC 5280
                                                          revocation
                                                          reason (closer
                                                          to what the
                                                          BRs have
                                                          today), or
                                                          start with the
                                                          RFC 5280
                                                          revocation
                                                          reasons and
                                                          enumerate the
                                                          revocation
                                                          scenarios
                                                          (closer to
                                                          what MRSP has
                                                          today). I find
                                                          it confusing
                                                          to mix the two
                                                          approaches.<br>
                                                          <br>
                                                          <br>
                                                          Thanks,<br>
                                                          Dimitris.</span></p>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          12/9/2022 6:32
                                                          π.μ., Ben
                                                          Wilson wrote:</span></p>
                                                          </div>
                                                          <blockquote style="margin-top:5pt;margin-bottom:5pt">
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">For
                                                          review - here
                                                          is another
                                                          proposal that
                                                          takes BR
                                                          section
                                                          4.9.1.1 and
                                                          puts the
                                                          24-hour and
                                                          5-day
                                                          revocation
                                                          times into
                                                          subsections
                                                          that match the
                                                          CRL reason
                                                          codes.  </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FBenWilson-Mozilla%2Fservercert%2Fcommit%2Fb185a28fcc20d5853747e4506103823e3dc7c282&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=opmFVkFFcOqc3DWpy%2BwP%2B79ihMxBOPnZE34AGDSKjWY%3D&reserved=0" target="_blank">https://github.com/BenWilson-Mozilla/servercert/commit/b185a28fcc20d5853747e4506103823e3dc7c282</a></span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                                          </div>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          Thu, Sep 8,
                                                          2022 at 12:05
                                                          PM Dimitris
                                                          Zacharopoulos
                                                          (HARICA) <<a href="mailto:dzacharo@harica.gr" target="_blank">dzacharo@harica.gr</a>> wrote:</span></p>
                                                          </div>
                                                          <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                                          <div>
                                                          <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US">Good point.<br>
                                                          <br>
                                                          s/<i>expected/shall
                                                          use/<br>
                                                          <br>
                                                          </i></span></p>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          8/9/2022 8:26
                                                          μ.μ., Tim
                                                          Hollebeek
                                                          wrote:</span></p>
                                                          </div>
                                                          <blockquote style="margin-top:5pt;margin-bottom:5pt">
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">I
                                                          would prefer
                                                          standard 2119
                                                          language
                                                          instead of an
“expectation”.  There are no documented rules for what it means for a
                                                          CRLReason to
                                                          be expected to
                                                          be a certain
                                                          value.</span></p>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <p class="MsoNormal"><span lang="EN-US">-Tim</span></p>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <div style="border-style:none none none solid;border-width:medium medium medium 1.5pt;padding:0cm 0cm 0cm 4pt;border-color:currentcolor currentcolor currentcolor blue">
                                                          <div>
                                                          <div style="border-style:solid none none;border-width:1pt medium medium;padding:3pt 0cm 0cm;border-color:currentcolor">
                                                          <p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US">
                                                          Servercert-wg
                                                          <a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank"><servercert-wg-bounces@cabforum.org></a>
                                                          <b>On Behalf
                                                          Of </b>Dimitris
                                                          Zacharopoulos
                                                          (HARICA) via
                                                          Servercert-wg<br>
                                                          <b>Sent:</b>
                                                          Thursday,
                                                          September 8,
                                                          2022 3:21 AM<br>
                                                          <b>To:</b> Ben
                                                          Wilson <a href="mailto:bwilson@mozilla.com" target="_blank"><bwilson@mozilla.com></a>;
                                                          CA/B Forum
                                                          Server
                                                          Certificate WG
                                                          Public
                                                          Discussion
                                                          List <a href="mailto:servercert-wg@cabforum.org" target="_blank"><servercert-wg@cabforum.org></a><br>
                                                          <b>Subject:</b>
                                                          Re:
                                                          [Servercert-wg]
                                                          Proposal to
                                                          Incorporate
                                                          Mozilla's CRL
                                                          Revocation
                                                          Reason Code
                                                          Requirements
                                                          into the BRs</span></p>
                                                          </div>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US"> </span></p>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          7/9/2022 8:22
                                                          μ.μ., Ben
                                                          Wilson wrote:</span></p>
                                                          </div>
                                                          <blockquote style="margin-top:5pt;margin-bottom:5pt">
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Good
                                                          suggestion. I
                                                          can re-work a
                                                          proposal that
                                                          re-writes BR
                                                          sec. 4.9.1.1
                                                          to re-group
                                                          the revocation
                                                          reasons into
                                                          the reason
                                                          codes that
                                                          should be
                                                          used. Is that
                                                          what you were
                                                          thinking? </span></p>
                                                          </div>
                                                          </div>
                                                          </blockquote>
                                                          <p class="MsoNormal"><span lang="EN-US"><br>
                                                          Yes. We should
                                                          also try to
                                                          keep the
                                                          current BRs
                                                          prioritization.
                                                          The section
                                                          begins with
                                                          the cases
                                                          where the
                                                          Certificate(s)
                                                          need to be
                                                          revoked within
                                                          24h and then
                                                          moves to the
                                                          5-day
                                                          revocation
                                                          cases.<br>
                                                          <br>
                                                          We could walk
                                                          this list down
                                                          making sure
                                                          that all
                                                          Mozilla cases
                                                          are listed
                                                          (add the ones
                                                          that are not)
                                                          and add the
                                                          expected
                                                          revocationReason
                                                          for each case.
                                                          For example:</span></p>
                                                          <p><i><span lang="EN-US">The
                                                          CA SHALL
                                                          revoke a
                                                          Certificate
                                                          within 24
                                                          hours if one
                                                          or more of the
                                                          following
                                                          occurs:</span></i><span lang="EN-US"></span></p>
                                                          <ol type="1" start="1">
                                                          <li class="MsoNormal">
                                                          <i><span lang="EN-US">The
                                                          Subscriber
                                                          requests in
                                                          writing that
                                                          the CA revoke
                                                          the
                                                          Certificate
                                                          (expected
                                                          CRLReason:<b>unspecified</b>);</span></i><span lang="EN-US"></span></li>
                                                          <li class="MsoNormal">
                                                          <i><span lang="EN-US">The
                                                          Subscriber
                                                          notifies the
                                                          CA that the
                                                          original
                                                          certificate
                                                          request was
                                                          not authorized
                                                          and does not
                                                          retroactively
                                                          grant
                                                          authorization
                                                          (expected
                                                          CRLReason:</span></i><b><i><span style="font-family:"Calibri",sans-serif" lang="EN-US">privilegeWithdrawn</span></i></b><i><span lang="EN-US">);</span></i><span lang="EN-US"></span></li>
                                                          <li class="MsoNormal">
                                                          <i><span lang="EN-US">The
                                                          CA obtains
                                                          evidence that
                                                          the
                                                          Subscriber's
                                                          Private Key
                                                          corresponding
                                                          to the Public
                                                          Key in the
                                                          Certificate
                                                          suffered a Key
                                                          Compromise
                                                          (expected
                                                          CRLReason:<b>keyCompromise</b>);</span></i><span lang="EN-US"></span></li>
                                                          <li class="MsoNormal">
                                                          <i><span lang="EN-US">The
                                                          CA is made
                                                          aware of a
                                                          demonstrated
                                                          or proven
                                                          method that
                                                          can easily
                                                          compute the
                                                          Subscriber's
                                                          Private Key
                                                          based on the
                                                          Public Key in
                                                          the
                                                          Certificate
                                                          (such as a
                                                          Debian weak
                                                          key, see </span></i><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FV7HivQUf9v8s2xTxi1rVgVbg7XfH9TtU4RjlKL0T6c%3D&reserved=0" target="_blank"><i>https://wiki.debian.org/SSLkeys</i></a><i>)
                                                          (expected
                                                          CRLReason:<b>keyCompromise</b>);</i></span></li>
                                                          <li class="MsoNormal">
                                                          <i><span lang="EN-US">The
                                                          CA obtains
                                                          evidence that
                                                          the validation
                                                          of domain
                                                          authorization
                                                          or control for
                                                          any
                                                          Fully-Qualified
                                                          Domain Name or
                                                          IP address in
                                                          the
                                                          Certificate
                                                          should not be
                                                          relied upon
                                                          (expected
                                                          CRLReason: </span></i><b><i><span style="font-family:"Calibri",sans-serif" lang="EN-US">superseded</span></i></b><i><span lang="EN-US">).</span></i><span lang="EN-US"></span></li>
                                                          </ol>
                                                          <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US">and so on.<br>
                                                          <br>
                                                          Does that
                                                          work?<br>
                                                          <br>
                                                          Dimitris.</span></p>
                                                          <blockquote style="margin-top:5pt;margin-bottom:5pt">
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Thanks,</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                                          </div>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          Wed, Sep 7,
                                                          2022 at 6:01
                                                          AM Dimitris
                                                          Zacharopoulos
                                                          (HARICA) via
                                                          Servercert-wg
                                                          <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
                                                          wrote:</span></p>
                                                          </div>
                                                          <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                                          <div>
                                                          <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US">Hi Ben,<br>
                                                          <br>
                                                          I believe the
                                                          proposal, as
                                                          written,
                                                          causes
                                                          confusion in
                                                          regards to
                                                          4.9.1.1. Some
                                                          of the reasons
                                                          described in
                                                          your proposal
                                                          are already
                                                          mentioned in
                                                          4.9.1.1.
                                                          Perhaps we
                                                          should work
                                                          some more to
                                                          "unify" the
                                                          two sections.<br>
                                                          <br>
                                                          My proposal
                                                          would be to
                                                          update 4.9.1.1
                                                          and include
                                                          the expected
                                                          CRLReason
                                                          after each
                                                          case.<br>
                                                          <br>
                                                          <br>
                                                          Thoughts?<br>
                                                          Dimitris.</span></p>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          6/9/2022 8:13
                                                          μ.μ., Ben
                                                          Wilson via
                                                          Servercert-wg
                                                          wrote:</span></p>
                                                          </div>
                                                          <blockquote style="margin-top:5pt;margin-bottom:5pt">
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">All,</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">I'm
                                                          looking for
                                                          one more
                                                          endorser.</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Thanks,</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                                          </div>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">On
                                                          Fri, Jul 29,
                                                          2022 at 12:40
                                                          PM Ben Wilson
                                                          via
                                                          Servercert-wg
                                                          <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
                                                          wrote:</span></p>
                                                          </div>
                                                          <blockquote style="border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
                                                          <div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">All,</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">I
                                                          have created a
                                                          proposal in
                                                          Github to
                                                          incorporate
                                                          Mozilla's CRL
                                                          Revocation
                                                          Reason Code
                                                          requirements
                                                          into the
                                                          Baseline
                                                          Requirements. 
                                                          </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">See
                                                          <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fissues%2F377&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=D4KPoI9FuCxKdr9yp378P8kEzjJq9wX%2FUEj%2F0SDufv4%3D&reserved=0" target="_blank">
https://github.com/cabforum/servercert/issues/377</a></span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FBenWilson-Mozilla%2Fservercert%2Fcommit%2F52a480803beff1f96d61c4b6d76570ac7adff4d5&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LOfjUsptzgpQxI1k6K8oUgU0aj2LDncd48ZzuXe86Hs%3D&reserved=0" target="_blank">https://github.com/BenWilson-Mozilla/servercert/commit/52a480803beff1f96d61c4b6d76570ac7adff4d5</a></span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">I'm
                                                          looking for
                                                          comments,
                                                          suggestions,
                                                          and two
                                                          endorsers.</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Thanks,</span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <div>
                                                          <p class="MsoNormal"><span lang="EN-US">Ben</span></p>
                                                          </div>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US">_______________________________________________<br>
                                                          Servercert-wg
                                                          mailing list<br>
                                                          <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
                                                          <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iis%2B0QIl3jXlnwoZxV15jIUE%2FGB%2FtJyHdECcBBoSrcQ%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span></p>
                                                          </blockquote>
                                                          </div>
                                                          <p class="MsoNormal" style="margin-bottom:12pt"><span lang="EN-US"> </span></p>
                                                          <pre><span lang="EN-US">_______________________________________________</span></pre>
                                                          <pre><span lang="EN-US">Servercert-wg mailing list</span></pre>
                                                          <pre><span lang="EN-US"><a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a></span></pre>
                                                          <pre><span lang="EN-US"><a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iis%2B0QIl3jXlnwoZxV15jIUE%2FGB%2FtJyHdECcBBoSrcQ%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span></pre>
                                                          </blockquote>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US">_______________________________________________<br>
                                                          Servercert-wg
                                                          mailing list<br>
                                                          <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
                                                          <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iis%2B0QIl3jXlnwoZxV15jIUE%2FGB%2FtJyHdECcBBoSrcQ%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span></p>
                                                          </blockquote>
                                                          </div>
                                                          </blockquote>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          </div>
                                                          </blockquote>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          </blockquote>
                                                          </div>
                                                          </blockquote>
                                                          <p class="MsoNormal"><span lang="EN-US"> </span></p>
                                                          </div>
                                                          </blockquote>
                                                          </div>
                                                          <p class="MsoNormal"><span lang="EN-US">_______________________________________________<br>
                                                          Servercert-wg
                                                          mailing list<br>
                                                          <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
                                                          <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688809839%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iis%2B0QIl3jXlnwoZxV15jIUE%2FGB%2FtJyHdECcBBoSrcQ%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span></p>
                                                          </blockquote>
                                                          </div>
                                                          </blockquote>
                                                        </div>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </blockquote>
                                              </div>
                                            </div>
                                            <p class="MsoNormal">_______________________________________________<br>
                                              Servercert-wg mailing list<br>
                                              <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
                                              <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Croman.fischer%40swisssign.com%7Ce95c13967f6d4cffa0db08dac376a9d2%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638037211688965625%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rOfjT8%2B0oEL1XaQtLBTQ5EQOkSK3lJR0AbU1lVyZF68%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></p>
                                          </blockquote>
                                        </div>
                                      </div>
                                    </div>
_______________________________________________<br>
                                    Servercert-wg mailing list<br>
                                    <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
                                    <a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
                                  </div>
                                </blockquote>
                              </div>
                              <br>
                              <fieldset></fieldset>
                              <pre>_______________________________________________
Servercert-wg mailing list
<a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a>
<a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
                            </blockquote>
                            <br>
                          </div>
_______________________________________________<br>
                          Servercert-wg mailing list<br>
                          <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
                          <a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
                        </blockquote>
                      </div>
                    </blockquote>
                    <br>
                  </div>
                </blockquote>
              </div>
            </blockquote>
            <br>
          </div>
        </blockquote>
      </div>
    </blockquote>
    <br>
  </div>

</blockquote></div>