<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body dir="ltr">
Forwarding to the mailing list because it did not appear in the <a
href="https://lists.cabforum.org/pipermail/servercert-wg/2024-July/thread.html">archive</a>.
<br>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Subject:
</th>
<td>Re: [Servercert-wg] Discussion Period Begins - Ballot
SC-067 V3: "Require domain validation and CAA checks to be
performed from multiple Network Perspectives"</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Date: </th>
<td>Thu, 4 Jul 2024 09:27:16 +0000</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">From: </th>
<td>Rob Stradling via Servercert-wg <a
class="moz-txt-link-rfc2396E"
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"><servercert-wg@cabforum.org></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Reply-To:
</th>
<td>Rob Stradling <a class="moz-txt-link-rfc2396E"
href="mailto:rob@sectigo.com" moz-do-not-send="true"><rob@sectigo.com></a>,
CA/B Forum Server Certificate WG Public Discussion List <a
class="moz-txt-link-rfc2396E"
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"><servercert-wg@cabforum.org></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">To: </th>
<td>So, Nicol <a class="moz-txt-link-rfc2396E"
href="mailto:nicol.so@commscope.com"
moz-do-not-send="true"><nicol.so@commscope.com></a>,
CA/B Forum Server Certificate WG Public Discussion List <a
class="moz-txt-link-rfc2396E"
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"><servercert-wg@cabforum.org></a>,
Chris Clements <a class="moz-txt-link-rfc2396E"
href="mailto:cclements@google.com"
moz-do-not-send="true"><cclements@google.com></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
IANAL, but...</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
That <a
href="https://patents.google.com/patent/US11700263B2/en"
title="https://patents.google.com/patent/US11700263B2/en"
moz-do-not-send="true"> patent</a> was filed on 2019-10-11.<br>
<br>
</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
The <a
href="https://www.princeton.edu/~pmittal/publications/bgp-tls-usenix18.pdf"
id="OWAddf1aaf9-a68d-5b34-583a-787face71057"
class="OWAAutoLink"
title="https://www.princeton.edu/~pmittal/publications/bgp-tls-usenix18.pdf"
moz-do-not-send="true"> Princeton paper</a> that first
highlighted the need for MPIC in the WebPKI dates back to <u>2018</u>,
and section 5.1.3 of that paper describes <i>"Let’s Encrypt’s
preliminary deployment of multiple vantage points in their
staging environment"</i>.</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<hr style="display: inline-block; width: 98%;">
<div id="divRplyFwdMsg" dir="ltr"><span
style="font-family: Calibri, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);"><b>From:</b> Servercert-wg
<a class="moz-txt-link-rfc2396E"
href="mailto:servercert-wg-bounces@cabforum.org"
moz-do-not-send="true"><servercert-wg-bounces@cabforum.org></a>
on behalf of Chris Clements via Servercert-wg <a
class="moz-txt-link-rfc2396E"
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Sent:</b> 01 July 2024 21:42<br>
<b>To:</b> So, Nicol <a class="moz-txt-link-rfc2396E"
href="mailto:nicol.so@commscope.com" moz-do-not-send="true"><nicol.so@commscope.com></a>;
CA/B Forum Server Certificate WG Public Discussion List <a
class="moz-txt-link-rfc2396E"
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b> Re: [Servercert-wg] Discussion Period Begins -
Ballot SC-067 V3: "Require domain validation and CAA checks to
be performed from multiple Network Perspectives"</span>
<div> </div>
</div>
<div
style="text-align: left; line-height: 12pt; background-color: rgb(250, 250, 3); padding: 2pt; border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); font-family: Calibri; font-size: 10pt;">
<span style="color: rgb(0, 0, 0);">CAUTION:</span><span
style="color: black;"> This email originated from outside of
the organization. Do not click links or open attachments
unless you recognize the sender and know the content is safe.</span></div>
<br>
<div style="direction: ltr;">All,<br>
<br>
We have considered the communication from CommScope dated May
30, 2024.<br>
<br>
We would like to proceed with a vote on Ballot SC-067 V3 on July
15, 2024. If any SCWG participant has questions regarding the
communication or the referenced patent, we encourage them to
seek legal counsel.<br>
<br>
Thank you<br>
-Chris</div>
<br>
<div style="direction: ltr;">On Thu, May 30, 2024 at 4:50 PM So,
Nicol via Servercert-wg <<a
href="mailto:servercert-wg@cabforum.org"
id="OWAfc317a79-bd9e-4d12-4be4-2b6962613068"
class="OWAAutoLink moz-txt-link-freetext"
moz-do-not-send="true">servercert-wg@cabforum.org</a>>
wrote:</div>
<blockquote
style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left: 1px solid rgb(204, 204, 204);">
<p>I’ve come to be aware of a granted US patent that <i>seems</i> relevant
to the subject matter of Ballot SC-067 V3. The patent is US
11700263 B2 [1]. I don’t know whether the patent has been
considered in previous discussions in the CA/B Forum or the
SCWG, but I thought I should bring it to the attention of SCWG
members, in case it has not.</p>
<p> </p>
<p>If the patent has not been considered previously, I propose
that we extend the discussion period of this ballot so that
members have an opportunity to consult with their legal
counsel for advice.</p>
<p> </p>
<p>CommScope expresses no opinion on the patent, including but
not limited to its validity and whether it covers the
practices introduced in Ballot SC-067 V3.</p>
<p> </p>
<p>Best regards,</p>
<p>Nicol So</p>
<p>CommScope</p>
<p> </p>
<p>[1] <a
href="https://patents.google.com/patent/US11700263B2/en"
id="OWA35d8b327-a5a6-6642-3937-a71d914889b0"
class="OWAAutoLink moz-txt-link-freetext"
shash="KI5er9caNbi+meja2LFilurQg8geBW/oKXzaoI+wLNwREJD4U/GOhUu7pIL69BFS5PeqfcfykC73B1vMy+nuGOiBJ7n4iOFwgQILRYnJzrufoUxY9O/SVvln1Z8Qpxgp0gc1k5v9dzEmmL5mIjCZNRPaAz9RZqhR/nDYQR49ykQ="
originalsrc="https://patents.google.com/patent/US11700263B2/en"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">
https://patents.google.com/patent/US11700263B2/en</a></p>
<p> </p>
<div
style="padding: 3pt 0in 0in; border-top: 1pt solid rgb(225, 225, 225);">
<p><b>From:</b> Servercert-wg <<a
href="mailto:servercert-wg-bounces@cabforum.org"
id="OWA2bfafae1-0c8e-27cf-61d6-164cbe4a0a82"
class="OWAAutoLink moz-txt-link-freetext"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">servercert-wg-bounces@cabforum.org</a>>
<b>On Behalf Of </b>Chris Clements via Servercert-wg<br>
<b>Sent:</b> Monday, May 20, 2024 10:30 AM<br>
<b>To:</b> CA/B Forum Server Certificate WG Public
Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
id="OWAccab327c-9805-4875-64eb-f77517fb8aa3"
class="OWAAutoLink moz-txt-link-freetext"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">servercert-wg@cabforum.org</a>><br>
<b>Subject:</b> [Servercert-wg] Discussion Period Begins -
Ballot SC-067 V3: "Require domain validation and CAA checks
to be performed from multiple Network Perspectives"</p>
</div>
<p> </p>
<p> </p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"><b>Purpose
of Ballot SC-067 V3</b>:</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">This
Ballot proposes updates to the <i>Baseline Requirements for
the Issuance and Management of Publicly-Trusted TLS Server
Certificates</i> (i.e., TLS BRs) related to
“Multi-Perspective Issuance Corroboration” (“MPIC”).</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"><b>Background</b>:</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">- MPIC
refers to performing domain validation and CAA checks from
multiple Network Perspectives before certificate issuance,
as described within the Ballot for the applicable validation
methods in TLS BR Sections 3.2.2.4 and 3.2.2.5.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">- Not
all methods described in TLS BR Sections 3.2.2.4 and 3.2.2.5
will require using MPIC.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">- This
work was most recently motivated by research presented at
Face-to-Face 58 [1] by Princeton University, but has been
discussed for years prior as well.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">- The
goal of this proposal is to make it more difficult for
adversaries to successfully launch equally-specific prefix
attacks against the domain validation processes described in
the TLS BRs.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">-
Additional background information can be found in an update
shared at Face-to-Face 60 [2].</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"><b>Benefits
of Adoption</b>:</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">- Recent
publicly-documented attacks have used BGP hijacks to fool
domain control validation and obtain malicious certificates,
which led to the impersonation of HTTPS websites [3][</span><span
style="font-family: Arial, sans-serif; color: black;">4</span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">].</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">-
Routing security defenses (e.g., RPKI) can mitigate the risk
of global BGP attacks, but localized, equally-specific BGP
attacks still pose a significant threat to the Web PKI
[5][6].</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">-
Corroborating domain control validation checks from multiple
network perspectives (i.e., MPIC) spread across the Internet
substantially reduces the threat posed by equally-specific
BGP attacks, ensuring the integrity of domain validation and
issuance decisions [5][7][8].</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">-
Existing deployments of MPIC at the scale of millions of
certificates a day demonstrate the feasibility of this
technique at Internet scale [7][9].</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"><b>Intellectual
Property (IP) Disclosure</b>:</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">- While
not a Server Certificate Working Group Member, researchers
from Princeton University presented at Face-to-Face 58,
provided academic expertise, and highlighted
publicly-available peer-reviewed research to support Members
in drafting this ballot.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">- The
Princeton University researchers indicate that they have not
filed for any patents relating to their MPIC work and do not
plan to do so in the future.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">-
Princeton University has indicated that it is unable to
agree to the CA/Browser Forum IPR agreement because it could
encumber inventions invented by researchers not involved in
the development of MPIC or with the CA/B Forum.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">-
Princeton University has instead provided the attached IPR
statement. Pursuant to the IPR statement, Princeton
University has granted a worldwide royalty free license to
the intellectual property in MPIC developed by the
researchers and has made representations regarding its lack
of knowledge of any other Princeton intellectual property
needed to implement MPIC.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">- The
attached IPR statement has not changed since disclosed in
Discussion Round 1.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;">- For
clarity, Princeton University’s IPR statement is NOT
intended to replace the Forum’s IPR agreement or allow
Princeton to participate in the Forum in any capacity.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;">-
Members seeking legal advice regarding this ballot should
consult their own counsel.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"><b>Proposal
Revision History</b>:</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">-
Pre-Ballot Release #1 (work team artifacts and broader
Validation Subcommittee collaboration) [10]</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">-
Pre-Ballot Release #2 [11]</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"><b>Previous
versions of this Ballot</b>:</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);">-</span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> Ballot
Release #1 [12] (comparing Version 2 to Version 1) [13].
Note, some of the changes represented in the comparison are
updates made by other ballots that have since passed (e.g.,
SC-069).</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">- Ballot
Release #2 [14] (comparing Version 3 to Version 2) [15].
Note, some of the changes represented in the comparison are
updates made by other ballots that have since passed (e.g.,
SC-072).</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"><b>References</b>:</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[1] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://cabforum.org/wp-content/uploads/13-CAB-Forum-face-to-face-multiple-vantage-points.pdf"
id="OWA96bcea31-5655-b960-5709-7a34f011e8dd"
class="OWAAutoLink moz-txt-link-freetext"
shash="Xk0MnGqFZL0oaqB7MOLpPDuJRiWt65ODfjcIRcXZ/cjOsiVxkHqqceh6PChL51KghwkbkXFAzzzftEmSy5YvmaCLWGfJq1AmxcWkc0OkyjiQpGxKbrTwv61+JxdiegIXyTu0X1xt3W6VxjXOLc3d9dOPKZPjnpWAR7AypnhwxaE="
originalsrc="https://cabforum.org/wp-content/uploads/13-CAB-Forum-face-to-face-multiple-vantage-points.pdf"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://cabforum.org/wp-content/uploads/13-CAB-Forum-face-to-face-multiple-vantage-points.pdf</a></span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[2] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://drive.google.com/file/d/1LTwtAwHXcSaPVSsqKQztNJrV2ozHJ7ZL/view?usp=drive_link"
id="OWAfdc5a709-7bb0-69fe-5b4a-c37b3ef32543"
class="OWAAutoLink moz-txt-link-freetext"
shash="Xsm71vt1DPtEEOGgr+Oiazp7s+TS4SfPdAsKLNhFbctfNmh4F5QrKtRW+HeJ3+xwam8LBXjO3zVbj36uhhc/HSovjg3Zy2wNQ9rbi+dXZntcgf3Lq6Ke5DgnxJHVVryZCqI4ebwfQipAEh78VLpYfbUIQ5h40xqKc52RFUoo7bs="
originalsrc="https://drive.google.com/file/d/1LTwtAwHXcSaPVSsqKQztNJrV2ozHJ7ZL/view?usp=drive_link"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://drive.google.com/file/d/1LTwtAwHXcSaPVSsqKQztNJrV2ozHJ7ZL/view?usp=drive_link</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[3] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600"
id="OWA931b6e8a-b2b3-76f5-9da0-afd6ffd241c6"
class="OWAAutoLink moz-txt-link-freetext"
shash="l5qh8wqB+9GpRkpOe4bXKmg0ZX1oZcPx+gQZJdECyaLrXM/XF1h5Fp4dC1DbPM8C+AKXJGweeY66IHSB0/pNWdd75dHW27ggMpZuVVEOUNKY3T15D4XO7a+jfv00WpdFBE5m9D8z+7y70B73J0FVM8Pt1wD4L8shfxHyyL20AH4="
originalsrc="https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[4] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://www.coinbase.com/blog/celer-bridge-incident-analysis"
id="OWA4afb5b40-ed4c-3fa6-8627-c42abd5d36cd"
class="OWAAutoLink moz-txt-link-freetext"
shash="IHbGADwpSk5ZHvDa8O0fm3VIsgiM1c3wJjL297M7w3O2Xo7r4mN8U+fHxytg3NDF7e5J3x/f8uMyjWnNqSNhjXYvmALgiQKMLdKHDnpxJM5OzCSHUWVrzLg6NxtMNA6tlGmhr/soYB41dSrFW+C70ak6xMfh0DH20u6jWq/IX1o="
originalsrc="https://www.coinbase.com/blog/celer-bridge-incident-analysis"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://www.coinbase.com/blog/celer-bridge-incident-analysis</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[5] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://www.usenix.org/conference/usenixsecurity23/presentation/cimaszewski"
id="OWA39be42d6-034d-ab0f-5371-2f59233ebc96"
class="OWAAutoLink moz-txt-link-freetext"
shash="DHlLXRU/1q815t7wHqVnAgtbumwIdzkOU7opuWw7rGc60DOOiKUdn4SqCJqrOPoy0FNIgXxHOfS7+sn5zxTIQ8GYpfED8lK/752967z1URSIaM67LOCUhVQHq1Z8Gv9duA3rYUJVUmvBefhqXjvluKxlOy0cXec6us7+NLHOgpw="
originalsrc="https://www.usenix.org/conference/usenixsecurity23/presentation/cimaszewski"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://www.usenix.org/conference/usenixsecurity23/presentation/cimaszewski</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[6] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://www.blackhat.com/docs/us-15/materials/us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking-wp.pdf"
id="OWA98ec0a18-9a83-04a0-a8a5-0d366458dd0d"
class="OWAAutoLink moz-txt-link-freetext"
shash="i4lO2Lto4NlZZAuB4In3iUWnC+kq/ABvN17i++MLdkwajnIBh2HyvmwCRRCsp72k9CmvZKdKh7068GDcZL8yKX+g6y/kJfkjgRF+KnqRgB7DXpwHDf01JbRMFQ5VFEP79PdVSWU9sqWDb8BVWmaiVKerVartPaP5T5gegZX0+v4="
originalsrc="https://www.blackhat.com/docs/us-15/materials/us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking-wp.pdf"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://www.blackhat.com/docs/us-15/materials/us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking-wp.pdf</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[7] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://www.usenix.org/conference/usenixsecurity21/presentation/birge-lee"
id="OWAd5c3ba1e-e2dc-4f5c-70f9-8a47dd3c3df6"
class="OWAAutoLink moz-txt-link-freetext"
shash="FjDmTZImKUJfKeYuO6d1LEhY7ZWuhPzvsYRHgGsJ6fsQWqIhRsbGP3GON/4uWCzF64wphnB9R2yPu+oJ+6y6TWfcLCxkmdBebzWi2/60CgOfJTHt96EW4RV/FpXAU0t8k5h26qfc+AStTMuxtl51XIXzQnJgdRA5TZR3B71zYjg="
originalsrc="https://www.usenix.org/conference/usenixsecurity21/presentation/birge-lee"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://www.usenix.org/conference/usenixsecurity21/presentation/birge-lee</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[8] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee"
id="OWAbd61ffde-6fc9-5545-ffbf-603ca10c6e8b"
class="OWAAutoLink moz-txt-link-freetext"
shash="T1yLWLcViWfIeqywoA5NMVlc4LH5lRxLaDB+CzZgyUGYsLM6MJnK3JPe4inpewWXorV2bltQMgLSOonevGCI8rA9NpfHWfbnEpPNfAl+Ag4uEbNR8KAFuLX6mQU5iCi7kZ2Pge8s/CsjrooxtmCNiI4Mz+A6EbMF2OmnOAw22I0="
originalsrc="https://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[9] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html"
id="OWAdb5167a3-cddb-94d6-8aee-c154ae874b3f"
class="OWAAutoLink moz-txt-link-freetext"
shash="e0bVpsf/oIZhI2ysc2nLbURY0725thLnqUfD4FiRiHvIIv2/5fYdYqjl0Pdbf/Kf+RzvMr236tqWxy/1N1aZNCkJ+2BBehC7V4gRUNFVy1XxLtysm9I5u+WtvFaTJuZepZZKSlqCnP3D8vcQiyZqS0giOUjy7saNODc6QqF94WA="
originalsrc="https://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[10] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://github.com/ryancdickson/staging/pull/6"
id="OWA0a35cbb9-310d-f642-b92b-b00da115e5e3"
class="OWAAutoLink moz-txt-link-freetext"
shash="q9/U98ABz3vxnZ31iBruB9i+XCK2NqgxhDBgXxrwN/hk4sh6rL964UYVO8Xzzg3SdRUG4CD6nKTjVSfilAZKTTksQDPgZTMCOByBSuE6o+sCWrNkaIW1bmgOjIN6l4ebj96v4Z1Sbalcb1Embf7WD2GUDWCDPN4Z9XoUE+5+4Zk="
originalsrc="https://github.com/ryancdickson/staging/pull/6"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://github.com/ryancdickson/staging/pull/6</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[11] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://github.com/ryancdickson/staging/pull/8"
id="OWA75b8ad0c-ad94-6c1f-bea9-bbe604d25230"
class="OWAAutoLink moz-txt-link-freetext"
shash="gv/4W7V0fuOZvKeT8FCgul8zRqNOuZhAvvx9mKYVKi3z/N634EHMw7VvgdQsOH3mXQjDylQG1w1Z9ygYrLzDFhNPF+1pdO05FKnRPlp48Zga0+52LezFSU02i0w2BbW2RvVoBvi5n2zEjoH4bC4NhcVCAnkVTCZ3w/KlITA1k/Y="
originalsrc="https://github.com/ryancdickson/staging/pull/8"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://github.com/ryancdickson/staging/pull/8</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[12] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://github.com/cabforum/servercert/pull/487"
id="OWA177ad678-568e-4b84-da5b-ee3dbc22bf9c"
class="OWAAutoLink moz-txt-link-freetext"
shash="EO0E8B8OVotM2KaFGXJIx9vZwbPN8eq1a2Hp5fUKhjdFPydoQg3LbYAKrnukca0dgNNNpIKKSKoW684UeAfThfGaMyA76Mv7U/N7RCVQRGU3f+uvi+9eLrBL6IfasjU/Kz3JTj2hr8xZ0CEr6fhzGo2qxHIyElrdCM3kTEMMaKg="
originalsrc="https://github.com/cabforum/servercert/pull/487"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://github.com/cabforum/servercert/pull/487</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[13] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://github.com/cabforum/servercert/compare/6d10abda8980c6eb941987d3fc26e753e62858c0..5224983ef0a6f94c18808ea3469e7a5ae35746e5"
id="OWAb6fe0854-27bf-26ee-0a0d-ef7eb4c4b264"
class="OWAAutoLink moz-txt-link-freetext"
shash="QwehM4jEPeHrMZ9jbLvpTGeyprVhLd3dUjJXrAeTxt2/388H+XYnlTlCnEczcrTVqUS7qZ700sQn54Dk8VoGtOvGJeKa7Z8z6I0B+igSwCMCWMWlGKCpZ/hHeV2LV3gLecGsw3NAmx9zcbCTu+ZADrfrtFB9QVbWuwfiZlJp0BE="
originalsrc="https://github.com/cabforum/servercert/compare/6d10abda8980c6eb941987d3fc26e753e62858c0..5224983ef0a6f94c18808ea3469e7a5ae35746e5"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://github.com/cabforum/servercert/compare/6d10abda8980c6eb941987d3fc26e753e62858c0..5224983ef0a6f94c18808ea3469e7a5ae35746e5</a></span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[14] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://github.com/cabforum/servercert/pull/507"
id="OWA8d2abece-b0f4-c9d5-aedc-4fb55ca354f4"
class="OWAAutoLink moz-txt-link-freetext"
shash="EnPGdIpcv/khYPOxNizEQar/y/8147KwJtOsXszRpAF6GYVUP/6lEojjaO0ScUcdMknykF6iLQJhIWwca6v2q9drV9DEiwmwvYzKdRIXh28OAj+wjnuXKEc3lyjrwko9nE/WeG2JdpWVGOwJ1KuodZC5arZLRvOGpkjo10Yy74w="
originalsrc="https://github.com/cabforum/servercert/pull/507"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://github.com/cabforum/servercert/pull/507</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">[15] </span><span
style="font-family: Arial, sans-serif;"><a
href="https://github.com/cabforum/servercert/compare/5224983ef0a6f94c18808ea3469e7a5ae35746e5..2dcf1a8fe5fc7b6a864b5767ab1db718bc447463"
id="OWA515f9603-ffdb-037a-f6a8-5f81d90522b6"
class="OWAAutoLink moz-txt-link-freetext"
shash="sOxoV1ek4yMCU6u2ZwryYgWQ8RxgM7bfA2bkjsiA7gH+y7K6Ry4sGwHKzAc9/GeCipgFpAoidIVaS9909Enec5xpMnYZ9JcLTimfNRfZwq6c3ZdVDYdm3px0Vh2BfDLw1hQMCjyc1CmUZFwML5ZCvWvPhdTKaR/qHuaWWWeRBfc="
originalsrc="https://github.com/cabforum/servercert/compare/5224983ef0a6f94c18808ea3469e7a5ae35746e5..2dcf1a8fe5fc7b6a864b5767ab1db718bc447463"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://github.com/cabforum/servercert/compare/5224983ef0a6f94c18808ea3469e7a5ae35746e5..2dcf1a8fe5fc7b6a864b5767ab1db718bc447463</a></span><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(14, 16, 26);">The
following motion has been proposed by Chris Clements and
Ryan Dickson of Google (Chrome Root Program) and endorsed by
Aaron Gable (ISRG / Let’s Encrypt) and Wayne Thayer
(Fastly). </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;"><b>—
Motion Begins —</b></span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;">This
ballot modifies the “Baseline Requirements for the Issuance
and Management of Publicly-Trusted TLS Server Certificates”
(“Baseline Requirements”), based on Version 2.0.4.</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;">MODIFY
the Baseline Requirements as specified in the following
Redline:</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif;"><a
href="https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2..2dcf1a8fe5fc7b6a864b5767ab1db718bc447463"
id="OWA0c08fb7f-938d-8349-6c8d-b105c7a7f571"
class="OWAAutoLink moz-txt-link-freetext"
shash="BxEuGqMf4rRvqwSPzIBpx3HN6iupvtXd57CQFn89xFrKdauoZkBPgP1o/SYmH75Z8W2OEUuU9FrIzHk2MNnJV/wfeSm3vktptdhlazGDApIIHuDj2SQlv83uZVEVOAHkU/1KwHLZJlVcoCPNWA8f/5NpXzRiJs+V3S4EJS0tH7c="
originalsrc="https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2..2dcf1a8fe5fc7b6a864b5767ab1db718bc447463"
data-auth="Verified"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2..2dcf1a8fe5fc7b6a864b5767ab1db718bc447463</a></span><span
style="font-family: Arial, sans-serif; color: black;"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;"><b>—
Motion Ends —</b></span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;">This
ballot proposes a Final Maintenance Guideline. The procedure
for approval of this ballot is as follows:</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;"><b>Discussion
(at least 11 days)</b></span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;">-
Start: 2024-05-20 14:30:00 UTC</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;">- End
no earlier than: 2024-05-31 14:30:00 UTC</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: rgb(80, 0, 80);"> </span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;"><b>Vote
for approval (7 days)</b></span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;">-
Start: TBD</span></p>
<p style="margin: 0in;"><span
style="font-family: Arial, sans-serif; color: black;">- End:
TBD</span></p>
<p> </p>
_______________________________________________<br>
Servercert-wg mailing list<br>
<a href="mailto:Servercert-wg@cabforum.org"
id="OWA919e6c83-7fa6-3ba1-6a61-a085ef030974"
class="OWAAutoLink moz-txt-link-freetext"
moz-do-not-send="true">Servercert-wg@cabforum.org</a><br>
<a
href="https://lists.cabforum.org/mailman/listinfo/servercert-wg"
id="OWA94b04bcf-c1b7-7961-f97d-61a7c826cbda"
class="OWAAutoLink moz-txt-link-freetext"
shash="bOLcWSHxQFeyxs2MKn4jXz9hF8QxaFVIDbomt4w7kc0ieRKbw7NxVs3LeZYXM6YLS7LxJ4Bxb8/KoyHeEUyKiuklndUl2+NQB2RRfX55eLyPZ/yI9gcD45XuLlzRqIRh9xnVxzMZQETfSwshKnkOqiFDwyIWc6Taj2PiGpM+aoI="
originalsrc="https://lists.cabforum.org/mailman/listinfo/servercert-wg"
data-auth="Verified" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
</blockquote>
</div>
</body>
</html>