<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"Lucida Grande";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:10.0pt;
        margin-left:.5in;
        mso-add-space:auto;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        mso-add-space:auto;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        mso-add-space:auto;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:10.0pt;
        margin-left:.5in;
        mso-add-space:auto;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:537817755;
        mso-list-type:hybrid;
        mso-list-template-ids:108555702 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:.75in;
        text-indent:-.25in;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:1.25in;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        margin-left:1.75in;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:2.25in;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:2.75in;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        margin-left:3.25in;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:3.75in;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:4.25in;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        margin-left:4.75in;
        text-indent:-9.0pt;}
@list l1
        {mso-list-id:906309261;
        mso-list-type:hybrid;
        mso-list-template-ids:1202908844 -324263522 407138680 -1829107152 1385616796 1804356714 -648890500 -2065388430 -78107550 -243101886;}
@list l1:level1
        {mso-level-number-format:bullet;
        mso-level-text:+;
        mso-level-tab-stop:.25in;
        mso-level-number-position:left;
        margin-left:.25in;
        text-indent:-.25in;
        font-family:"Lucida Grande";}
@list l1:level2
        {mso-level-number-format:bullet;
        mso-level-text:+;
        mso-level-tab-stop:.75in;
        mso-level-number-position:left;
        margin-left:.75in;
        text-indent:-.25in;
        font-family:"Lucida Grande";}
@list l1:level3
        {mso-level-number-format:bullet;
        mso-level-text:+;
        mso-level-tab-stop:1.25in;
        mso-level-number-position:left;
        margin-left:1.25in;
        text-indent:-.25in;
        font-family:"Lucida Grande";}
@list l1:level4
        {mso-level-number-format:bullet;
        mso-level-text:+;
        mso-level-tab-stop:1.75in;
        mso-level-number-position:left;
        margin-left:1.75in;
        text-indent:-.25in;
        font-family:"Lucida Grande";}
@list l1:level5
        {mso-level-number-format:bullet;
        mso-level-text:+;
        mso-level-tab-stop:2.25in;
        mso-level-number-position:left;
        margin-left:2.25in;
        text-indent:-.25in;
        font-family:"Lucida Grande";}
@list l1:level6
        {mso-level-number-format:bullet;
        mso-level-text:+;
        mso-level-tab-stop:2.75in;
        mso-level-number-position:left;
        margin-left:2.75in;
        text-indent:-.25in;
        font-family:"Lucida Grande";}
@list l1:level7
        {mso-level-number-format:bullet;
        mso-level-text:+;
        mso-level-tab-stop:3.25in;
        mso-level-number-position:left;
        margin-left:3.25in;
        text-indent:-.25in;
        font-family:"Lucida Grande";}
@list l1:level8
        {mso-level-number-format:bullet;
        mso-level-text:+;
        mso-level-tab-stop:3.75in;
        mso-level-number-position:left;
        margin-left:3.75in;
        text-indent:-.25in;
        font-family:"Lucida Grande";}
@list l1:level9
        {mso-level-number-format:bullet;
        mso-level-text:+;
        mso-level-tab-stop:4.25in;
        mso-level-number-position:left;
        margin-left:4.25in;
        text-indent:-.25in;
        font-family:"Lucida Grande";}
@list l2
        {mso-list-id:2017413486;
        mso-list-type:hybrid;
        mso-list-template-ids:-701081870 67698693 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:.25in;
        mso-level-number-position:left;
        margin-left:.25in;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l2:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l2:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l2:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l2:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l2:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l2:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l2:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l2:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>On last Friday, each CA should have received the following message. In fact, many of you have already responded to ICANN. In case you were missed, here is the email message:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>If you’ve been following recent discussions on the CAB Forum email list, then you might be aware that the CA/Browser Forum is working with ICANN to obtain CA responses to the following questions and request for data about certificates issued to non-public names (a practice that is being phased out by the CA/Browser Forum’s Baseline Requirements).  Your response to ICANN <b>BEFORE THE END OF NEXT WEEK – BY JUNE 21st</b> will be greatly appreciated, and information will be aggregated with that of all other CAs to inform ICANN’s gTLD delegation process.  ICANN has explained that individual CAs will NOT be named with any specific response to any of the questions below.  <b>Further explanation about this request appears further below.<o:p></o:p></b></p><p class=MsoNormal><b>Questions:</b><o:p></o:p></p><p class=MsoListParagraph style='margin-left:.75in;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>       </span></span><![endif]>Are any of your publicly trusted CAs allowed to issue certificates to non-public domain names?<o:p></o:p></p><p class=MsoNormal style='margin-left:.5in;text-indent:.25in'>(Y/N)        Additional response, if desired:  <o:p></o:p></p><p class=MsoListParagraphCxSpFirst style='margin-left:.75in;mso-add-space:auto'><o:p> </o:p></p><p class=MsoListParagraphCxSpLast style='margin-left:.75in;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>       </span></span><![endif]>Do you allow external third parties (subordinate/cross-signed CAs, registration agents, etc.) to approve issuance of these type of certificates under your publicly trusted root CA?  <o:p></o:p></p><p class=MsoNormal style='margin-left:.75in'>(Y/N)        Additional response, if desired:  <o:p></o:p></p><p class=MsoListParagraphCxSpFirst style='margin-left:.75in;mso-add-space:auto'><o:p> </o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>3.<span style='font:7.0pt "Times New Roman"'>       </span></span><![endif]>Do you have policies or procedures that define or restrict the issuance of certificates with non-public domain names? <o:p></o:p></p><p class=MsoListParagraphCxSpLast style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in;margin-bottom:.0001pt;mso-add-space:auto'><o:p> </o:p></p><p class=MsoNormal style='margin-left:.5in;text-indent:.25in'>(Y/N)        Additional response, if desired:  <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoListParagraphCxSpFirst style='margin-left:.75in;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>4.<span style='font:7.0pt "Times New Roman"'>       </span></span><![endif]>What issues are of concern from your CA operation's perspective with regard to the introduction of new TLDs at the root of the public DNS?<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='margin-left:.75in;mso-add-space:auto'><o:p> </o:p></p><p class=MsoListParagraphCxSpLast style='margin-left:.75in;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>5.<span style='font:7.0pt "Times New Roman"'>       </span></span><![endif]>Who from your CA will communicate with people in ICANN to discuss these issues from your perspective and that of your customers/constituents?  <o:p></o:p></p><p class=MsoNormal style='text-indent:.5in'>Name:  <o:p></o:p></p><p class=MsoListParagraph style='margin-bottom:0in;margin-bottom:.0001pt;mso-add-space:auto;line-height:normal'>Title:<o:p></o:p></p><p class=MsoNormal style='margin-left:.25in;text-indent:.25in'>Email Address:<o:p></o:p></p><p class=MsoNormal style='margin-left:.25in;text-indent:.25in'>Telephone number:<o:p></o:p></p><p class=MsoNormal style='margin-left:.25in;text-indent:.25in'><o:p> </o:p></p><p class=MsoListParagraphCxSpFirst style='margin-left:.75in;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>6.<span style='font:7.0pt "Times New Roman"'>       </span></span><![endif]>What recommendations can be offered for how to introduce new TLDs at the public DNS root?<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='margin-left:.75in;mso-add-space:auto'><o:p> </o:p></p><p class=MsoListParagraphCxSpLast style='margin-left:.75in;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>7.<span style='font:7.0pt "Times New Roman"'>       </span></span><![endif]>How can further coordination between ICANN and CA operators occur?<o:p></o:p></p><p class=MsoNormal><sup><o:p> </o:p></sup></p><p class=MsoListParagraphCxSpFirst style='margin-left:.75in;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>8.<span style='font:7.0pt "Times New Roman"'>       </span></span><![endif]>Do you currently issue SSL/TLS certificates with non-public/Internal names in the CN or SAN?   <o:p></o:p></p><p class=MsoListParagraphCxSpLast><o:p> </o:p></p><p class=MsoNormal style='margin-left:.75in'>(Y/N)        Additional response, if desired:  <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoListParagraphCxSpFirst style='margin-left:.75in;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>9.<span style='font:7.0pt "Times New Roman"'>       </span></span><![endif]>If you have issued any of these internal name SSL/TLS certificates, how many (total) of these certificates do you have outstanding?  <o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='margin-left:.25in;mso-add-space:auto'><o:p> </o:p></p><p class=MsoListParagraphCxSpLast style='margin-left:.75in;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>10.<span style='font:7.0pt "Times New Roman"'>   </span></span><![endif]>For these certificates, please provide a spreadsheet, table, or delimited text file with at least the following three fields:  full string of the non-public name in the CN or SAN; year of expiry; and number/count of each.  The following table is provided as an example.<o:p></o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='margin-left:41.45pt;border-collapse:collapse'><tr style='height:16.5pt'><td width=130 nowrap valign=bottom style='width:97.25pt;border-top:1.5pt;border-left:1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;border-style:solid;padding:0in 5.4pt 0in 5.4pt;height:16.5pt'><p class=MsoNormal><b><span style='color:black'>Non-public name in CN or SAN</span></b><b><span style='color:black'><o:p></o:p></span></b></p></td><td width=120 nowrap valign=bottom style='width:90.05pt;border-top:solid windowtext 1.5pt;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:16.5pt'><p class=MsoNormal><b><span style='color:black'>Certificate Expiration Year</span></b><b><span style='color:black'><o:p></o:p></span></b></p></td><td width=68 nowrap valign=bottom style='width:51.15pt;border-top:solid windowtext 1.5pt;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt;height:16.5pt'><p class=MsoNormal><b><span style='color:black'>Count</span></b><b><span style='color:black'><o:p></o:p></span></b></p></td><td width=162 nowrap valign=bottom style='width:121.5pt;border:dashed windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt;height:16.5pt'><p class=MsoNormal><b><span style='color:black'>(Optional)</span></b><b><span style='color:black'><o:p></o:p></span></b></p><p class=MsoNormal><b><span style='color:black'>Certificate type [See note]</span></b><b><span style='color:black'><o:p></o:p></span></b></p></td></tr><tr style='height:15.75pt'><td width=130 valign=bottom style='width:97.25pt;border-top:none;border-left:solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal><a href="http://www.foo.bar">www.foo.bar</a><span style='color:black'><o:p></o:p></span></p></td><td width=120 valign=bottom style='width:90.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>2013</span><span style='color:black'><o:p></o:p></span></p></td><td width=68 valign=bottom style='width:51.15pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>8</span><span style='color:black'><o:p></o:p></span></p></td><td width=162 valign=bottom style='width:121.5pt;border-top:none;border-left:none;border-bottom:dashed windowtext 1.0pt;border-right:dashed windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal><span style='color:black'>SSL/TLS</span><span style='color:black'><o:p></o:p></span></p></td></tr><tr style='height:15.75pt'><td width=130 valign=bottom style='width:97.25pt;border-top:none;border-left:solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal><a href="http://www.foo.bar">www.foo.bar</a><span style='color:black'><o:p></o:p></span></p></td><td width=120 valign=bottom style='width:90.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>2014</span><span style='color:black'><o:p></o:p></span></p></td><td width=68 valign=bottom style='width:51.15pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>6</span><span style='color:black'><o:p></o:p></span></p></td><td width=162 valign=bottom style='width:121.5pt;border-top:none;border-left:none;border-bottom:dashed windowtext 1.0pt;border-right:dashed windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal><span style='color:black'>SSL/TLS</span><span style='color:black'><o:p></o:p></span></p></td></tr><tr style='height:15.75pt'><td width=130 valign=bottom style='width:97.25pt;border-top:none;border-left:solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal><span style='color:black'>*.bar</span><span style='color:black'><o:p></o:p></span></p></td><td width=120 valign=bottom style='width:90.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>2013</span><span style='color:black'><o:p></o:p></span></p></td><td width=68 valign=bottom style='width:51.15pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>37</span><span style='color:black'><o:p></o:p></span></p></td><td width=162 valign=bottom style='width:121.5pt;border-top:none;border-left:none;border-bottom:dashed windowtext 1.0pt;border-right:dashed windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal><span style='color:black'>SSL/TLS</span><span style='color:black'><o:p></o:p></span></p></td></tr><tr style='height:15.75pt'><td width=130 valign=bottom style='width:97.25pt;border-top:none;border-left:solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal><span style='color:black'>foo.bar</span><span style='color:black'><o:p></o:p></span></p></td><td width=120 valign=bottom style='width:90.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>2014</span><span style='color:black'><o:p></o:p></span></p></td><td width=68 valign=bottom style='width:51.15pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>14</span><span style='color:black'><o:p></o:p></span></p></td><td width=162 valign=bottom style='width:121.5pt;border-top:none;border-left:none;border-bottom:dashed windowtext 1.0pt;border-right:dashed windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal><span style='color:black'>SSL/TLS</span><span style='color:black'><o:p></o:p></span></p></td></tr><tr style='height:15.75pt'><td width=130 valign=bottom style='width:97.25pt;border-top:none;border-left:solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal><span style='color:black'>bar</span><span style='color:black'><o:p></o:p></span></p></td><td width=120 valign=bottom style='width:90.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>2013</span><span style='color:black'><o:p></o:p></span></p></td><td width=68 valign=bottom style='width:51.15pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>856</span><span style='color:black'><o:p></o:p></span></p></td><td width=162 valign=bottom style='width:121.5pt;border-top:none;border-left:none;border-bottom:dashed windowtext 1.0pt;border-right:dashed windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:15.75pt'><p class=MsoNormal><span style='color:black'>SSL/TLS</span><span style='color:black'><o:p></o:p></span></p></td></tr><tr style='height:6.75pt'><td width=130 valign=bottom style='width:97.25pt;border-top:none;border-left:solid windowtext 1.0pt;border-bottom:dashed windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:6.75pt'><p class=MsoNormal><span style='color:black'>mail.foo.bar</span><span style='color:black'><o:p></o:p></span></p></td><td width=120 valign=bottom style='width:90.05pt;border-top:none;border-left:none;border-bottom:dashed windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:6.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>2015</span><span style='color:black'><o:p></o:p></span></p></td><td width=68 valign=bottom style='width:51.15pt;border-top:none;border-left:none;border-bottom:dashed windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:6.75pt'><p class=MsoNormal align=right style='text-align:right'><span style='color:black'>3</span><span style='color:black'><o:p></o:p></span></p></td><td width=162 valign=bottom style='width:121.5pt;border-top:none;border-left:none;border-bottom:dashed windowtext 1.0pt;border-right:dashed windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:6.75pt'><p class=MsoNormal><span style='color:black'>S/MIME</span><span style='color:black'><o:p></o:p></span></p></td></tr></table><p class=MsoNormal>[NOTE:  Additional information about other types of certificates will be helpful.  For instance, how many publicly trusted S/MIME / client certificates with internal (RFC-822-type) names do you have currently issued and for what names?]<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b><span style='color:black'>Further Explanation About this Information Request<o:p></o:p></span></b></p><p class=MsoNormal><span style='color:black'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:black'>Please reply to Francisco Arias and Tomofumi Okubo from ICANN with this information.  They are copied on this email and are in charge of ICANN’s study of the potential security impacts of the applied-for new-gTLD strings in relation to namespace collisions with non-delegated TLDs that may be in use in private namespaces, including their use in X.509 digital certificates.  It is critical that they have empirical data to determine how widespread the use of internal name certificates is and how likely they are to collide with the names in new gTLD applications, including the risks associated with delegating new gTLDs with names that could appear in internal name certificates issued to someone not related to the new gTLD.  By the end of next week (June 21), they need anonymous statistical data to begin ascertaining how many certificates with non-public domain names have been issued and how many are still valid in the following categories:<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:10.0pt;margin-left:.25in;text-indent:-.25in;line-height:115%;mso-list:l1 level1 lfo2'><![if !supportLists]><span style='font-family:"Lucida Grande";color:black'><span style='mso-list:Ignore'>+<span style='font:7.0pt "Times New Roman"'>        </span></span></span><![endif]><span style='color:black'>internal names used<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:10.0pt;margin-left:.25in;text-indent:-.25in;line-height:115%;mso-list:l1 level1 lfo2'><![if !supportLists]><span style='font-family:"Lucida Grande";color:black'><span style='mso-list:Ignore'>+<span style='font:7.0pt "Times New Roman"'>        </span></span></span><![endif]><span style='color:black'>certificate lifetimes<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:10.0pt;margin-left:.25in;text-indent:-.25in;line-height:115%;mso-list:l1 level1 lfo2'><![if !supportLists]><span style='font-family:"Lucida Grande";color:black'><span style='mso-list:Ignore'>+<span style='font:7.0pt "Times New Roman"'>        </span></span></span><![endif]><span style='color:black'>certificate type<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:10.0pt;margin-left:.25in;text-indent:-.25in;line-height:115%;mso-list:l1 level1 lfo2'><![if !supportLists]><span style='font-family:"Lucida Grande";color:black'><span style='mso-list:Ignore'>+<span style='font:7.0pt "Times New Roman"'>        </span></span></span><![endif]><span style='color:black'>country-of-origin<o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:.25in;mso-add-space:auto;text-indent:-.25in;mso-list:l1 level1 lfo2'><![if !supportLists]><span style='font-family:"Lucida Grande";color:black'><span style='mso-list:Ignore'>+<span style='font:7.0pt "Times New Roman"'>        </span></span></span><![endif]><span style='color:black'>organization<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Although it may be difficult to provide specifics in the last of these two categories, it is imperative that you provide the internal names and expiration dates for any SSL/TLS certificates issued with internal names.  <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>For clarification, the certificate types of primary concern:<o:p></o:p></span></p><p class=MsoListParagraphCxSpFirst style='margin-left:.25in;mso-add-space:auto;text-indent:-.25in;mso-list:l2 level1 lfo3'><![if !supportLists]><span style='font-family:Wingdings;color:black'><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'>  </span></span></span><![endif]><span style='color:black'>are publicly trusted--for example, they chain up to a public key that has been embedded or delivered as a self-signed trust anchor in any of several widely distributed OS software, browsers, such as Windows, Apple OS/iOS, Mozilla, Opera, Google, etc.  This includes certificates issued by entities who you have cross-signed by your root to provide greater ubiquity among older versions of OS and web browser software;<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:.25in;mso-add-space:auto;text-indent:-.25in;mso-list:l2 level1 lfo3'><![if !supportLists]><span style='font-family:Wingdings;color:black'><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'>  </span></span></span><![endif]><span style='color:black'>have not been revoked, or expired (especially if they do not contain <u>any</u> CDP or AIA OCSP URI), or for any other reason might be considered “valid” by an OS or similar Internet-DS-aware software; <o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:.25in;mso-add-space:auto;text-indent:-.25in;mso-list:l2 level1 lfo3'><![if !supportLists]><span style='font-family:Wingdings;color:black'><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'>  </span></span></span><![endif]><span style='color:black'>are used for SSL/TLS communication.  For example, they<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;mso-list:l2 level2 lfo3'><![if !supportLists]><span style='font-family:"Courier New";color:black'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'>   </span></span></span><![endif]><span style='color:black'>have the basic SSL certificate profile<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;mso-list:l2 level2 lfo3'><![if !supportLists]><span style='font-family:"Courier New";color:black'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'>   </span></span></span><![endif]><span style='color:black'>have EKUs for client and server TLS,  etc.<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;mso-list:l2 level2 lfo3'><![if !supportLists]><span style='font-family:"Courier New";color:black'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'>   </span></span></span><![endif]><span style='color:black'>are issued to encrypt communication between web servers, mail servers, etc. or<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;mso-list:l2 level2 lfo3'><![if !supportLists]><span style='font-family:"Courier New";color:black'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'>   </span></span></span><![endif]><span style='color:black'>otherwise indicate that the corresponding key pair may be used for such purposes;<o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:.25in;mso-add-space:auto;text-indent:-.25in;mso-list:l2 level1 lfo3'><![if !supportLists]><span style='font-family:Wingdings'><span style='mso-list:Ignore'><span style='font:7.0pt "Times New Roman"'>  </span></span></span><![endif]><span style='color:black'>contain a </span>non-public name in the CN or in one of the SAN fields.  Such as names:<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;mso-list:l2 level2 lfo3'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'>   </span></span></span><![endif]>outside of the currently defined delegated namespace that is managed  by ICANN<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;mso-list:l2 level2 lfo3'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'>   </span></span></span><![endif]>not routable by the externally routable, public DNS<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;mso-list:l2 level2 lfo3'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'>   </span></span></span><![endif]>not considered to be a fully qualified domain name (FQDN)<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in;mso-list:l2 level2 lfo3'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'>   </span></span></span><![endif]>a single, dot-less, word string, e.g. “serv1” <o:p></o:p></p><p class=MsoListParagraphCxSpLast style='text-indent:-.25in;mso-list:l2 level2 lfo3'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'>   </span></span></span><![endif]>some alphanumeric value as the CN or SAN name that is considered a hostname, netbios name, used for internal routing, etc. <o:p></o:p></p><p class=MsoNormal>If you have any further questions or concerns, contact information for Francisco Arias is as follows:<o:p></o:p></p><p class=MsoNormal><span style='color:black'>Francisco Arias<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>gTLD Registry Technical Liaison, ICANN<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Mobile: +1 310 880 6112<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Skype: farias555<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Jabber: </span><a href="mailto:farias@jabber.org">farias@jabber.org</a><span style='color:black'>, </span><a href="mailto:francisco.arias@jabber.icann.org">francisco.arias@jabber.icann.org</a><span style='color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=ES style='color:black'>PGP: 1FDE 819F 7BEC 1CB2 127E EE54 9A4D 337B D510 E397<o:p></o:p></span></p><p class=MsoNormal><span lang=ES style='color:black'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:black'>ICANN will contact you next week about the status of your response. <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'><o:p> </o:p></span></p><p class=MsoNormal>We look forward to your firm and prompt support of this important effort.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Yours sincerely,<o:p></o:p></p><p class=MsoNormal>Ben Wilson<o:p></o:p></p><p class=MsoNormal>Chair, CA/Browser Forum<o:p></o:p></p></div></body></html>