<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hello,<div class="">I’d have a question about this.</div><div class=""><br class=""></div><div class="">How the “re-verification at each cert issuance” fits with a MPKI service for a preauthorised domain?</div><div class=""><br class=""></div><div class="">Txs/P<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 24 Feb 2021, at 00:26, Stephen Davidson via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org" class="">smcwg-public@cabforum.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Thanks for the feedback.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Yes I wrote that section intending a mailbox re-verification at each cert issuance.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">But I appreciate the arguments in favor of having a re-use period for that first verification, particularly in cases where certs may be periodically reissued, or when multiple certs are to be issued at the same time (as in the case of split signing and encryption certs).<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">I will adapt that proposed text.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">As you may have noticed in Doug’s email, we have now made the draft SMIME BR public at<a href="https://github.com/srdavidson/smime/tree/PreSBR" style="color: blue; text-decoration: underline;" class="">https://github.com/srdavidson/smime/tree/PreSBR</a><span class="Apple-converted-space"> </span>in a “PreSBR” branch, which you can view or Watch. It’s in active development now and this will be the working version of the SBR; it will be pulled into the cabf-smime repository later when the dust settles.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Best regards, Stephen<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div class=""><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0in 0in;" class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">From:</b><span class="Apple-converted-space"> </span>Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org" style="color: blue; text-decoration: underline;" class="">smcwg-public-bounces@cabforum.org</a>><span class="Apple-converted-space"> </span><b class="">On Behalf Of<span class="Apple-converted-space"> </span></b>Doug Beattie via Smcwg-public<br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Tuesday, February 23, 2021 12:48 PM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" style="color: blue; text-decoration: underline;" class="">tim.hollebeek@digicert.com</a>>; Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr" style="color: blue; text-decoration: underline;" class="">dzacharo@harica.gr</a>>; SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org" style="color: blue; text-decoration: underline;" class="">smcwg-public@cabforum.org</a>>; Wendy Brown - QT3LB-C <<a href="mailto:wendy.brown@gsa.gov" style="color: blue; text-decoration: underline;" class="">wendy.brown@gsa.gov</a>><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [Smcwg-public] Methods for email verification<o:p class=""></o:p></div></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Tim – I Agree.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">My initial question that started this thread was asking about this statement in section 3.2.2.2.2: <a href="https://github.com/srdavidson/smime/blob/PreSBR/SBR.md#32222--validating-control-over-email-address-via-email" style="color: blue; text-decoration: underline;" class="">https://github.com/srdavidson/smime/blob/PreSBR/SBR.md#32222--validating-control-over-email-address-via-email</a><o:p class=""></o:p></div><ul type="disc" style="margin-bottom: 0in;" class=""><li class="gmail-m9096286012020023584msolistparagraph" style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Completed validations of Applicant control over the email address must be performed<span class="Apple-converted-space"> </span><u class="">for each Certificate issuance</u>.<o:p class=""></o:p></li></ul><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">This sounds like you can’t re-use the email box validation at all, so I wanted to see if we can clarify that. We don’t have the same statement in the prior section 3.2.2.2.1<span class="Apple-converted-space"> </span><a href="https://github.com/srdavidson/smime/blob/PreSBR/SBR.md#32221--validating-authority-over-email-address-via-domain" style="color: blue; text-decoration: underline;" class="">https://github.com/srdavidson/smime/blob/PreSBR/SBR.md#32221--validating-authority-over-email-address-via-domain</a><span class="Apple-converted-space"> </span>and assume normal re-use of domain validation applies there.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Wendy Brown asked a similar question to see if they same validation can be used for issuance of 2 certs (signing and encryption). If we take the words in 3.2.2.2.2 literally, the answer is no.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">If we remove that line in the spec, then both question are resolved, but does issuing a second cert to the same email address WITHOUT verifying the email address reduce security? In all cases of domain/email validation re-use, you must make sure it’s the same subscriber. This might be done via sending an email (most logical and surely compliant), but there may be service providers that host and are the Applicant/Subscriber on behalf of the owner of the mailbox. Does the mail box owner need to click a link every time the service provider creates a new cert for them? When the Enterprise does not want to hand over full control to issue certs for ALL mailboxes within that domain, it needs to be done at the mail box level with the mail box owner in the loop. Permitting re-use of the email box level validation provides some value.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Doug<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div class=""><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0in 0in;" class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">From:</b><span class="Apple-converted-space"> </span>Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" style="color: blue; text-decoration: underline;" class="">tim.hollebeek@digicert.com</a>><span class="Apple-converted-space"> </span><br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Tuesday, February 23, 2021 11:30 AM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr" style="color: blue; text-decoration: underline;" class="">dzacharo@harica.gr</a>>; SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org" style="color: blue; text-decoration: underline;" class="">smcwg-public@cabforum.org</a>>; Wendy Brown - QT3LB-C <<a href="mailto:wendy.brown@gsa.gov" style="color: blue; text-decoration: underline;" class="">wendy.brown@gsa.gov</a>>; Doug Beattie <<a href="mailto:doug.beattie@globalsign.com" style="color: blue; text-decoration: underline;" class="">doug.beattie@globalsign.com</a>><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>RE: [Smcwg-public] Methods for email verification<o:p class=""></o:p></div></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Right, we should follow the CABF validation reuse rules. I.e. as long as they’re both issued within the validation reuse timeframe, the second can reuse the first’s validation.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">One of the annoying things is that CABF policies and traditional PKI policies say basically the same thing in two different ways.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Traditional PKIs have no provisions for reuse of validation, but define issuance categories like “renewal” and “replacement” that have pared-down validation and issuance rules based on the existence of a previously issued certificate with the same validated information.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">CABF PKIs forbid “renewal”, etc and treat everything as a new issuance, but have validation reuse requirements that in practice … tend to have exactly the same effect. You can renew (etc) a certificate without having to completely redo the validation for previously validated information.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">It’s mostly just tomayto tomahto, but it is a pain for PKIs that span both worlds.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">-Tim<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="border-style: none none none solid; border-left-width: 1.5pt; border-left-color: blue; padding: 0in 0in 0in 4pt;" class=""><div class=""><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0in 0in;" class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">From:</b><span class="Apple-converted-space"> </span>Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org" style="color: blue; text-decoration: underline;" class="">smcwg-public-bounces@cabforum.org</a>><span class="Apple-converted-space"> </span><b class="">On Behalf Of<span class="Apple-converted-space"> </span></b>Dimitris Zacharopoulos (HARICA) via Smcwg-public<br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Sunday, February 21, 2021 5:17 AM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>Wendy Brown - QT3LB-C <<a href="mailto:wendy.brown@gsa.gov" style="color: blue; text-decoration: underline;" class="">wendy.brown@gsa.gov</a>>; SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org" style="color: blue; text-decoration: underline;" class="">smcwg-public@cabforum.org</a>>; Doug Beattie <<a href="mailto:doug.beattie@globalsign.com" style="color: blue; text-decoration: underline;" class="">doug.beattie@globalsign.com</a>><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [Smcwg-public] Methods for email verification<o:p class=""></o:p></div></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p class=""> </o:p></p><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">On 18/2/2021 6:25 μ.μ., Wendy Brown - QT3LB-C via Smcwg-public wrote:<o:p class=""></o:p></div></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">also could a single validation of the email address be used for issuance of both the signature & encryption certs in the case of the dual certs vs single cert case?<br clear="all" class=""><o:p class=""></o:p></div></div></blockquote><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><br class="">That makes perfect sense to me.<br class=""><br class="">Validations in general should be allowed to be reused as it is allowed in other Certificate types.<span class="Apple-converted-space"> </span><br class=""><br class=""><br class="">Dimitris.<o:p class=""></o:p></p><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><p class=""><span style="font-family: "Segoe Script ,sans-serif";" class="">Wendy</span><o:p class=""></o:p></p><p class=""><span style="font-size: 9.5pt;" class="">Wendy Brown<br class="">Supporting GSA FPKI<br class="">Protiviti Government Services</span><o:p class=""></o:p></p><p class=""> 703-965-2990 (cell)<o:p class=""></o:p></p><p class=""><a href="mailto:wendy.brown@gsa.gov" target="_blank" style="color: blue; text-decoration: underline;" class=""><span style="font-size: 9.5pt;" class="">wendy.brown@gsa.gov</span></a><br class=""><a href="mailto:wendy.brown@protiviti.com" target="_blank" style="color: blue; text-decoration: underline;" class="">wendy.brown@protiviti.com</a><o:p class=""></o:p></p></div></div></div></div></div></div></div></div></div></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">On Thu, Feb 18, 2021 at 10:54 AM Doug Beattie via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org" style="color: blue; text-decoration: underline;" class="">smcwg-public@cabforum.org</a>> wrote:<o:p class=""></o:p></div></div><blockquote style="border-style: none none none solid; border-left-width: 1pt; border-left-color: rgb(204, 204, 204); padding: 0in 0in 0in 6pt; margin: 5pt 0in 5pt 4.8pt;" class=""><div class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Hi Stephen,<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">I’m not sure I agree with this statement in section 3.2.2.2.2 Validating control over email address via email<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><ul type="disc" style="margin-bottom: 0in;" class=""><li class="gmail-m9096286012020023584msolistparagraph" style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Completed validations of Applicant control over the email address must be performed<span class="Apple-converted-space"> </span><u class="">for each Certificate issuance</u>.<o:p class=""></o:p></li></ul><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">I’d like to permit re-use of that validation over and over for the re-use period for that subscriber if possible. Is there a reason we preclude that? For example, an email gateway provider might validate this email address and then want to replace certificates more frequently than 397 days, but this would require emails to the email box to act on that.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Doug<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div class=""><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0in 0in;" class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">From:</b><span class="Apple-converted-space"> </span>Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org" target="_blank" style="color: blue; text-decoration: underline;" class="">smcwg-public-bounces@cabforum.org</a>><span class="Apple-converted-space"> </span><b class="">On Behalf Of<span class="Apple-converted-space"> </span></b>Stephen Davidson via Smcwg-public<br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Wednesday, February 17, 2021 6:02 PM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org" target="_blank" style="color: blue; text-decoration: underline;" class="">smcwg-public@cabforum.org</a>><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>[Smcwg-public] Methods for email verification<o:p class=""></o:p></div></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Hello all:<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Following our discussion on the call today, I attach draft text for section 3.2.2.2 of the SMIME BR (SBR) that deals with 1) Validating authority over email address via domain and 2) Validating control over email address via email.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">It aims to fulfill the requirements of the Mozilla policy. It includes comments with some questions that require further discussion. Additional methods can be addressed in future versions of the SBR.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Many thanks for Doug and Sebastian at GlobalSign for their help in drafting this. We’ll discuss this in a future meeting, but feel free to also provide feedback here.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Many thanks, Stephen<o:p class=""></o:p></div></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">_______________________________________________<br class="">Smcwg-public mailing list<br class=""><a href="mailto:Smcwg-public@cabforum.org" target="_blank" style="color: blue; text-decoration: underline;" class="">Smcwg-public@cabforum.org</a><br class=""><a href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" target="_blank" style="color: blue; text-decoration: underline;" class="">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p class=""></o:p></div></blockquote></div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p class=""> </o:p></p><pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class="">_______________________________________________<o:p class=""></o:p></pre><pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class="">Smcwg-public mailing list<o:p class=""></o:p></pre><pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><a href="mailto:Smcwg-public@cabforum.org" style="color: blue; text-decoration: underline;" class="">Smcwg-public@cabforum.org</a><o:p class=""></o:p></pre><pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><a href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" style="color: blue; text-decoration: underline;" class="">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p class=""></o:p></pre></blockquote><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div></div></div><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">_______________________________________________</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Smcwg-public mailing list</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a href="mailto:Smcwg-public@cabforum.org" style="color: blue; text-decoration: underline; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">Smcwg-public@cabforum.org</a><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" style="color: blue; text-decoration: underline; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a></div></blockquote></div><br class=""><div class="">
<div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><font class="" style="color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><b class=""><font color="#f62400" class="" style="font-size: 11px;"><br class="Apple-interchange-newline">WISeKey SA<br class=""></font></b></font><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><font class="" style="color: rgb(0, 0, 0); font-size: 12px; font-weight: normal; font-style: normal;"><span class="" style="font-size: 11px;"><b class="">Pedro Fuentes<br class=""></b>CSO - Trust Services Manager</span><br class=""><font size="1" class="">Office: + 41 (0) 22 594 30 00<br class="">Mobile: + 41 (0) </font></font><span style="color: rgb(0, 0, 0); font-size: x-small; font-weight: normal; font-style: normal;" class="">791 274 790</span></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><font class=""><font size="1" class="">Address: 29, Rte de Pré-Bois - CP 853 | Geneva 1215 CH - Switzerland</font><br class=""><font size="1" class=""><b class="">Stay connected with <a href="http://www.wisekey.com" class=""><font color="#f62400" class="">WISeKey</font></a><br class=""></b></font></font><span class="" style="color: rgb(169, 169, 169); font-size: 10px; orphans: 2; widows: 2;"><br class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span class="" style="orphans: 2; widows: 2;"><font size="1" color="#78a600" class=""><b class="">THIS IS A TRUSTED MAIL</b>: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks</font></span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span class="" style="orphans: 2; widows: 2; font-size: 9px;"><font color="#a9a9a9" class=""><br class=""></font></span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><b class="">CONFIDENTIALITY: </b>This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender</font></div><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><br class=""></font></div><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><b class="">DISCLAIMER: </b>WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.</font></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br class=""></div></body></html>