<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Certainly for the Server Working Group. But how about the new
general Bylaws or a new WG around S/MIME? We've said numerous times
that the Baseline Requirements apply only to SSL/TLS Certificates
and so do the WebTrust for CAs Baseline + NetSec.<br>
<br>
I recommend adding both. 1 should apply to the new Server
Certificate WG and 2 should apply to the new general Bylaws.<br>
<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 6/2/2018 9:39 μμ, Tim Hollebeek
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:MWHPR14MB137607DAA7B751532A0881C183FD0@MWHPR14MB1376.namprd14.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI Symbol \,sans-serif";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:441415494;
mso-list-type:hybrid;
mso-list-template-ids:65405346 -1370206504 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"\(%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1
{mso-list-id:707223011;
mso-list-template-ids:555224318;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:1009256683;
mso-list-template-ids:-2144552986;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext">Ok, I think
I get it.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">We should
either:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoListParagraph"
style="color:windowtext;margin-left:0in;mso-list:l0 level1
lfo4">upgrade the WebTrust requirement to “<span
style="color:black">WebTrust for CAs Baseline and NetSec”
in order to align with requiring 411-1, or</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="color:windowtext;margin-left:0in;mso-list:l0 level1
lfo4">downgrade the ETSI requirement to 401 to align with
requiring “<span style="color:black">WebTrust for CAs”.</span><o:p></o:p></li>
</ol>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Is that the
right summary?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">In this day
and age, I think (1) is the right approach.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">-Tim<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"
moz-do-not-send="true"><span style="color:windowtext"><o:p> </o:p></span></a></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in
0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> Dimitris Zacharopoulos
[<a class="moz-txt-link-freetext" href="mailto:jimmy@it.auth.gr">mailto:jimmy@it.auth.gr</a>] <br>
<b>Sent:</b> Tuesday, February 6, 2018 12:25 PM<br>
<b>To:</b> Tim Hollebeek
<a class="moz-txt-link-rfc2396E" href="mailto:tim.hollebeek@digicert.com"><tim.hollebeek@digicert.com></a>; CA/Browser Forum
Governance WG List <a class="moz-txt-link-rfc2396E" href="mailto:govreform@cabforum.org"><govreform@cabforum.org></a>;
Dean Coclin <a class="moz-txt-link-rfc2396E" href="mailto:dean.coclin@digicert.com"><dean.coclin@digicert.com></a><br>
<b>Subject:</b> Re: [cabf_governance] Ballot 206 and
documents<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 6/2/2018 9:17 μμ, Tim Hollebeek
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:windowtext">For
those of us who have historically tried hard not to
understand European regulations, but probably should
understand them better than we do, is one a superset of
the other, and if so, in which direction? If not, what
does the Venn diagram look like?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
ETSI EN 319 401 is the first level and 411 (part 1) is built
on top of 401. Here is a diagram available from the document
ETSI TR 119 400 (<a
href="https://clicktime.symantec.com/a/1/2rg4jdXEPgpG0cVYXn_7B2jFMYhRbjZ1dDZ93zj7UIU=?d=Q-_kHzd0gf5QWQHtRHrPGfKdJo-f3eGryq7gLFMOP2nmmUSSN0U7d-mlnvjACjvkLYiE5YSQEMOLG71tO_RXchqmCncqIIcrFDtBeLZUAlZrHYS8NABgkLo9xeRneXrt67GFWsXpg4qrHaH2i1WE2nD-PJw6kFVRieKZGqfvwVIHbZc847hmNDYYX1OK-hZ2RJn83ueD16yLldoF5f-b26oVHL9YP3qAYqDB1DBj5oHF-Q438yRy8rGuXF2HtuTqmKwbBBcXk0PC1tLRGSErqip7OX_iU04gunrmBr-tIKOBZoFGECMHVRiWmRxQB1S5rVsr5AWiz9-5775yk-JIHODdvIp7ftjTJD56OOQ9yrXrU-QwbxLq6ktF8tL8RuOpgVEfSg%3D%3D&u=http%3A%2F%2Fwww.etsi.org%2Fdeliver%2Fetsi_tr%2F119400_119499%2F119400%2F01.01.01_60%2Ftr_119400v010101p.pdf"
moz-do-not-send="true">http://www.etsi.org/deliver/etsi_tr/119400_119499/119400/01.01.01_60/tr_119400v010101p.pdf</a>)<br>
<br>
<img style="width:7.575in;height:4.4166in" id="_x0000_i1025"
src="cid:part3.7E312F38.D06D4DC1@it.auth.gr" class=""
height="424" width="727" border="0"><br>
<br>
I hope it is clearer now.<br>
<br>
Dimitris.<br>
<br>
<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:windowtext"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext">-Tim</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"> </span><o:p></o:p></p>
<div style="border:none;border-left:solid blue
1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> Govreform [<a
href="mailto:govreform-bounces@cabforum.org"
moz-do-not-send="true">mailto:govreform-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Dimitris Zacharopoulos via
Govreform<br>
<b>Sent:</b> Tuesday, February 6, 2018 12:10 PM<br>
<b>To:</b> Dean Coclin <a
href="mailto:dean.coclin@digicert.com"
moz-do-not-send="true"><dean.coclin@digicert.com></a>;
CA/Browser Forum Governance WG List <a
href="mailto:govreform@cabforum.org"
moz-do-not-send="true"><govreform@cabforum.org></a><br>
<b>Subject:</b> Re: [cabf_governance] Ballot 206
and documents</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 6/2/2018 9:02 μμ, Dean Coclin
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:windowtext">I’m
still confused. The requirements from browsers is
411-1.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
But the new Bylaws are not only for Browsers :-)<br>
<br>
The Server Certificates WG will require ETSI EN 319
411-1 BUT IT SHOULD ALSO require not just WebTrust for
CAs but also WebTrust for CAs Baseline and NetSec.<br>
<br>
Dimitris.<br>
<br>
<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:windowtext"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="color:windowtext">From:</span></b><span
style="color:windowtext"> Dimitris Zacharopoulos
[<a href="mailto:jimmy@it.auth.gr"
moz-do-not-send="true">mailto:jimmy@it.auth.gr</a>]
<br>
<b>Sent:</b> Tuesday, February 6, 2018 2:01 PM<br>
<b>To:</b> Dean Coclin <a
href="mailto:dean.coclin@digicert.com"
moz-do-not-send="true"><dean.coclin@digicert.com></a>;
CA/Browser Forum Governance WG List <a
href="mailto:govreform@cabforum.org"
moz-do-not-send="true"><govreform@cabforum.org></a><br>
<b>Subject:</b> Re: [cabf_governance] Ballot 206
and documents</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 6/2/2018 8:15 μμ, Dean Coclin
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:windowtext">Dimitris,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext">We
currently list ETSI 411-1. Why should we change to
401?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
411-1 covers Baseline Requirements and Network
Security Requirements, which is equal to WebTrust for
CAs Baseline and NetSec.<br>
401 covers similar items as WebTrust for CAs.<br>
<br>
Dimitris.<br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:windowtext"><br>
Dean</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="color:windowtext">From:</span></b><span
style="color:windowtext"> Govreform [<a
href="mailto:govreform-bounces@cabforum.org"
moz-do-not-send="true">mailto:govreform-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Dimitris Zacharopoulos
via Govreform<br>
<b>Sent:</b> Tuesday, February 6, 2018 12:16
PM<br>
<b>To:</b> Virginia Fournier <a
href="mailto:vfournier@apple.com"
moz-do-not-send="true"><vfournier@apple.com></a><br>
<b>Cc:</b> CA/Browser Forum Governance WG List
<a href="mailto:govreform@cabforum.org"
moz-do-not-send="true"><govreform@cabforum.org></a><br>
<b>Subject:</b> Re: [cabf_governance] Ballot
206 and documents</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 6/2/2018 6:25 μμ, Virginia
Fournier wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi Dimitris, <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Would you please let us know
what changes you’d propose to resolve the issues
you’ve mentioned below? Your changes weren’t
left out intentionally - we probably just missed
your request. Thanks. <o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><br>
Certainly. I have attached a red-lined version of
the proposed changes on the
"CABF-Bylaws-v.1.8_23-Jan-2018.doc" file, to align
the ETSI audit criteria with WebTrust. I also made a
small reference correction to the "Certificate
Consumer" definition. <br>
<br>
However, I couldn't provide an easy language fix for
the requirement 2.1 a, and I hope the WG will be
able to discuss on a future call. I will try to
highlight the problem and propose some language to
resolve the loop.<br>
<br>
Here are the current definitions:<br>
<br>
<u><span
style="font-family:"Arial",sans-serif">(1)
"Certificate Issuer</span></u><span
style="font-family:"Arial",sans-serif">:
The member organization operates a certification
authority that has a current and successful
WebTrust for CAs audit or ETSI EN 319 401 audit
report prepared by a properly-qualified auditor,
is a member of a Working Group, and that actively
issues certificates to end entities, such
certificates being treated as valid by a
Certificate Consumer Member. Applicants that are
not actively issuing certificates but otherwise
meet membership criteria may be granted Associate
Member status under Bylaw Sec. 3.1 for a period of
time to be designated by the Forum"</span> <br>
<br>
<u><span
style="font-family:"Arial",sans-serif">(2)
</span></u>"<u><span
style="font-family:"Arial",sans-serif">Root
Certificate Issuer</span></u><span
style="font-family:"Arial",sans-serif">:
The member organization operates a certification
authority that has a current and successful
WebTrust for CAs</span><span
style="font-family:"Arial",sans-serif"
lang="EN">,</span><span
style="font-family:"Arial",sans-serif">
or ETSI EN 319 401 audit report prepared by a
properly-qualified auditor, is a member of a
Working Group, and that issues certificates to
subordinate CAs that, in turn, actively issue
certificates to end entities such certificates
being treated as valid by a Certificate Consumer
Member</span><span
style="font-family:"Arial",sans-serif"
lang="EN">.</span><span
style="font-family:"Arial",sans-serif">
Applicants that are not actively issuing
certificates but otherwise meet membership
criteria may be granted Associate Member status
under Bylaw Sec. 3.1 for a period of time to be
designated by the Forum. "</span> <br>
<br>
<u><span
style="font-family:"Arial",sans-serif">(3)
</span></u>"<u><span
style="font-family:"Arial",sans-serif">Certificate
Consumer</span></u><span
style="font-family:"Arial",sans-serif">:
The member organization produces a software
product, such as a browser, intended for use by
the general public for relying upon certificates
and is a member of a Working Group"</span> <br>
<br>
First of all, since 2.1 talks about "qualifying for
Forum Membership", which I understand to mean
"Applicants", I propose we replace "member
organization" to "applicant organization". In order
to resolve the loop problem, perhaps the part of the
"Certificate Consumer" definition that talks about
software intended for use by the general public for
relying upon certificates, should be included in the
definitions of (1) and (2). <br>
<br>
Here is a suggestion for these definitions:<br>
<br>
<u><span
style="font-family:"Arial",sans-serif">(1)
"Certificate Issuer</span></u><span
style="font-family:"Arial",sans-serif">:
The applicant organization operates a
certification authority that has a current and
successful WebTrust for CAs audit or ETSI EN 319
401 audit report prepared by a properly-qualified
auditor, is a member of a Working Group, and that
actively issues certificates to end entities, such
certificates being treated as valid by a software
product, such as a browser, intended for use by
the general public for relying upon certificates.
Applicants that are not actively issuing
certificates but otherwise meet membership
criteria may be granted Associate Member status
under Bylaw Sec. 3.1 for a period of time to be
designated by the Forum"</span><br>
<br>
<u><span
style="font-family:"Arial",sans-serif">(2)
</span></u>"<u><span
style="font-family:"Arial",sans-serif">Root
Certificate Issuer</span></u><span
style="font-family:"Arial",sans-serif">:
The applicant organization operates a
certification authority that has a current and
successful WebTrust for CAs</span><span
style="font-family:"Arial",sans-serif"
lang="EN">,</span><span
style="font-family:"Arial",sans-serif">
or ETSI EN 319 401 audit report prepared by a
properly-qualified auditor, is a member of a
Working Group, and that issues certificates to
subordinate CAs that, in turn, actively issue
certificates to end entities such certificates
being treated as valid by a software product, such
as a browser, intended for use by the general
public for relying upon certificates</span><span
style="font-family:"Arial",sans-serif"
lang="EN">.</span><span
style="font-family:"Arial",sans-serif">
Applicants that are not actively issuing
certificates but otherwise meet membership
criteria may be granted Associate Member status
under Bylaw Sec. 3.1 for a period of time to be
designated by the Forum. "</span><br>
<br>
<u><span
style="font-family:"Arial",sans-serif">(3)
</span></u>"<u><span
style="font-family:"Arial",sans-serif">Certificate
Consumer</span></u><span
style="font-family:"Arial",sans-serif">:
The applicant organization produces a software
product, such as a browser, intended for use by
the general public for relying upon certificates
and is a member of a Working Group"</span><br>
<br>
<br>
Thank you,<br>
Dimitris.<br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"> <o:p></o:p></p>
<div id="AppleMailSignature">
<div>
<p class="MsoNormal">Virginia Fournier<o:p></o:p></p>
</div>
<p class="MsoNormal">Sent from my iPhone <o:p></o:p></p>
<div>
<p class="MsoNormal">Please excuse iTypos<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
On Feb 6, 2018, at 12:14 AM, Dimitris
Zacharopoulos <<a
href="mailto:jimmy@it.auth.gr"
moz-do-not-send="true">jimmy@it.auth.gr</a>>
wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
Hello all,<br>
<br>
I reviewed the diffs and the proposed
alignment between WebTrust and ETSI is not
included in the proposed Bylaws draft
(2.1a). I sent a proposal on Jan 9th (<a
href="https://clicktime.symantec.com/a/1/xRJEOuXg-y_jlF4bPlvzPYNhn8a6eit8kncIq_wfMZ8=?d=zYU90j46QxTFNxAvlm_vJ4ZGqsTgwmt8yY9zvr0ptokxsxcxPTiHyfv81qHB08VOX3rrzZExOGgmgJkxIPZh2VDCB2-WrHv3HSXYZ8Wzk09rw2zFsyEvlFL13nhb7UzygerGhghF5qQl0uKJbkrgfHeL3_MxqGdnvlA7v_LK1cQLQhJS5vIh8quuXAU7PSSJvzKot7DAJo6bZDIRpzkFwNY2W9QBa2ODpEWTq9Pgug2qPyiezauI14B6fZZzXDwU0Ivj6KGS2Dy_1JXgXrsoUU_njc0WcH8N60MzLhzfYru_KK1QzFyolSRuA_TbFD0QG9P-7dp5mSt1H1BWsQ8OFAuLGgGHPbw9v12-oYSxeZkcV1l_eqlq15pTQI-hUSzH_gt5129IW5k-Txy56XOL79S-5w%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fpipermail%2Fgovreform%2F2018-January%2F000355.html"
moz-do-not-send="true">https://cabforum.org/pipermail/govreform/2018-January/000355.html</a>)
about the Server Certificate Working Group
Charter but the concept is the same for
the Bylaws.<o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2
level1 lfo3">If we include the
requirement for "WebTrust for CAs"
audit, then the equivalent ETSI audit
should be "<b>ETSI EN 319 401</b>". This
probably fits best for the Bylaws.<o:p></o:p></li>
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2
level1 lfo3">If we include the
requirement for "WebTrust for CAs +
WebTrust Baseline + NetSec " audit, then
the equivalent ETSI audit should be
"ETSI EN 319 411-1". This probably fits
best for the Server Certificate Working
Group Charter.<o:p></o:p></li>
</ul>
<p class="MsoNormal">The old ETSI TS
standards should not be included in the
new bylaws.<br>
<br>
I was also puzzled with the following
requirement in the Bylaws (section 2.1a)
"such certificates being treated as valid
by a Certificate Consumer<b> Member</b>".
So, if a CA issues Certificates for
Digital Signatures which are trusted by
Adobe and Adobe is not a Member of the
Forum, then this CA doesn't meet the
requirements. Is this a correct
interpretation?<br>
<br>
<br>
Best regards,<br>
Dimitris.<br>
<br>
<br>
On 6/2/2018 9:15 πμ, Virginia Fournier via
Govreform wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Hi
all,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">My apologies, I
have a conflict for tomorrow’s
meeting and will not be able to
attend. I am sending what I hope
are virtually final versions of
the documents. I am sending diff
files for the Bylaws and IPR
policy, as the Word compare
function will not cooperate. The
diffs may be easier to read in the
end anyway.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">As you may have
seen from my email earlier today,
we have to cut off any new
issues, content, etc. from being
added to the ballot so we can
finalize it. From this point
forward, we need to just review
what we have, clean up typos or
any errors in the ballot, and move
it forward. With this in mind,
I’d appreciate it if you’d review
the documents attached/referenced
below to see if there are any
corrections/adjustments that need
to be made. We can keep a list of
additional issues that should be
addressed for the next ballot.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">What is the
status of the Server Certificate
WG charter? I sent some comments
to Dean/Ben - have you had
a chance to look at those? We
need the final version of that
document also to complete the
package.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">I’d like to
send the documents out early next
week and start
an “informal” discussion period of
7 days next for any questions
people may have. Does anyone see
any obstacles to doing that?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Here’s the diff
for the Bylaws (all changes since
version 1.7 shown).<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a
href="https://clicktime.symantec.com/a/1/uyKpIpWVOanrzEuutNyKQlSALyoi3PkQHMormrBAvWs=?d=zYU90j46QxTFNxAvlm_vJ4ZGqsTgwmt8yY9zvr0ptokxsxcxPTiHyfv81qHB08VOX3rrzZExOGgmgJkxIPZh2VDCB2-WrHv3HSXYZ8Wzk09rw2zFsyEvlFL13nhb7UzygerGhghF5qQl0uKJbkrgfHeL3_MxqGdnvlA7v_LK1cQLQhJS5vIh8quuXAU7PSSJvzKot7DAJo6bZDIRpzkFwNY2W9QBa2ODpEWTq9Pgug2qPyiezauI14B6fZZzXDwU0Ivj6KGS2Dy_1JXgXrsoUU_njc0WcH8N60MzLhzfYru_KK1QzFyolSRuA_TbFD0QG9P-7dp5mSt1H1BWsQ8OFAuLGgGHPbw9v12-oYSxeZkcV1l_eqlq15pTQI-hUSzH_gt5129IW5k-Txy56XOL79S-5w%3D%3D&u=https%3A%2F%2Fdraftable.com%2Fcompare%2FJHYFfXWaHGRx"
moz-do-not-send="true">https://draftable.com/compare/JHYFfXWaHGRx</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Here’s the diff
for the IPR Policy (all changes
since version 1.2 shown:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a
href="https://clicktime.symantec.com/a/1/8q3XvGqohjM8pvFAj8n2TNaDAB0so_mrZcspY58oCLE=?d=zYU90j46QxTFNxAvlm_vJ4ZGqsTgwmt8yY9zvr0ptokxsxcxPTiHyfv81qHB08VOX3rrzZExOGgmgJkxIPZh2VDCB2-WrHv3HSXYZ8Wzk09rw2zFsyEvlFL13nhb7UzygerGhghF5qQl0uKJbkrgfHeL3_MxqGdnvlA7v_LK1cQLQhJS5vIh8quuXAU7PSSJvzKot7DAJo6bZDIRpzkFwNY2W9QBa2ODpEWTq9Pgug2qPyiezauI14B6fZZzXDwU0Ivj6KGS2Dy_1JXgXrsoUU_njc0WcH8N60MzLhzfYru_KK1QzFyolSRuA_TbFD0QG9P-7dp5mSt1H1BWsQ8OFAuLGgGHPbw9v12-oYSxeZkcV1l_eqlq15pTQI-hUSzH_gt5129IW5k-Txy56XOL79S-5w%3D%3D&u=https%3A%2F%2Fdraftable.com%2Fcompare%2FQuHvYZiCAAUr"
moz-do-not-send="true">https://draftable.com/compare/QuHvYZiCAAUr</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal">=<br>
<br>
<br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Best
regards,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Virginia
Fournier</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Senior
Standards Counsel</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt"></span><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif"> Apple
Inc.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Segoe
UI Symbol \,sans-serif"">☏</span><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif">
669-227-9595</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Segoe
UI Symbol \,sans-serif"">✉︎</span><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif"> <a
href="mailto:vmf@apple.com"
moz-do-not-send="true">vmf@apple.com</a></span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On Dec 21, 2017, at
11:19 AM, Virginia Fournier via
Govreform <<a
href="mailto:govreform@cabforum.org"
moz-do-not-send="true">govreform@cabforum.org</a>>
wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">Hello all, <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Here are the
final documents for Ballot 206.
Please confirm that you’re ready
to go forward with them in January
after the holidays. Please also
let me know if you can open the
Bylaws diff file. What is the
status of the Server Certificate
WG’s charter? Thanks for
everyone’s hard work on this
project.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><CABF_Ballot206_20DEC17.docx>
<o:p></o:p></p>
<p class="MsoNormal"><CABF-IPR-Policy-v.1.3_20DEC17_clean.doc>
<o:p></o:p></p>
<p class="MsoNormal"><CABF-IPR-Policy-v.1.3_20DEC17_redline.doc>
<o:p></o:p></p>
<p class="MsoNormal"><CABF-Bylaws-v.1.8_20DEC17_clean.doc>
<o:p></o:p></p>
<p class="MsoNormal"><CABF-Governance
Change FAQ_20DEC17.docx> <o:p></o:p></p>
<p class="MsoNormal"><Bylaws DiffNow
Comparison Report.htm> <o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Best
regards,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Virginia
Fournier</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Senior
Standards Counsel</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt"></span><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif"> Apple
Inc.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Segoe UI Symbol
\,sans-serif"">☏</span><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif">
669-227-9595</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Segoe UI Symbol
\,sans-serif"">✉︎</span><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif"> <a
href="mailto:vmf@apple.com" moz-do-not-send="true">vmf@apple.com</a></span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
Govreform mailing list<br>
<a
href="mailto:Govreform@cabforum.org"
moz-do-not-send="true">Govreform@cabforum.org</a><br>
<a
href="https://clicktime.symantec.com/a/1/8rSOldnBKg8XvPcCi-8xhn3L1EZQhM_E6Wxoe2uL3ps=?d=zYU90j46QxTFNxAvlm_vJ4ZGqsTgwmt8yY9zvr0ptokxsxcxPTiHyfv81qHB08VOX3rrzZExOGgmgJkxIPZh2VDCB2-WrHv3HSXYZ8Wzk09rw2zFsyEvlFL13nhb7UzygerGhghF5qQl0uKJbkrgfHeL3_MxqGdnvlA7v_LK1cQLQhJS5vIh8quuXAU7PSSJvzKot7DAJo6bZDIRpzkFwNY2W9QBa2ODpEWTq9Pgug2qPyiezauI14B6fZZzXDwU0Ivj6KGS2Dy_1JXgXrsoUU_njc0WcH8N60MzLhzfYru_KK1QzFyolSRuA_TbFD0QG9P-7dp5mSt1H1BWsQ8OFAuLGgGHPbw9v12-oYSxeZkcV1l_eqlq15pTQI-hUSzH_gt5129IW5k-Txy56XOL79S-5w%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fgovreform"
moz-do-not-send="true">https://cabforum.org/mailman/listinfo/govreform</a><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
=<br>
<br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Govreform mailing list<o:p></o:p></pre>
<pre><a href="mailto:Govreform@cabforum.org" moz-do-not-send="true">Govreform@cabforum.org</a><o:p></o:p></pre>
<pre><a href="https://clicktime.symantec.com/a/1/8rSOldnBKg8XvPcCi-8xhn3L1EZQhM_E6Wxoe2uL3ps=?d=zYU90j46QxTFNxAvlm_vJ4ZGqsTgwmt8yY9zvr0ptokxsxcxPTiHyfv81qHB08VOX3rrzZExOGgmgJkxIPZh2VDCB2-WrHv3HSXYZ8Wzk09rw2zFsyEvlFL13nhb7UzygerGhghF5qQl0uKJbkrgfHeL3_MxqGdnvlA7v_LK1cQLQhJS5vIh8quuXAU7PSSJvzKot7DAJo6bZDIRpzkFwNY2W9QBa2ODpEWTq9Pgug2qPyiezauI14B6fZZzXDwU0Ivj6KGS2Dy_1JXgXrsoUU_njc0WcH8N60MzLhzfYru_KK1QzFyolSRuA_TbFD0QG9P-7dp5mSt1H1BWsQ8OFAuLGgGHPbw9v12-oYSxeZkcV1l_eqlq15pTQI-hUSzH_gt5129IW5k-Txy56XOL79S-5w%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fgovreform" moz-do-not-send="true">https://cabforum.org/mailman/listinfo/govreform</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</blockquote>
</div>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</blockquote>
<br>
</body>
</html>