<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle23
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1695691413;
mso-list-template-ids:-1966031558;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=en-SE link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>Well, what’s the definition of control?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>If an Enterprise RA is able to perform domain <b>control</b> validation using Section 3.2.2.1 on a specific domain name, don’t they by definition have control over it, and thus are able to use Section 3.2.2.1?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><br>This seems to be a loop where, if an ERA is able to control using Section 3.2.2.1 (or 3.2.2.3), they may use 3.2.2.1 (or 3.2.2.3). If they cannot, they need to use 3.2.2.2. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=en-SE style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US>From:</span></b><span lang=EN-US> Smcwg-public <smcwg-public-bounces@cabforum.org> <b>On Behalf Of </b>Stephen Davidson via Smcwg-public<br><b>Sent:</b> Thursday, 16 February 2023 00:23<br><b>To:</b> Pedro FUENTES <pfuentes@WISEKEY.COM>; SMIME Certificate Working Group <smcwg-public@cabforum.org><br><b>Subject:</b> Re: [Smcwg-public] [EXTERNAL]- Clarifications on Section 1.3.2.1<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div style='border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt'><p class=MsoNormal style='line-height:12.0pt;background:#FAFA03'><span lang=EN-US style='font-size:10.0pt;color:black'>CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.<o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-US>Hi Pedro:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I see. So what you are describing is something like this?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Thanks for the feedback.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Best, Stephen<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>The CA MAY delegate to an Enterprise Registration Authority (RA) to verify Certificate Requests from the Enterprise RA's own organization. The CA SHALL NOT accept Certificate Requests authorized by an Enterprise RA unless the following requirements are satisfied:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='background:yellow;mso-highlight:yellow'>1. If the Certificate Request is for a `Mailbox-validated` profile, the CA SHALL confirm that the Enterprise RA has authorization or control of the requested email domain(s) in accordance with [Section 3.2.2.1](#3221-validating-authority-over-mailbox-via-domain), [Section 3.2.2.2](#3222-validating-control-over-mailbox-via-email) or [Section 3.2.2.3](#3223-validating-applicant-as-operator-of-associated-mail-servers). <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='background:yellow;mso-highlight:yellow'> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='background:yellow;mso-highlight:yellow'>2. If the Certificate Request is for an `Organization-validated` or `Sponsor-validated` profile, the CA SHALL confirm that the Enterprise RA has authorization or control of the requested email domain(s) in accordance with [Section 3.2.2.1](#3221-validating-authority-over-mailbox-via-domain) or [Section 3.2.2.3](#3223-validating-applicant-as-operator-of-associated-mail-servers). <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='background:yellow;mso-highlight:yellow'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='background:yellow;mso-highlight:yellow'>3.</span><span lang=EN-US> The CA SHALL confirm that the `subject:organizationName` name is either that of the delegated enterprise, or an Affiliate of the delegated enterprise, or that the delegated enterprise is an agent of the named Subject. For example, the CA SHALL NOT issue a Certificate containing the Subject name "XYZ Co." on the authority of Enterprise RA "ABC Co.", unless the two companies are Affiliated as defined in [Section 3.2](#32-initial-identity-validation) or "ABC Co." is the agent of "XYZ Co". This requirement applies regardless of whether the accompanying requested email domain falls within the subdomains of ABC Co.'s Registered Domain Name.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>The CA SHALL impose these limitations as a contractual requirement on the Enterprise RA and monitor compliance by the Enterprise RA in accordance with [Section 8.8](#88-review-of-delegated-parties).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>An Enterprise RA MAY also submit Certificate Requests using the `Mailbox-validated` profile for users whose email domain(s) are not under the delegated organization’s authorization or control. In this case, the CA SHALL confirm that the mailbox holder has control of the requested Mailbox Address(es) in accordance with [Section 3.2.2.2](#3222-validating-control-over-mailbox-via-email).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US>From:</span></b><span lang=EN-US> Pedro FUENTES <<a href="mailto:pfuentes@WISEKEY.COM">pfuentes@WISEKEY.COM</a>> <br><b>Sent:</b> Wednesday, February 15, 2023 5:49 PM<br><b>To:</b> Stephen Davidson <<a href="mailto:Stephen.Davidson@digicert.com">Stephen.Davidson@digicert.com</a>>; SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a>><br><b>Subject:</b> Re: [EXTERNAL]-[Smcwg-public] Clarifications on Section 1.3.2.1<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Hello,<o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-US>I missed today’s call, but as I commented by chat in the last call the main issue was that old “No 2” was a general statement for RAs issuing `Mailbox-validated` profile, without discriminating “internal” or “external” users, so the intent, as reflected in the wording of V1.0.0 was totally different to what is stated now. <o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>Said that, the new wording is much closer to what we’d have liked to see there in the first version, but I fail to understand why the ERA can’t use 3.2.2.2 also for domains they control, if they wish to do so. <o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>BR/P<o:p></o:p></span></p><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US><o:p> </o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal><span lang=EN-US>On 15 Feb 2023, at 22:16, Stephen Davidson via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a>> wrote:<o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><div><div><p class=MsoNormal><span lang=EN-US>Hello:<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><br>As discussed on the call today, here are some edits to clarify the text in Section 1.3.2.1 regarding Enterprise RA.<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_srdavidson_smime_commit_49bacdf09b3bb3b27a78ece305ec08987cbd026f%26d%3DDwMFAg%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DWYfdoRzScaol1-kBJZN-eB_a3JYZXE66C6fSI19dnM4%26s%3DNHMBpU9z__vB4mxuRsqTnGQi4UXorb-GvjEdJh7HL0I%26e%3D&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7Cfde9bf3b05934f6c412708db0faba340%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638121002100945895%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sl0tbCLuGMcHxhxuyaghbXLyvNiofoIwzmBgiLHHKr0%3D&reserved=0"><span style='color:#0563C1'>https://github.com/srdavidson/smime/commit/49bacdf09b3bb3b27a78ece305ec08987cbd026f</span></a><o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>To wit:<o:p></o:p></span></p></div><p class=MsoListParagraph style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:38.25pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US>The ERA may issue `Mailbox-validated`, `Organization-validated` or `Sponsor-validated` profiles to email domains they control (i.e., “internal”) using Section 3.2.2.1 (TLS BR methods) or Section 3.2.2.3 (DNS method)<o:p></o:p></span></p><p class=MsoListParagraph style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:38.25pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US>The ERA may request `Mailbox-validated` profiles for email domains they do NOT control (i.e., “external”) with the CA using Section 3.2.2.2 (mailbox control)<o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>I do not believe this text changes the intent of the existing v1.0.0 but rather presents a clearer description.<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>Feedback is welcomed; otherwise this will be included in an eventual cleanup ballot.<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>Regards, Stephen<o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>_______________________________________________<br>Smcwg-public mailing list<br></span><span lang=EN-US><a href="mailto:Smcwg-public@cabforum.org"><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#0563C1'>Smcwg-public@cabforum.org</span></a></span><span lang=EN-US style='font-size:9.0pt;font-family:"Helvetica",sans-serif'><br></span><span lang=EN-US><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic%26d%3DDwICAg%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DWYfdoRzScaol1-kBJZN-eB_a3JYZXE66C6fSI19dnM4%26s%3DovVhqoYDOBq5cU7-2M83J1hqeqx2y783SNtJ5c7QBU8%26e%3D&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7Cfde9bf3b05934f6c412708db0faba340%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638121002100945895%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TKIcXHwnaksKh3bXhASyLLscunJd21ILcdU3%2F1xYr2A%3D&reserved=0"><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#0563C1'>https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=WYfdoRzScaol1-kBJZN-eB_a3JYZXE66C6fSI19dnM4&s=ovVhqoYDOBq5cU7-2M83J1hqeqx2y783SNtJ5c7QBU8&e=</span></a><o:p></o:p></span></p></div></blockquote></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><div><div><div><div><div><div><div><div><div><div><div><p class=MsoNormal><b><span lang=EN-US style='font-size:8.5pt;color:#F62400'><br>WISeKey SA</span></b><span lang=EN-US><o:p></o:p></span></p><div><p class=MsoNormal><b><span lang=EN-US style='font-size:8.5pt;color:black'>Pedro Fuentes<br></span></b><span lang=EN-US style='font-size:8.5pt;color:black'>CSO - Trust Services Manager</span><span lang=EN-US style='font-size:9.0pt;color:black'><br></span><span lang=EN-US style='font-size:7.5pt;color:black'>Office: + 41 (0) 22 594 30 00<br>Mobile: + 41 (0) </span><span lang=EN-US style='font-size:10.0pt;color:black'>791 274 790</span><span lang=EN-US style='color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:7.5pt;color:black'>Address: </span><span lang=EN-US style='font-size:7.5pt'>Avenue Louis-Casaï 58 | </span><span lang=EN-US style='font-size:10.0pt'>1216 Cointrin | Switzerland</span><span lang=EN-US><o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><b><span lang=EN-US style='font-size:9.0pt;color:black'>Stay connected with <a href="https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.wisekey.com%2F&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7Cfde9bf3b05934f6c412708db0faba340%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638121002100945895%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9mI66vmGi2hVqLjMse7B6mh%2Br2apgX9%2FqtAuBWGlS3E%3D&reserved=0"><span style='color:#F62400'>WISeKey</span></a><br><br></span></b><span lang=EN-US><o:p></o:p></span></p></div><div><div><p class=MsoNormal><b><span lang=EN-US style='font-size:7.5pt;color:#78A600'>THIS IS A TRUSTED MAIL</span></b><span lang=EN-US style='font-size:7.5pt;color:#78A600'>: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks</span><span lang=EN-US style='font-size:9.0pt;color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:9.0pt;color:black'><o:p> </o:p></span></p></div><div><div><p class=MsoNormal><b><span lang=EN-US style='font-size:7.0pt;color:darkgray'>CONFIDENTIALITY: </span></b><span lang=EN-US style='font-size:7.0pt;color:darkgray'>This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender</span><span lang=EN-US style='font-size:9.0pt;color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><b><span lang=EN-US style='font-size:7.0pt;color:darkgray'>DISCLAIMER: </span></b><span lang=EN-US style='font-size:7.0pt;color:darkgray'>WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.</span><span lang=EN-US style='font-size:9.0pt;color:black'><o:p></o:p></span></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div></div></div></body></html>