<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Hi Pedro, there is no controversy, it's ok to share different
opinions and different perspectives. As I said, the particular issue
with ballots that update the same section(s) will be discussed
separately. To me, it's a matter of consistency and all "code
management systems" must have a firm process to handle "conflicts".<br>
<br>
With that said, nothing prevents us from discussing the essence of
your ballot. Irrespective of what we do with the conflicting
sections, the language from the EV Guidelines will be moved
altogether. So, for example, if you update the current section
11.1.3, this will move to a new location in its entirety so you
don't need to worry about it during the discussion of the ballot.<br>
<br>
Thank you for using GH to show the proposed changes, it is very
helpful to most Members. To echo Tim's point, and in order to assist
ballot proposers as much as possible, if someone is not familiar or
doesn't want to get involved with GH, it is not mandatory to use GH
to propose changes. Anything, from writing a text in the body of an
email, to submitting a word redline, they are all acceptable
according to our Bylaws (section 2.4).<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<br>
<div class="moz-cite-prefix">On 23/1/2024 7:47 π.μ., Pedro FUENTES
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8475306C-31E3-4664-8234-6614A100569D@wisekey.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
Hi guys,
<div><br>
<div>I didn’t want to trigger any controversy. My question was
more related to understand how a so impacting Pull Request
like the one to convert to RFC format could be managed in
GitHub with other PR related to the non-RFC version.</div>
<div><br>
</div>
<div>On my side, I prepared the PR#439 (<a
href="https://github.com/cabforum/servercert/pull/439"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/servercert/pull/439</a>)
but I didn’t promote it as I guessed I’d have to redo it at
some point based on the RFC version… but again maybe I’m not
understanding how GH works…</div>
<div><br>
</div>
<div>Cheers!</div>
<div>Pedro</div>
<div>
<div><br>
<blockquote type="cite">
<div>On 22 Jan 2024, at 19:49, Tim Hollebeek
<a class="moz-txt-link-rfc2396E" href="mailto:tim.hollebeek@digicert.com"><tim.hollebeek@digicert.com></a> wrote:</div>
<br class="Apple-interchange-newline">
<div>
<meta charset="UTF-8">
<div class="WordSection1"
style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Feel
free to bring it up, but I still oppose it for all
the reasons we discussed when we had this discussion
the last time. Adding more mandatory details to the
ballot process is not progress. We need to get back
to improving the requirements, and not spending so
much time on bylaws and administrivia. It’s already
too hard for people not intimately familiar with the
forum and ballot process to write ballots. Adding
this would just make it even worse.<o:p></o:p></div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Instead
of that, let’s discuss Pedro’s ballot, whether it’s
a good idea, and how we get it or something else
across the finish line, if it is.<o:p></o:p></div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">-Tim<o:p></o:p></div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div
style="border-width: medium medium medium 1.5pt; border-style: none none none solid; border-color: currentcolor currentcolor currentcolor blue; border-image: none; padding: 0in 0in 0in 4pt;">
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0in 0in;">
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b>From:</b><span
class="Apple-converted-space"> </span>Dimitris
Zacharopoulos <<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>><span
class="Apple-converted-space"> </span><br>
<b>Sent:</b><span
class="Apple-converted-space"> </span>Saturday,
January 20, 2024 12:21 AM<br>
<b>To:</b><span class="Apple-converted-space"> </span>Tim
Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Cc:</b><span class="Apple-converted-space"> </span>Pedro
FUENTES <<a
href="mailto:pfuentes@wisekey.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">pfuentes@wisekey.com</a>>;
Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>;
CA/B Forum Server Certificate WG Public
Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>;
Bruce Morton <<a
href="mailto:bruce.morton@entrust.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">bruce.morton@entrust.com</a>><br>
<b>Subject:</b><span
class="Apple-converted-space"> </span>Re:
[EXTERNAL]-Re: [Servercert-wg] SC-065: Convert
EVGs into RFC 3647 format pre-ballot<o:p></o:p></div>
</div>
</div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-family: Arial, sans-serif;">Tim,<span
class="Apple-converted-space"> </span><br>
<br>
For conflicting sections in multiple
simultaneous ballots, this is what we've done
historically and consistently.<span
class="Apple-converted-space"> </span><br>
<br>
You are correct that the Bylaws use a "may"
but I strongly recommended using the existing
practice, otherwise the outcome is uncertain
and risky. In fact, I would suggest we make
this mandatory at the next Bylaws update. I
will bring it up for discussion separately
from this thread.<span
class="Apple-converted-space"> </span><br>
<br>
<br>
Thanks,<span class="Apple-converted-space"> </span><o:p></o:p></span></div>
</div>
<div>
<p><span style="font-family: Arial, sans-serif;">DZ.<o:p></o:p></span></p>
</div>
<div>
<div>
<p><span style="font-family: Arial, sans-serif;">Jan
19, 2024 23:57:14 Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>>:<o:p></o:p></span></p>
</div>
<blockquote
style="border-width: medium medium medium 2.25pt; border-style: none none none solid; border-color: currentcolor currentcolor currentcolor rgb(204, 204, 204); border-image: none; padding: 0in 0in 0in 8pt; margin-left: 0in; margin-right: 0in;">
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Note
that the language says “may”. Summarizing
that as “needs to” is incorrect. It is
intentionally weak, to avoid putting a burden
on ballot proposers to completely and
exhaustively specify their ballot’s
interaction with another ballot they don’t
control. The only requirement is to name and
link to ballots that amends the same section
(to help avoid merge errors).<o:p></o:p></div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">All
of the stuff around holding and sequencing
ballots, and describing possible deconfliction
strategies, is useful and important stuff we
do to keep the Forum working smoothly, and I
would highly encourage people to pay close
attention to those sorts of things, but we
need to be clear on what actually are minimum
requirements and what aren’t, because I don’t
want to interfere with or unduly burden the
rights of members to call for a proposed
ballot at any time.<o:p></o:p></div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">-Tim<o:p></o:p></div>
<div
style="border-width: medium medium medium 1.5pt; border-style: none none none solid; border-color: currentcolor currentcolor currentcolor blue; border-image: none; padding: 0in 0in 0in 4pt;">
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0in 0in;">
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b>From:</b><span
class="Apple-converted-space"> </span>Dimitris
Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>><span
class="Apple-converted-space"> </span><br>
<b>Sent:</b><span
class="Apple-converted-space"> </span>Friday,
January 19, 2024 2:00 PM<br>
<b>To:</b><span
class="Apple-converted-space"> </span>Pedro
FUENTES <<a
href="mailto:pfuentes@wisekey.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">pfuentes@wisekey.com</a>>;
Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>;
CA/B Forum Server Certificate WG Public
Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>><br>
<b>Cc:</b><span
class="Apple-converted-space"> </span>Bruce
Morton <<a
href="mailto:bruce.morton@entrust.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">bruce.morton@entrust.com</a>>;
Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Subject:</b><span
class="Apple-converted-space"> </span>Re:
[EXTERNAL]-Re: [Servercert-wg] SC-065:
Convert EVGs into RFC 3647 format
pre-ballot<o:p></o:p></div>
</div>
</div>
<p class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;">Hi
Pedro,<br>
<br>
If the proposed ballot interacts with
sections that are modified by an existing
ballot, the second ballot proposer needs to
describe what will the possible results of
that section look like, basically by writing
down the expected language if the first
ballot passes or fails.<br>
<br>
Bylaws section 2.4 (10):<br>
<i><br>
If a ballot is proposed to amend the same
section of the Final Guidelines or the
Final Maintenance Guidelines as one or
more previous ballot(s) that has/have not
yet been finally approved, the newly
proposed ballot must include information
about, and a link to, any such previous
ballot(s), and may include provisions to
avoid any conflicts relating to such
previous ballots.</i><br>
<br>
<br>
I hope this helps.<br>
<br>
Dimitris.<o:p></o:p></p>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">On
19/1/2024 2:34 μ.μ., Pedro FUENTES wrote:<o:p></o:p></div>
</div>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Hello,<o:p></o:p></div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">I’d
like to know how this would interact
with the change proposed by Dimitris for
the VATEL thing.<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">In
my case I did put on hold my own
proposed change (regulation of use of
QGIS for organization validation) until
the doc was in RFC format, and I wonder
if we should do the same for other
proposed changes, as I guess the order
of the ballots is important here.<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Best,<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Pedro<o:p></o:p></div>
<div>
<p class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">On
19 Jan 2024, at 13:27, Inigo
Barreira via Servercert-wg<span
class="Apple-converted-space"> </span><a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><servercert-wg@cabforum.org></a><span
class="Apple-converted-space"> </span>wrote:<o:p></o:p></div>
</div>
<div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Hi
all,<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">As per
yesterday´s SCWG call, I´ve
also updated the BRs with the
new section numbers of the
EVG. Only 2 sections have been
affected and therefore
updated.</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;">Section
3.2.2.4.7</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;">EVG
11.14.3<span
class="apple-converted-space"> </span></span><span
style="font-size: 10pt; font-family: Wingdings;">à</span><span
class="apple-converted-space"><span
style="font-size: 10pt;"> </span></span><span
style="font-size: 10pt;">3.2.2.14.3</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;"> </span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;">Section
7.1.2.7.5</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;">EVG
9.2<span
class="apple-converted-space"> </span></span><span
style="font-size: 10pt; font-family: Wingdings;">à</span><span
class="apple-converted-space"><span
style="font-size: 10pt;"> </span></span><span
style="font-size: 10pt;">7.1.4.2</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB"> </span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">You can find all
the information in the PR 440,<span
class="apple-converted-space"> </span></span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_servercert_pull_440_commits&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=4yDjCByZihcF66OPg0-LImW7hEJ3BRBPpguv_Dh5h0I&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-GB">EVGs based on
RFC3647 by barrini · Pull
Request #440 ·
cabforum/servercert
(github.com)</span></a><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">First, I had to
update the current version of
the BRs I was working with
(2.0.0) to the current one
(2.0.2) and then make the
changes to the newest one.</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB"> </span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">Regards</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB"> </span><o:p></o:p></div>
</div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-image: none; border-color: currentcolor;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b>De:</b><span
class="apple-converted-space"> </span>Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>><br>
<b>Enviado el:</b><span
class="apple-converted-space"> </span>viernes, 15 de diciembre de 2023
12:42<br>
<b>Para:</b><span
class="apple-converted-space"> </span>Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>; CA/B
Forum Server Certificate WG
Public Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>;
Dimitris Zacharopoulos
(HARICA) <<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>; Bruce Morton
<<a
href="mailto:Bruce.Morton@entrust.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Bruce.Morton@entrust.com</a>>; Tim
Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Asunto:</b><span
class="apple-converted-space"> </span>RE: [Servercert-wg] SC-065:
Convert EVGs into RFC 3647
format pre-ballot<o:p></o:p></div>
</div>
</div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;"> </span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Hi
everyone<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">As per last week
discussion during the SCWG, we
agreed to follow section 6 of
the RFC 3647 for the new EVG
format.</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">With that in
mind, I´ve updated the
correspondent PR (#440) to
reflect it that way, so:</span><o:p></o:p></div>
</div>
<ul style="margin-bottom: 0in;"
type="disc">
<li class="MsoListParagraph"
style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">Changed section
1.1 name from scope to
overview</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">Created a new
section 3.2.1 for possession
of the private key</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">Moved all the
other stuff of the old section
11 to a “new” section 3.2.2
for organization identity.</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">Also created the
remaining ones, 3.2.3, 3.2.4,
etc.</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">Update section 8
removing section 8.1 and
renumbering the others and
putting the self audits under
8.1 and leaving section 8.7
for readiness audits because
don´t know where it can fit
better (this section does not
exist in RFC 3647 section 6)</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">Checked all links</span><o:p></o:p></li>
</ul>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB"> </span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">In any case, see
the comparison here:<span
class="apple-converted-space"> </span></span><span
style="font-size: 10pt;"><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_servercert_compare_90a98dc7c1131eaab01af411968aa7330d315b9b...238ff99fbe04f2aa24f2c58910d8133f2283f11e&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=Fkxi2puIea-XluHGWRpA2fMQdGTdESWl6jTcxt-Mh2I&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-GB">Comparing
90a98dc7c1131eaab01af411968aa7330d315b9b...238ff99fbe04f2aa24f2c58910d8133f2283f11e
· cabforum/servercert
(github.com)</span></a></span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;"> </span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">If you´re ok with
this change, we can move
forward a propose the ballot
for which I´ll need 2
endorsers.</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB"> </span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">Regards</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB"> </span><o:p></o:p></div>
</div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-image: none; border-color: currentcolor;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b>De:</b><span
class="apple-converted-space"> </span>Servercert-wg <<a
href="mailto:servercert-wg-bounces@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg-bounces@cabforum.org</a>><span
class="apple-converted-space"> </span><b>En nombre de<span
class="apple-converted-space"> </span></b>Inigo Barreira via
Servercert-wg<br>
<b>Enviado el:</b><span
class="apple-converted-space"> </span>jueves, 7 de diciembre de 2023
13:08<br>
<b>Para:</b><span
class="apple-converted-space"> </span>Dimitris Zacharopoulos (HARICA)
<<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>; Bruce Morton
<<a
href="mailto:Bruce.Morton@entrust.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Bruce.Morton@entrust.com</a>>; CA/B
Forum Server Certificate WG
Public Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>; Tim
Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Asunto:</b><span
class="apple-converted-space"> </span>Re: [Servercert-wg] SC-065:
Convert EVGs into RFC 3647
format pre-ballot<o:p></o:p></div>
</div>
</div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;"> </span><o:p></o:p></div>
</div>
<div
style="border: 1pt solid black; padding: 2pt;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 12pt; background: rgb(250, 250, 3);"><span
style="font-size: 10pt;">CAUTION:
This email originated from
outside of the organization.
Do not click links or open
attachments unless you
recognize the sender and
know the content is safe.</span><o:p></o:p></div>
</div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Hi
there,<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">See
the comparing one.<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;"><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_servercert_compare_90a98dc7c1131eaab01af411968aa7330d315b9b...13b4f85a494fefa52510512a2fb3c4d7c77a7a36&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=SAlnT_XxVC5MVdb-AWK-2-2ft5iK_-91Uh8zev3Au44&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-GB">Comparing
90a98dc7c1131eaab01af411968aa7330d315b9b...13b4f85a494fefa52510512a2fb3c4d7c77a7a36
· cabforum/servercert
(github.com)</span></a></span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;"> </span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;">Regards</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB"> </span><o:p></o:p></div>
</div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-image: none; border-color: currentcolor;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b>De:</b><span
class="apple-converted-space"> </span>Dimitris Zacharopoulos (HARICA)
<<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>><br>
<b>Enviado el:</b><span
class="apple-converted-space"> </span>lunes, 4 de diciembre de 2023
22:18<br>
<b>Para:</b><span
class="apple-converted-space"> </span>Bruce Morton <<a
href="mailto:Bruce.Morton@entrust.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Bruce.Morton@entrust.com</a>>; Inigo
Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>; CA/B
Forum Server Certificate
WG Public Discussion List
<<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>; Tim
Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Asunto:</b><span
class="apple-converted-space"> </span>Re: [Servercert-wg] SC-065:
Convert EVGs into RFC 3647
format pre-ballot<o:p></o:p></div>
</div>
</div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;"> </span><o:p></o:p></div>
</div>
<div
style="border: 1pt solid black; padding: 2pt;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 12pt; background: rgb(250, 250, 3);"><span
style="font-size: 10pt;">CAUTION:
This email originated from
outside of the
organization. Do not click
links or open attachments
unless you recognize the
sender and know the
content is safe.</span><o:p></o:p></div>
</div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<p class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;"> </span><o:p></o:p></p>
<div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;">On
4/12/2023 9:22 μ.μ.,
Bruce Morton wrote:</span><o:p></o:p></div>
</div>
</div>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">I
thought an intriguing
promise of doing documents
in Github and in the same
format is that we would
see the requirements in
the same section, which
would allow for better
management. Also, the
proposal Paul brought
forward for the BR of BRs
would work much better if
we use the same sections.
I guess I am encouraging
the move of EV from a
non-standard format to a
sort of standard RFC 3647
format would be to help
provide document
alignment.<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">+1
to Dimitris original
suggestion.<o:p></o:p></div>
</div>
</blockquote>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<ul
style="margin-bottom: 0in; margin-top: 0in;" type="disc">
<li class="MsoNormal"
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_code-2Dsigning_compare_main...importEVG&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=IH-hz12ss4KJRRKpXUPs_ykN-ftU1yP8_QWnqFumUpE&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true">https://github.com/cabforum/code-signing/compare/main...importEVG</a><o:p></o:p></li>
</ul>
<p class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;">This
is currently WIP, maintaining
the numbering of RFC 3647
section 6, and moving the EV
Guidelines sections referenced
by the CSBRs into new
sections. We've done these
conversions in the past and
they worked pretty well,
leading to consistently
structured policy documents
across the ecosystem.<br>
<br>
It's not perfect but it tries
to move requirements to where
RFC 3647 and the BRs expect
them to be. For example,
section 11.14 of the EV
Guidelines talks about re-use
of existing documentation
which fits into section 4.2.1
of the BRs.<br>
<br>
<br>
Thanks,<br>
Dimitris.<o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Thanks,
Bruce.<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-image: none; border-color: currentcolor;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b>From:</b><span
class="apple-converted-space"> </span>Servercert-wg<span
class="apple-converted-space"> </span><a
href="mailto:servercert-wg-bounces@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><servercert-wg-bounces@cabforum.org></a><span
class="apple-converted-space"> </span><b>On Behalf Of<span
class="apple-converted-space"> </span></b>Inigo Barreira via
Servercert-wg<br>
<b>Sent:</b><span
class="apple-converted-space"> </span>Monday, December 4, 2023 2:15 PM<br>
<b>To:</b><span
class="apple-converted-space"> </span>Dimitris Zacharopoulos (HARICA)<span
class="apple-converted-space"> </span><a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><dzacharo@harica.gr></a>;
Tim Hollebeek<span
class="apple-converted-space"> </span><a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><tim.hollebeek@digicert.com></a><br>
<b>Cc:</b><span
class="apple-converted-space"> </span>CA/B Forum Server Certificate WG
Public Discussion List<span
class="apple-converted-space"> </span><a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b><span
class="apple-converted-space"> </span>[EXTERNAL] Re: [Servercert-wg]
SC-065: Convert EVGs
into RFC 3647 format
pre-ballot<o:p></o:p></div>
</div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 10pt;"> </span><o:p></o:p></div>
</div>
<div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 1pt; color: white;">Dimitris, I think that we should
focus on the EVG not
on the CP/CPS. The
CA´s CP/CPS will have
that 3. 2. 1 section
because it´s in the
TLS BRs but that does
not mean that the EVG
must have also that
section 3. 2. 1 (BTW,
the section exist in
the</span><o:p></o:p></div>
</div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Dimitris,<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">I think
that we should focus on
the EVG not on the
CP/CPS. The CA´s CP/CPS
will have that 3.2.1
section because it´s in
the TLS BRs but that
does not mean that the
EVG must have also that
section 3.2.1 (BTW, the
section exist in the TLS
BRs but with no
content). At the end of
the day, every CA
issuing TLS certs will
have to follow the TLS
BRs and EVGs and then
accommodate their
CP/CPSes according to
both documents.</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">I
understand your point to
be stricter in the
implementation of that
specific point but for
every CA to
change/update their
current CP/CPS with the
new EVG in the RFC 3647
format, would find it
easier to where to make
those
changes/adjustments in
their own CP/CPS if we
can convert easily the
current section 11 into
3.2 and not to start
looking into different
numbers to make that
change.</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB"> </span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB">Regards</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
lang="EN-GB"> </span><o:p></o:p></div>
</div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-image: none; border-color: currentcolor;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b>De:</b><span
class="apple-converted-space"> </span>Dimitris Zacharopoulos (HARICA)
<<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>><br>
<b>Enviado el:</b><span
class="apple-converted-space"> </span>lunes, 4 de diciembre de 2023
20:02<br>
<b>Para:</b><span
class="apple-converted-space"> </span>Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>>; Inigo
Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>><br>
<b>CC:</b><span
class="apple-converted-space"> </span>CA/B Forum Server Certificate WG
Public Discussion List
<<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>><br>
<b>Asunto:</b><span
class="apple-converted-space"> </span>Re: [Servercert-wg] SC-065:
Convert EVGs into RFC
3647 format pre-ballot<o:p></o:p></div>
</div>
</div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div
style="border: 1pt solid black; padding: 2pt;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 12pt; background: rgb(250, 250, 3);"><span
style="font-size: 10pt;">CAUTION: This email originated from outside of
the organization. Do
not click links or
open attachments
unless you recognize
the sender and know
the content is safe.</span><o:p></o:p></div>
</div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<p class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;">FWIW,
there are informational
RFCs that include SHOULD
requirements (I didn't
check for other
informational RFCs that
might contain SHALL
requirements). Take a look
at<span
class="apple-converted-space"> </span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_datatracker.ietf.org_doc_html_rfc8894-5F-5F-3B-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBI0YJAc7w-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=eZUOnibdXAEm7TArY-4NlpNDvdpq2qrcI6Os5GzWvtY&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true">RFC
8894</a>.<br>
<br>
I agree that there seems
to be some ambiguity in
the REQUIRED CP/CPS
structure but the entire
reasoning behind using the
"RFC 3647 format" was to
align CP and CPS documents
so that comparisons can be
made across different CAs.
If one CA reads that they
must follow a 2-level
structure based on section
4, and another CA reads
that they must follow the
structure of section 6 of
the RFC, we're not meeting
the goal for alignment and
easy comparisons.<br>
<br>
Digicert's CPS seems to
follow the structure of
section 6 of RFC 3647. Has
anyone spotted a CPS
claiming compliance with
the TLS BRs that is not
following the section 6
structure of 3647?<br>
<br>
If all existing public CAs
follow the structure of
section 6 of 3647 in their
CP/CPS documents, we can
just clarify that the
expectation is what Ben
mentioned in<span
class="apple-converted-space"> </span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_github.com_BenWilson-2DMozilla_pkipolicy_commit_1a94642cb95017cf382e4e93811db16a2342a806-5F-5F-3B-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBIIavReJg-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=7yKm78aVhCw6xlE85YVTEd_kGz4SHJhZ83xtcshx1Ag&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true">https://github.com/BenWilson-Mozilla/pkipolicy/commit/1a94642cb95017cf382e4e93811db16a2342a806</a>,
so that we address this
ambiguity. We probably
don't even need an
effective date if it
causes no issue on
existing CAs.<br>
<br>
My point is that if we
leave this open to
interpretation, we can't
compare CP/CPS sections
across multiple CAs
efficiently, and this
defeats the whole purpose
of the requirement to
structure CP/CPS documents
according to RFC 3647. We
might as well abandon the
idea of converting the EV
Guidelines into that
format.<br>
<br>
I believe that the intent
has always been to enforce
a "stricter" alignment.
But if indeed there are
deviations, I'd support
some stricter language to
align CP/CPS documents
according to section 6 of
RFC 3647 even with a
future effective date :)<br>
<br>
<br>
Dimitris.<o:p></o:p></p>
<div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">On
4/12/2023 7:27 μ.μ.,
Tim Hollebeek wrote:<o:p></o:p></div>
</div>
</div>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Yeah,
the fact that the
section 6 outline goes
deeper than the actual
described format in
section 4 is annoying,
and you’re right, it’s
probably the source of
these disagreements.
I always look at
section 4, because it
has the actual
guidance about what
sort of information
should be considered
for inclusion.<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">This
is what happens when
people try to turn
informational
documents into
normative
requirements. You
have to try to
interpret what phrases
like “are strongly
advised to adhere”,
which isn’t even a RFC
2119 SHOULD. And it
can’t even be a
SHOULD, because as an
informational RFC, it
is prohibited from
having requirements,
even SHOULDs! That’s
why it’s written that
way. Also,
informational RFCs are
not examined as
closely for
inconsistencies
(because there are no
requirements!) which
is how divergences
like section 4 vs 6
happen. It wasn’t
intended to be used as
a compliance document.<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">I
still think what Inigo
did is perfectly fine,
although there are
lots of other
perfectly fine
solutions, too. What
we need to be
discussing is what’s
best for us, not RFC
3647 requires, because
RFC 3647 has infinite
leeway. As Aaron and
I have been pointing
out, you’ll find lots
of divergences at
level three, and
there’s even lots of
additional content in
level two, just
because a lot of newer
content doesn’t really
have a good fit in RFC
3647.<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Now,
that said, we might
want to be more strict
in the future, and if
we choose to do so, we
can be. I just don’t
want people
overstating what the
rules actually are,
because a lot of
people’s time has been
wasted enforcing RFC
3647 in a way that is
far stricter than was
ever intended (one of
the reasons I’m so
vocal on this issue is
because I got this
point of view from one
of the original
authors).<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">-Tim<o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<div
style="border-width: medium medium medium 1.5pt; border-style: none none none solid; padding: 0in 0in 0in 4pt; border-image: none; border-color: currentcolor currentcolor currentcolor blue;">
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-image: none; border-color: currentcolor;">
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b>From:</b><span
class="apple-converted-space"> </span>Dimitris Zacharopoulos (HARICA)<span
class="apple-converted-space"> </span><a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><dzacharo@harica.gr></a><br>
<b>Sent:</b><span
class="apple-converted-space"> </span>Saturday, December 2, 2023 5:26 AM<br>
<b>To:</b><span
class="apple-converted-space"> </span>Tim Hollebeek<span
class="apple-converted-space"> </span><a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><tim.hollebeek@digicert.com></a>;
Inigo Barreira<span
class="apple-converted-space"> </span><a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><Inigo.Barreira@sectigo.com></a><br>
<b>Cc:</b><span
class="apple-converted-space"> </span>CA/B Forum Server Certificate WG
Public
Discussion List<span
class="apple-converted-space"> </span><a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b><span
class="apple-converted-space"> </span>Re: [Servercert-wg] SC-065:
Convert EVGs
into RFC 3647
format
pre-ballot<o:p></o:p></div>
</div>
</div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
<p class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;">We
still have a
disagreement so please
allow me one more
attempt to clarify my
position because it
seems you didn't check
the links included in
my previous post. I
will copy some of that
text here for
convenience.<o:p></o:p></p>
<div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">On
1/12/2023 11:31
μ.μ., Tim
Hollebeek wrote:<o:p></o:p></div>
</div>
</div>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">…<span
class="Apple-converted-space"> </span><o:p></o:p></div>
</blockquote>
<p class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><br>
I think I might have a
hint on our
disconnect. RFC 3647
has an indicative
Table of Contents in
Chapter 6 (<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_datatracker.ietf.org_doc_html_rfc3647-2Asection-2D6-5F-5F-3BIw-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBKp-5FQdGmg-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=cp3VExDM2DhLCKZSB-C46rsVM45LgWuB6qsMlwtjSHY&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true">https://datatracker.ietf.org/doc/html/rfc3647#section-6</a>)
outlining the proposed
CP/CPS sections and
subsections using 3
levels.<br>
<br>
Here is the text of
the opening paragraph
of that section
(emphasis added):<br>
<br>
<o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">…<span
class="Apple-converted-space"> </span><o:p></o:p></div>
</blockquote>
<p class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><br>
The reason the CA/B
Forum BRs were
structured according
to this outline was to
assist with
comparisons between
CP/CPS documents of
different CAs, making
the review of these
documents easier.<br>
<br>
That's why you see
sections like 1.5.4
"CPS approval
procedures" in the BRs
as an empty section
with "No Stipulation".
There are many such
sections in the BRs,
all coming from
section 6 of RFC 3647.<br>
<br>
I hope this is clearer
now.<br>
<br>
<o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">…<span
class="Apple-converted-space"> </span><o:p></o:p></div>
</blockquote>
<p class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><br>
During the last couple
of years reviewing
CP/CPS documents, I
saw some uniformity at
least in Publicly
Trusted CAs, and they
all seem to follow the
BRs structure which
comes from the outline
of section 6 of RFC
3647. However, it's
not a bad idea to
further clarify BR
section 2.2 to better
meet the expectations.<br>
<br>
<o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">…<span
class="Apple-converted-space"> </span><o:p></o:p></div>
</blockquote>
<p class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><br>
To my point, BR 3.2.1
IS an RFC 3647
required section as it
is explicitly
mentioned in the
outline of section 6
of RFC 3647:<br>
<br>
<o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">…<span
class="Apple-converted-space"> </span><o:p></o:p></div>
</blockquote>
<p class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><br>
Details about the
contents of that
section can be found
in the first bullet of<span
class="apple-converted-space"> </span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_datatracker.ietf.org_doc_html_rfc3647-2Asection-2D4.3.2-5F-5F-3BIw-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBIL19sP-5Fw-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=VVgYrcQHYItvxshaRW05i_oEkdLisu_m-OdTzlBeXn8&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true">section
4.3.2 of RFC 3647</a>.<span
class="apple-converted-space"> </span><br>
<br>
Does that make more
sense?<br>
<br>
Dimitris.<br>
<br>
<o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">…<span
class="Apple-converted-space"> </span><o:p></o:p></div>
</blockquote>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
</div>
</blockquote>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><i>Any
email and
files/attachments
transmitted with it are
intended solely for the
use of the individual or
entity to whom they are
addressed. If this
message has been sent to
you in error, you must
not copy, distribute or
disclose of the
information it contains.<span
class="apple-converted-space"> </span><u>Please notify Entrust
immediately and delete
the message from your
system.</u></i><o:p></o:p></div>
</div>
</blockquote>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
</div>
</div>
</div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 9pt; font-family: Helvetica, sans-serif;">_______________________________________________<br>
Servercert-wg mailing list<br>
</span><a
href="mailto:Servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
style="font-size: 9pt; font-family: Helvetica, sans-serif;">Servercert-wg@cabforum.org</span></a><span
style="font-size: 9pt; font-family: Helvetica, sans-serif;"><br>
</span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_servercert-2Dwg&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=NI2v6X_p5sLdAuQxYnL49SedZwqRk1slWN8V5zVZkQs&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
style="font-size: 9pt; font-family: Helvetica, sans-serif;">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_servercert-2Dwg&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=NI2v6X_p5sLdAuQxYnL49SedZwqRk1slWN8V5zVZkQs&e=</span></a><o:p></o:p></div>
</div>
</blockquote>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 8.5pt; color: rgb(246, 36, 0);"><br>
WISeKey SA</span></b><o:p></o:p></div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 8.5pt;">Pedro Fuentes<br>
</span></b><span
style="font-size: 8.5pt;">CSO - Trust Services Manager</span><span
style="font-size: 9pt;"><br>
</span><span
style="font-size: 7.5pt;">Office: + 41 (0) 22 594 30 00<br>
Mobile: + 41
(0) </span><span
style="font-size: 10pt;">791 274 790</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 7.5pt;">Address: </span><span
style="font-size: 7.5pt;">Avenue Louis-Casaï 58 | </span><span
style="font-size: 10pt;">1216 Cointrin | Switzerland</span><o:p></o:p></div>
</div>
<div>
<p
class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 9pt;">Stay connected with <a
href="http://www.wisekey.com/"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
style="color: rgb(246, 36, 0);">WISeKey</span></a><br>
<br>
</span></b><o:p></o:p></p>
</div>
<div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 7.5pt; color: rgb(120, 166, 0);">THIS IS A TRUSTED
MAIL</span></b><span
style="font-size: 7.5pt; color: rgb(120, 166, 0);">: This message
is digitally
signed with a
WISeKey
identity. If
you get a mail
from WISeKey
please check
the signature
to avoid
security risks</span><o:p></o:p></div>
</div>
<div>
<p
class="MsoNormal"
style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></p>
</div>
<div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 7pt; color: darkgray;">CONFIDENTIALITY: </span></b><span
style="font-size: 7pt; color: darkgray;">This email and any files
transmitted with it
can be
confidential
and
it’s intended
solely for the
use of
the individual or
entity to
which they
are addressed.
If you are not
the
named addressee
you should not
disseminate, distribute or copy this e-mail. If you have received this
email in error
please notify
the sender</span><o:p></o:p></div>
</div>
<div>
<div
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 7pt; color: darkgray;">DISCLAIMER: </span></b><span
style="font-size: 7pt; color: darkgray;">WISeKey does not warrant the
accuracy
or completeness
of this
message and
does
not accept
any liability
for any errors
or
omissions herein
as this
message has
been transmitted over
a public
network.
Internet
communications cannot
be
guaranteed to
be secure or
error-free as
information
may be
intercepted,
corrupted,
or contain
viruses.
Attachments to
this e-mail
are checked
for viruses;
however, we do
not accept any
liability for
any damage
sustained by
viruses and therefore
you are kindly
requested to
check for
viruses upon
receipt.</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<div>
<meta charset="UTF-8">
<div dir="auto"
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div dir="auto"
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div dir="auto"
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><font
style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; line-height: normal; text-align: start; text-indent: 0px;"><b><font
style="font-size: 11px;"
color="#f62400"><br
class="Apple-interchange-newline">
WISeKey SA<br>
</font></b></font>
<div
style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font
style="color: rgb(0, 0, 0); font-size: 12px; font-weight: normal; font-style: normal;"><span
style="font-size: 11px;"><b>Pedro
Fuentes<br>
</b>CSO - Trust Services Manager</span><br>
<font size="1">Office: + 41 (0) 22
594 30 00<br>
Mobile: + 41 (0) </font></font><span
style="color: rgb(0, 0, 0); font-size: x-small; font-weight: normal; font-style: normal;">791
274 790</span></div>
<div
style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font
style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px;"><font
size="1">Address: </font></font><font
size="1">Avenue Louis-Casaï 58 | </font><span
style="font-size: x-small;">1216
Cointrin | Switzerland</span></div>
<div
style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font><font
style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px;"
size="1"><b>Stay connected with <a
href="http://www.wisekey.com"
moz-do-not-send="true"><font
color="#f62400">WISeKey</font></a><br>
</b></font></font><span
style="caret-color: rgb(0, 0, 0); color: rgb(169, 169, 169); font-size: 10px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; orphans: 2; widows: 2;"><br>
</span></div>
<div
style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; line-height: normal; text-align: start; text-indent: 0px;">
<div
style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span
style="orphans: 2; widows: 2;"><font
size="1" color="#78a600"><b>THIS
IS A TRUSTED MAIL</b>: This
message is digitally signed with
a WISeKey identity. If you get a
mail from WISeKey please check
the signature to avoid security
risks</font></span></div>
<div
style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span
style="orphans: 2; widows: 2; font-size: 9px;"><font color="#a9a9a9"><br>
</font></span></div>
<div
style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;">
<div style="orphans: 2; widows: 2;"><font
style="font-size: 9px;"
color="#a9a9a9"><b>CONFIDENTIALITY: </b>This
email and any files
transmitted with it can be
confidential and it’s intended
solely for the use of
the individual or entity to
which they are addressed. If you
are not the named addressee
you should not
disseminate, distribute or copy
this e-mail. If you have
received this email in error
please notify the sender</font></div>
<div style="orphans: 2; widows: 2;"><font
style="font-size: 9px;"
color="#a9a9a9"><br>
</font></div>
<div style="orphans: 2; widows: 2;"><font
style="font-size: 9px;"
color="#a9a9a9"><b>DISCLAIMER: </b>WISeKey
does not warrant the accuracy
or completeness of this message
and does not accept
any liability for any errors or
omissions herein as this message
has been transmitted over a
public network. Internet
communications cannot be
guaranteed to be secure or
error-free as information may be
intercepted, corrupted,
or contain viruses. Attachments
to this e-mail are checked for
viruses; however, we do not
accept any liability for any
damage sustained by
viruses and therefore you are
kindly requested to check for
viruses upon receipt.</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>