<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o=

"urn:schemas-microsoft-com:office:office" xmlns:w=

"urn:schemas-microsoft-com:office:word" xmlns:m=

"http://schemas.microsoft.com/office/2004/12/omml" xmlns=

"http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=big5">

<meta name="Generator" content=

"Microsoft Word 15 (filtered medium)">

<style>

<!--

/* Font Definitions */

@font-face

        {font-family:新細明體;

        panose-1:2 2 5 0 0 0 0 0 0 0;}

@font-face

        {font-family:細明體;

        panose-1:2 2 5 9 0 0 0 0 0 0;}

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Aptos;}

@font-face

        {font-family:"\@新細明體";

        panose-1:2 1 6 1 0 1 1 1 1 1;}

@font-face

        {font-family:"Microsoft JhengHei UI";

        panose-1:2 11 6 4 3 5 4 4 2 4;}

@font-face

        {font-family:"\@Microsoft JhengHei UI";}

@font-face

        {font-family:"\@細明體";

        panose-1:2 1 6 9 0 1 1 1 1 1;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        font-size:12.0pt;

        font-family:"新細明體",serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

span.EmailStyle21

        {mso-style-type:personal-reply;

        font-family:"Aptos",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;}

@page WordSection1

        {size:612.0pt 792.0pt;

        margin:72.0pt 90.0pt 72.0pt 90.0pt;}

div.WordSection1

        {page:WordSection1;}

-->

</style>

<!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

<title></title>

</head>

<body lang="ZH-TW" link="blue" vlink="purple" style=

"word-wrap:break-word">

<div class="WordSection1">

<p class="MsoNormal"><span lang="EN-US" style=

"font-family:"Microsoft JhengHei UI",sans-serif">Chunghwa

Telecom votes YES on Ballot SC-067 V3<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style=

"font-family:"Aptos",sans-serif"><o:p> </o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style=

"font-family:"Microsoft JhengHei UI",sans-serif">Best

regards, <o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style=

"font-family:"Microsoft JhengHei UI",sans-serif">Chunghwa

Telecom Co., Ltd., <o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style=

"font-family:"Microsoft JhengHei UI",sans-serif">Tsung-Min

Kuo, Ph.D. <o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style=

"font-family:"Aptos",sans-serif"><o:p> </o:p></span></p>

<div style=

"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal"><b><span lang="EN-US" style=

"font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b>

<span lang="EN-US" style=

"font-size:11.0pt;font-family:"Calibri",sans-serif">Servercert-wg

<servercert-wg-bounces@cabforum.org> <b>On Behalf Of</b>

Chris Clements via Servercert-wg<br>

<b>Sent:</b> Monday, July 15, 2024 11:30 PM<br>

<b>To:</b> CA/B Forum Server Certificate WG Public Discussion List

<servercert-wg@cabforum.org><br>

<b>Subject:</b> [</span><span style=

"font-size:11.0pt">外部郵件</span><span lang="EN-US" style=

"font-size:11.0pt;font-family:"Calibri",sans-serif">][Servercert-wg]

Voting Period Begins - Ballot SC-067 V3: "Require domain

validation and CAA checks to be performed from multiple Network

Perspectives"<o:p></o:p></span></p>

</div>

<p class="MsoNormal"><span lang=

"EN-US"><o:p> </o:p></span></p>

<div>

<p style="margin:0cm"><b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">Purpose of

Ballot SC-067 V3</span></b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">:</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">This

Ballot proposes updates to the <i>Baseline Requirements for the

Issuance and Management of Publicly-Trusted TLS Server

Certificates</i> (i.e., TLS BRs) related to “Multi-Perspective

Issuance Corroboration” (“MPIC”).</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">Background</span></b><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A">:</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">- MPIC

refers to performing domain validation and CAA checks from multiple

Network Perspectives before certificate issuance, as described

within the Ballot for the applicable validation methods in TLS BR

Sections 3.2.2.4 and 3.2.2.5.</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">- Not all

methods described in TLS BR Sections 3.2.2.4 and 3.2.2.5 will

require using MPIC.</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">- This

work was most recently motivated by research presented at

Face-to-Face 58 [1] by Princeton University, but has been discussed

for years prior as well.</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">- The goal

of this proposal is to make it more difficult for adversaries to

successfully launch equally-specific prefix attacks against the

domain validation processes described in the TLS

BRs.</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">-

Additional background information can be found in an update shared

at Face-to-Face 60 [2].</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">Benefits

of Adoption</span></b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">:</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">- Recent

publicly-documented attacks have used BGP hijacks to fool domain

control validation and obtain malicious certificates, which led to

the impersonation of HTTPS websites [3][</span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:black">4</span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A">].</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">- Routing

security defenses (e.g., RPKI) can mitigate the risk of global BGP

attacks, but localized, equally-specific BGP attacks still pose a

significant threat to the Web PKI [5][6].</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">-

Corroborating domain control validation checks from multiple

network perspectives (i.e., MPIC) spread across the Internet

substantially reduces the threat posed by equally-specific BGP

attacks, ensuring the integrity of domain validation and issuance

decisions [5][7][8].</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">- Existing

deployments of MPIC at the scale of millions of certificates a day

demonstrate the feasibility of this technique at Internet scale

[7][9].</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">Intellectual

Property (IP) Disclosure</span></b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">:</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">- While

not a Server Certificate Working Group Member, researchers from

Princeton University presented at Face-to-Face 58, provided

academic expertise, and highlighted publicly-available

peer-reviewed research to support Members in drafting this

ballot.</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">- The

Princeton University researchers indicate that they have not filed

for any patents relating to their MPIC work and do not plan to do

so in the future.</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">-

Princeton University has indicated that it is unable to agree to

the CA/Browser Forum IPR agreement because it could encumber

inventions invented by researchers not involved in the development

of MPIC or with the CA/B Forum.</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">-

Princeton University has instead provided the attached IPR

statement. Pursuant to the IPR statement, Princeton University has

granted a worldwide royalty free license to the intellectual

property in MPIC developed by the researchers and has made

representations regarding its lack of knowledge of any other

Princeton intellectual property needed to implement

MPIC.</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">- The

attached IPR statement has not changed since disclosed in

Discussion Round 1.</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">- For

clarity, Princeton University’s IPR statement is NOT intended to

replace the Forum’s IPR agreement or allow Princeton to participate

in the Forum in any capacity.</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">- Members

seeking legal advice regarding this ballot should consult their own

counsel.</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">Proposal

Revision History</span></b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">:</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">-

Pre-Ballot Release #1 (work team artifacts and broader Validation

Subcommittee collaboration) [10]</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">-

Pre-Ballot Release #2 [11]</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">Previous

versions of this Ballot</span></b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">:</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#500050">-</span>

<span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">Ballot

Release #1 [12] (comparing Version 2 to Version 1) [13]. Note, some

of the changes represented in the comparison are updates made by

other ballots that have since passed (e.g.,

SC-069).</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">- Ballot

Release #2 [14] (comparing Version 3 to Version 2) [15]. Note, some

of the changes represented in the comparison are updates made by

other ballots that have since passed (e.g.,

SC-072).</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">References</span></b><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A">:</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[1]</span>

<span lang="EN-US"><a href=

"https://cabforum.org/wp-content/uploads/13-CAB-Forum-face-to-face-multiple-vantage-points.pdf">

<span style=

"font-family:"Arial",sans-serif">https://cabforum.org/wp-content/uploads/13-CAB-Forum-face-to-face-multiple-vantage-points.pdf</span></a><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[2]</span>

<span lang="EN-US"><a href=

"https://drive.google.com/file/d/1LTwtAwHXcSaPVSsqKQztNJrV2ozHJ7ZL/view?usp=drive_link">

<span style=

"font-family:"Arial",sans-serif">https://drive.google.com/file/d/1LTwtAwHXcSaPVSsqKQztNJrV2ozHJ7ZL/view?usp=drive_link</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[3]</span>

<span lang="EN-US"><a href=

"https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600">

<span style=

"font-family:"Arial",sans-serif">https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[4]</span>

<span lang="EN-US"><a href=

"https://www.coinbase.com/blog/celer-bridge-incident-analysis"><span style="font-family:"Arial",sans-serif">

https://www.coinbase.com/blog/celer-bridge-incident-analysis</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[5]</span>

<span lang="EN-US"><a href=

"https://www.usenix.org/conference/usenixsecurity23/presentation/cimaszewski">

<span style=

"font-family:"Arial",sans-serif">https://www.usenix.org/conference/usenixsecurity23/presentation/cimaszewski</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A">  </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[6]</span>

<span lang="EN-US"><a href=

"https://www.blackhat.com/docs/us-15/materials/us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking-wp.pdf">

<span style=

"font-family:"Arial",sans-serif">https://www.blackhat.com/docs/us-15/materials/us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking-wp.pdf</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[7]</span>

<span lang="EN-US"><a href=

"https://www.usenix.org/conference/usenixsecurity21/presentation/birge-lee">

<span style=

"font-family:"Arial",sans-serif">https://www.usenix.org/conference/usenixsecurity21/presentation/birge-lee</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[8]</span>

<span lang="EN-US"><a href=

"https://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee">

<span style=

"font-family:"Arial",sans-serif">https://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[9]</span>

<span lang="EN-US"><a href=

"https://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html">

<span style=

"font-family:"Arial",sans-serif">https://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[10]</span>

<span lang="EN-US"><a href=

"https://github.com/ryancdickson/staging/pull/6"><span style=

"font-family:"Arial",sans-serif">https://github.com/ryancdickson/staging/pull/6</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[11]</span>

<span lang="EN-US"><a href=

"https://github.com/ryancdickson/staging/pull/8"><span style=

"font-family:"Arial",sans-serif">https://github.com/ryancdickson/staging/pull/8</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[12]</span>

<span lang="EN-US"><a href=

"https://github.com/cabforum/servercert/pull/487"><span style=

"font-family:"Arial",sans-serif">https://github.com/cabforum/servercert/pull/487</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[13]</span>

<span lang="EN-US"><a href=

"https://github.com/cabforum/servercert/compare/6d10abda8980c6eb941987d3fc26e753e62858c0..5224983ef0a6f94c18808ea3469e7a5ae35746e5">

<span style=

"font-family:"Arial",sans-serif">https://github.com/cabforum/servercert/compare/6d10abda8980c6eb941987d3fc26e753e62858c0..5224983ef0a6f94c18808ea3469e7a5ae35746e5</span></a><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[14]</span>

<span lang="EN-US"><a href=

"https://github.com/cabforum/servercert/pull/507"><span style=

"font-family:"Arial",sans-serif">https://github.com/cabforum/servercert/pull/507</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:#0E101A"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">[15]</span>

<span lang="EN-US"><a href=

"https://github.com/cabforum/servercert/compare/5224983ef0a6f94c18808ea3469e7a5ae35746e5..2dcf1a8fe5fc7b6a864b5767ab1db718bc447463">

<span style=

"font-family:"Arial",sans-serif">https://github.com/cabforum/servercert/compare/5224983ef0a6f94c18808ea3469e7a5ae35746e5..2dcf1a8fe5fc7b6a864b5767ab1db718bc447463</span></a><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:#0E101A">The

following motion has been proposed by Chris Clements and Ryan

Dickson of Google (Chrome Root Program) and endorsed by Aaron Gable

(ISRG / Let’s Encrypt) and Wayne Thayer

(Fastly). </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">— Motion

Begins —</span></b><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">This ballot

modifies the “Baseline Requirements for the Issuance and Management

of Publicly-Trusted TLS Server Certificates” (“Baseline

Requirements”), based on Version 2.0.4.</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">MODIFY the

Baseline Requirements as specified in the following

Redline:</span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US"><a href=

"https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2..2dcf1a8fe5fc7b6a864b5767ab1db718bc447463">

<span style=

"font-family:"Arial",sans-serif">https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2..2dcf1a8fe5fc7b6a864b5767ab1db718bc447463</span></a></span><span lang="EN-US"

style=

"font-family:"Arial",sans-serif;color:black"> </span><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">— Motion

Ends —</span></b><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">This ballot

proposes a Final Maintenance Guideline. The procedure for approval

of this ballot is as follows:</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">Discussion

(57 days)</span></b><span lang="EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">- Start:

2024-05-20 14:30:00 UTC</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">- End:

2024-07-15 15:29:59 UTC</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang=

"EN-US"><o:p> </o:p></span></p>

<p style="margin:0cm"><b><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">Vote for

approval (7 days)</span></b><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">- Start:

2024-07-15 15:30:00 UTC</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p style="margin:0cm"><span lang="EN-US" style=

"font-family:"Arial",sans-serif;color:black">- End:

2024-07-22 15:30:00 UTC</span><span lang=

"EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang=

"EN-US"><o:p> </o:p></span></p>

</div>

<table class="MsoNormalTable" border="0" cellspacing="3"

cellpadding="0">

<tbody>

<tr>

<td style="background:white;padding:.75pt .75pt .75pt .75pt"></td>

</tr>

</tbody>

</table>

<p class="MsoNormal"><span lang=

"EN-US"><o:p> </o:p></span></p>

</div>

<B><BR><BR><font size="-1">本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件.

如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. 

<BR>Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited.  Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.</font></B></body>

</html>