<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="�" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoPlainText><b><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>PUBLIC COMMENT RELEASE OF “BASELINE REQUIREMENTS FOR THE ISSUANCE AND MANAGEMENT OF PUBLICLY-TRUSTED CERTIFICATES”<o:p></o:p></span></b></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>Members of the CA/Browser Forum (<a href="http://www.cabforum.org">http://www.cabforum.org</a>) have been collaborating over the last two years to develop baseline requirements for the issuance of SSL/TLS digital certificates that facilitate secure communication with public Web sites. <o:p></o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>The draft is at <a href="http://cabforum.org/Baseline_Requirements_Draft_30b.pdf">http://cabforum.org/Baseline_Requirements_Draft_30b.pdf</a> <o:p></o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>While the CAB Forum continues to develop and improve these “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates,” it has decided to seek public review of the current draft. During the review period (ending at the end of May 2011), the CAB Forum is seeking constructive input on potential improvements to the document.<o:p></o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>Once adopted, the Baseline Requirements will apply to the operation of all Certification Authorities that issue SSL/TLS certificates that chain up to any one of the root certificates embedded as trust anchors in publicly distributed browser software.<o:p></o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>CA and browser members of the CAB Forum acknowledge that the current version lacks provisions in some key areas, and they anticipate working in the coming months to overcome these deficiencies. Nevertheless, they see great value in adopting and enforcing an initial version covering those areas where agreement has already been achieved. For this reason, the CAB Forum welcomes well-thought-out, constructive improvements to the current draft. Proposals for more far-reaching changes will be considered. However, proposals that may significantly hold-up the adoption of common requirements for the industry must await a future revision.<o:p></o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>According to a spokesperson for the CAB Forum, “Representatives of the major browser suppliers and Internet certification authorities have long recognized the need to establish and enforce common standards for assurance across the industry. The current draft of the Baseline Requirements represents an initial step in that direction. We welcome input from others with expertise to share. And we expect to continue to enhance these requirements as the threat landscape evolves.”<o:p></o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>During the public comment period, the CAB Forum encourages discussion of the draft requirements on the Mozilla Dev-Security-Policy discussion list under a general topic of “Baseline Requirements,” or more specifically by categorizing comments and discussion by section number and discussion topic as suggested below. <o:p></o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>Additional information about enrolling on the Mozilla discussion mailing list can be found at: <a href="https://lists.mozilla.org/listinfo/dev-security-policy">https://lists.mozilla.org/listinfo/dev-security-policy</a>.<o:p></o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>The discussion can also be followed without enrolling at: <a href="http://groups.google.com/group/mozilla.dev.security.policy/topics">http://groups.google.com/group/mozilla.dev.security.policy/topics</a>. <o:p></o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>Those desiring to comment directly to all members of the CAB Forum, but not specifically for purposes of open public discussion on the Mozilla list, may send email to </span><a href="mailto:questions@cabforum.com"><span style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>questions@cabforum.com</span></a><span style='font-size:11.0pt;font-family:"Times New Roman","serif";color:black'>.</span><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Times New Roman","serif"'>During the 45-day comment period, members of the CAB Forum will also participate in discussions on the Mozilla list and will gather, and to the extent possible, respond with clarifications or proposed revisions to the appropriate public or private channel based on whether the comment was received through the Mozilla list or the CAB Forum’s questions email list. Both private and public comments received, and any resulting agreed-upon changes to the Baseline Requirements, will be posted to the CAB Forum Web site and/or to the Mozilla list.<o:p></o:p></span></p><p class=MsoListParagraph><span style='font-family:"Times New Roman","serif";color:black'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Times New Roman","serif"'>Following the close of the open comment period, the CAB Forum will take under consideration and further discuss comments that could still not be resolved during the public comment period, and a final draft version of the Baseline Requirements that incorporates clarifications or improvements will be considered for adoption by the CAB Forum. <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Times New Roman","serif"'>Following adoption of Version 1.0 of the Baseline Requirements, the CA/Browser Forum will request that all browser and relying party application software developers incorporate the Baseline Requirements into their accreditation and approval schemes as requirements for all applicants who request that a self-signed root certificate be embedded as a trust anchor in their software. <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Times New Roman","serif"'>The CAB Forum also intends that the ETSI ESI Committee and AICPA/CICA Task Force on the WebTrust Program for CAs will coordinate revisions to their respective audit standards such that the Baseline Requirements will become auditable requirements starting in June 2011.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p></div></body></html>