<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe Script \,sans-serif";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
p.gmail-m9096286012020023584msolistparagraph, li.gmail-m9096286012020023584msolistparagraph, div.gmail-m9096286012020023584msolistparagraph
{mso-style-name:gmail-m_9096286012020023584msolistparagraph;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle25
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:766803798;
mso-list-template-ids:-1465723860;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:830173263;
mso-list-template-ids:-1786631016;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:1704404245;
mso-list-template-ids:-1487611144;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Thanks for the feedback.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Yes I wrote that section intending a mailbox re-verification at each cert issuance.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>But I appreciate the arguments in favor of having a re-use period for that first verification, particularly in cases where certs may be periodically reissued, or when multiple certs are to be issued at the same time (as in the case of split signing and encryption certs).<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I will adapt that proposed text.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>As you may have noticed in Doug’s email, we have now made the draft SMIME BR public at <a href="https://github.com/srdavidson/smime/tree/PreSBR">https://github.com/srdavidson/smime/tree/PreSBR</a> in a “PreSBR” branch, which you can view or Watch. It’s in active development now and this will be the working version of the SBR; it will be pulled into the cabf-smime repository later when the dust settles.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Best regards, Stephen<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Smcwg-public <smcwg-public-bounces@cabforum.org> <b>On Behalf Of </b>Doug Beattie via Smcwg-public<br><b>Sent:</b> Tuesday, February 23, 2021 12:48 PM<br><b>To:</b> Tim Hollebeek <tim.hollebeek@digicert.com>; Dimitris Zacharopoulos (HARICA) <dzacharo@harica.gr>; SMIME Certificate Working Group <smcwg-public@cabforum.org>; Wendy Brown - QT3LB-C <wendy.brown@gsa.gov><br><b>Subject:</b> Re: [Smcwg-public] Methods for email verification<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Tim – I Agree.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>My initial question that started this thread was asking about this statement in section 3.2.2.2.2: <a href="https://github.com/srdavidson/smime/blob/PreSBR/SBR.md#32222--validating-control-over-email-address-via-email">https://github.com/srdavidson/smime/blob/PreSBR/SBR.md#32222--validating-control-over-email-address-via-email</a><o:p></o:p></p><ul type=disc><li class=gmail-m9096286012020023584msolistparagraph style='mso-list:l2 level1 lfo3'>Completed validations of Applicant control over the email address must be performed <u>for each Certificate issuance</u>.<o:p></o:p></li></ul><p class=MsoNormal>This sounds like you can’t re-use the email box validation at all, so I wanted to see if we can clarify that. We don’t have the same statement in the prior section 3.2.2.2.1 <a href="https://github.com/srdavidson/smime/blob/PreSBR/SBR.md#32221--validating-authority-over-email-address-via-domain">https://github.com/srdavidson/smime/blob/PreSBR/SBR.md#32221--validating-authority-over-email-address-via-domain</a> and assume normal re-use of domain validation applies there.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Wendy Brown asked a similar question to see if they same validation can be used for issuance of 2 certs (signing and encryption). If we take the words in 3.2.2.2.2 literally, the answer is no.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>If we remove that line in the spec, then both question are resolved, but does issuing a second cert to the same email address WITHOUT verifying the email address reduce security? In all cases of domain/email validation re-use, you must make sure it’s the same subscriber. This might be done via sending an email (most logical and surely compliant), but there may be service providers that host and are the Applicant/Subscriber on behalf of the owner of the mailbox. Does the mail box owner need to click a link every time the service provider creates a new cert for them? When the Enterprise does not want to hand over full control to issue certs for ALL mailboxes within that domain, it needs to be done at the mail box level with the mail box owner in the loop. Permitting re-use of the email box level validation provides some value.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Doug<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com">tim.hollebeek@digicert.com</a>> <br><b>Sent:</b> Tuesday, February 23, 2021 11:30 AM<br><b>To:</b> Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr">dzacharo@harica.gr</a>>; SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a>>; Wendy Brown - QT3LB-C <<a href="mailto:wendy.brown@gsa.gov">wendy.brown@gsa.gov</a>>; Doug Beattie <<a href="mailto:doug.beattie@globalsign.com">doug.beattie@globalsign.com</a>><br><b>Subject:</b> RE: [Smcwg-public] Methods for email verification<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Right, we should follow the CABF validation reuse rules. I.e. as long as they’re both issued within the validation reuse timeframe, the second can reuse the first’s validation.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>One of the annoying things is that CABF policies and traditional PKI policies say basically the same thing in two different ways.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Traditional PKIs have no provisions for reuse of validation, but define issuance categories like “renewal” and “replacement” that have pared-down validation and issuance rules based on the existence of a previously issued certificate with the same validated information.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>CABF PKIs forbid “renewal”, etc and treat everything as a new issuance, but have validation reuse requirements that in practice … tend to have exactly the same effect. You can renew (etc) a certificate without having to completely redo the validation for previously validated information.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>It’s mostly just tomayto tomahto, but it is a pain for PKIs that span both worlds.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>-Tim<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org">smcwg-public-bounces@cabforum.org</a>> <b>On Behalf Of </b>Dimitris Zacharopoulos (HARICA) via Smcwg-public<br><b>Sent:</b> Sunday, February 21, 2021 5:17 AM<br><b>To:</b> Wendy Brown - QT3LB-C <<a href="mailto:wendy.brown@gsa.gov">wendy.brown@gsa.gov</a>>; SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a>>; Doug Beattie <<a href="mailto:doug.beattie@globalsign.com">doug.beattie@globalsign.com</a>><br><b>Subject:</b> Re: [Smcwg-public] Methods for email verification<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On 18/2/2021 6:25 μ.μ., Wendy Brown - QT3LB-C via Smcwg-public wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>also could a single validation of the email address be used for issuance of both the signature & encryption certs in the case of the dual certs vs single cert case?<br clear=all><o:p></o:p></p></div></blockquote><p class=MsoNormal style='margin-bottom:12.0pt'><br>That makes perfect sense to me.<br><br>Validations in general should be allowed to be reused as it is allowed in other Certificate types. <br><br><br>Dimitris.<o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><div><div><div><div><div><div><div><div><div><div><p><span style='font-family:"Segoe Script \,sans-serif"'>Wendy</span><o:p></o:p></p><p><span style='font-size:9.5pt'>Wendy Brown<br>Supporting GSA FPKI<br>Protiviti Government Services</span><o:p></o:p></p><p> 703-965-2990 (cell)<o:p></o:p></p><p><a href="mailto:wendy.brown@gsa.gov" target="_blank"><span style='font-size:9.5pt'>wendy.brown@gsa.gov</span></a><br><a href="mailto:wendy.brown@protiviti.com" target="_blank">wendy.brown@protiviti.com</a><o:p></o:p></p></div></div></div></div></div></div></div></div></div></div></div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Thu, Feb 18, 2021 at 10:54 AM Doug Beattie via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hi Stephen,<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I’m not sure I agree with this statement in section 3.2.2.2.2 Validating control over email address via email<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><ul type=disc><li class=gmail-m9096286012020023584msolistparagraph style='mso-list:l2 level1 lfo3'>Completed validations of Applicant control over the email address must be performed <u>for each Certificate issuance</u>.<o:p></o:p></li></ul><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I’d like to permit re-use of that validation over and over for the re-use period for that subscriber if possible. Is there a reason we preclude that? For example, an email gateway provider might validate this email address and then want to replace certificates more frequently than 397 days, but this would require emails to the email box to act on that.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Doug<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>From:</b> Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org" target="_blank">smcwg-public-bounces@cabforum.org</a>> <b>On Behalf Of </b>Stephen Davidson via Smcwg-public<br><b>Sent:</b> Wednesday, February 17, 2021 6:02 PM<br><b>To:</b> SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org" target="_blank">smcwg-public@cabforum.org</a>><br><b>Subject:</b> [Smcwg-public] Methods for email verification<o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hello all:<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Following our discussion on the call today, I attach draft text for section 3.2.2.2 of the SMIME BR (SBR) that deals with 1) Validating authority over email address via domain and 2) Validating control over email address via email.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>It aims to fulfill the requirements of the Mozilla policy. It includes comments with some questions that require further discussion. Additional methods can be addressed in future versions of the SBR.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Many thanks for Doug and Sebastian at GlobalSign for their help in drafting this. We’ll discuss this in a future meeting, but feel free to also provide feedback here.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Many thanks, Stephen<o:p></o:p></p></div></div><p class=MsoNormal>_______________________________________________<br>Smcwg-public mailing list<br><a href="mailto:Smcwg-public@cabforum.org" target="_blank">Smcwg-public@cabforum.org</a><br><a href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" target="_blank">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p></o:p></p></blockquote></div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><pre>_______________________________________________<o:p></o:p></pre><pre>Smcwg-public mailing list<o:p></o:p></pre><pre><a href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a><o:p></o:p></pre><pre><a href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p></o:p></pre></blockquote><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>