<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
My key point was that this is a very important use case to add to our list and that we should always be encouraging the use of encryption - no matter what the mechanisms may be. Also I specifically avoided getting into the details of the varying CA authentication
mechanisms and business models. While the recent email on potential innovation of the CA biz has been interesting its clearly out of scope for this WG.
<div class=""><br class="">
</div>
<div class="">Alex</div>
<div class=""><br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Aug 15, 2016, at 3:58 PM, Ayden Férdeline <<a href="mailto:icann@ferdeline.com" class="">icann@ferdeline.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<p class="MsoNormal"><span lang="EN-GB" style="mso-ansi-language:EN-GB" class="">The key point I was raising was that there isn’t a difference between the encryption keys of domain-validated certificates, be they issued by Let’s Encrypt or a paid CA. The level
of encryption is the same. That being said, I would like to return to my question about the use case itself: how could the CAs accomplish their desired task if, theoretically, the RDS could not accommodate their needs in the same manner that the WHOIS protocol
does at present? </span><br class="">
</p>
<div class="">- Ayden</div>
<div class="protonmail_signature_block">
<div class=""><br class="">
</div>
</div>
<blockquote class="protonmail_quote" type="cite">
<div class="">-------- Original Message --------<br class="">
</div>
<div class="">Subject: Re: [gnso-rds-pdp-wg] Use case for WHOIS/RDP<br class="">
</div>
<div class="">Local Time: August 15, 2016 11:48 PM<br class="">
</div>
<div class="">UTC Time: August 15, 2016 10:48 PM<br class="">
</div>
<div class="">From: <a href="mailto:gregshatanipc@gmail.com" class="">gregshatanipc@gmail.com</a><br class="">
</div>
<div class="">To: <a href="mailto:Geoffrey_Noakes@symantec.com" class="">Geoffrey_Noakes@symantec.com</a><br class="">
</div>
<div class=""><a href="mailto:Alex_Deacon@mpaa.org" class="">Alex_Deacon@mpaa.org</a>,<a href="mailto:icann@ferdeline.com" class="">icann@ferdeline.com</a>,<a href="mailto:Dean_Coclin@symantec.com" class="">Dean_Coclin@symantec.com</a>,<a href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><br class="">
</div>
<div class=""><br class="">
</div>
<div dir="ltr" class="">
<div style="font-family:verdana,sans-serif" class="gmail_default">I see that Geoff has provided some actual facts, to replace both your speculation and mine. That should improve everyone's understanding of this use case.<br class="">
</div>
<div style="font-family:verdana,sans-serif" class="gmail_default"><br class="">
</div>
<div style="font-family:verdana,sans-serif" class="gmail_default">I'll let Alex and/or Geoff respond on the difference between various types and levels of certificates, including the difference in value. I don't think anyone but you implied that there's no
difference between a free Let's Encrypt certificate and a $399 Symantec certificate, in spite of your attempt to hang that on Alex. A little research shows quite a number of "value added" differences. That said, Let's Encrypt does seem to be quite a disruptive
force in the certificate market, but I don't see the relevance of that to our study of this use case.<br class="">
</div>
<div style="font-family:verdana,sans-serif" class="gmail_default"><br class="">
</div>
<div style="font-family:verdana,sans-serif" class="gmail_default">Greg<br class="">
</div>
</div>
<div class="gmail_extra">
<div class=""><br class="">
</div>
<div class="gmail_quote">
<div class="">On Mon, Aug 15, 2016 at 6:25 PM, Geoffrey Noakes <span dir="ltr" class="">
<<a href="mailto:Geoffrey_Noakes@symantec.com" class="">Geoffrey_Noakes@symantec.com</a>></span> wrote:<br class="">
</div>
<blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex" class="gmail_quote">
<div lang="EN-US" class="">
<div class="">
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Ayden, the “types of checks” done for SSL/TLS certs fall into 3 categories:<u class=""></u><u class=""></u></span></span></span><br class="">
</p>
<p class=""><u class=""></u><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Symbol" class="font"><span style="font-size:11pt" class="size"><span class="">·<span style="font-family:"Times New Roman"" class="font"><span style="font-size:7pt" class="size">
</span></span></span></span></span></span><u class=""></u><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">DV (domain validation): the most basic form of
authentication performed by the CA. It essentially checks to see if the application for a cert has control over the domain for which the cert will be issued.<u class=""></u><u class=""></u></span></span></span><br class="">
</p>
<p class=""><u class=""></u><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Symbol" class="font"><span style="font-size:11pt" class="size"><span class="">·<span style="font-family:"Times New Roman"" class="font"><span style="font-size:7pt" class="size">
</span></span></span></span></span></span><u class=""></u><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">OV (organization validation): the CA checks information
about the organization (e.g., the company or business entity) that has applied for the cert.<u class=""></u><u class=""></u></span></span></span><br class="">
</p>
<p class=""><u class=""></u><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Symbol" class="font"><span style="font-size:11pt" class="size"><span class="">·<span style="font-family:"Times New Roman"" class="font"><span style="font-size:7pt" class="size">
</span></span></span></span></span></span><u class=""></u><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">EV (extra validation): in addition to the OV checks,
the CA checks for whether the individual who is applying for the cert is authorized to do so.<u class=""></u><u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><u class=""></u> <u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">The processes for OV and EV authentication is defined by the CA/Browser Forum at
<a href="https://cabforum.org/extended-validation/" rel="noreferrer" class="">https://cabforum.org/extended-<wbr class="">validation/</a>.<u class=""></u><u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><u class=""></u> <u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Netcraft is a third-party organization which monitors the number of publicly-facing
SSL/TLS certs. A Netcraft report with data from July 2016 is attached – they saw ~5.5m certificates.<u class=""></u><u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><u class=""></u> <u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">It is good to think of SSL/TLS certs as being like subscriptions – they each have a
period of being valid, and they are usually renewed at the end of their periods. I am unaware of any publicly-available data on the variety of periods, but anecdotally, many are annual. Let’s Encrypt uses a 6 month period for theirs, and some are as low
as a week (these a unusual).<u class=""></u><u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><u class=""></u> <u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">I am unaware of any report that shows sales data related to SSL/TLS certs – most CAs
are either private (and do not report numbers) or are parts of larger organizations (like Symantec, where I work, and do not break out sales numbers at that level). My sense is that the SSL/TLS cert business is less than $1b/year.<u class=""></u><u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><u class=""></u> <u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Thanks…<u class=""></u><u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><u class=""></u> <u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Geoff<u class=""></u><u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><u class=""></u> <u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><u class=""></u> <u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><u class=""></u> <u class=""></u></span></span></span><br class="">
</p>
<p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><u class=""></u> <u class=""></u></span></span></span><br class="">
</p>
<div class="">
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in" class="">
<p class="MsoNormal"><b class=""><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">From:</span></span></b><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">
<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" class="">gnso-rds-pdp-wg-bounces@icann.<wbr class="">org</a> [mailto:<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" class="">gnso-rds-pdp-wg-<wbr class="">bounces@icann.org</a>]
<b class="">On Behalf Of </b>Deacon, Alex<br class="">
<b class="">Sent:</b> Monday, August 15, 2016 3:06 PM<br class="">
<b class="">To:</b> Ayden Férdeline <<a href="mailto:icann@ferdeline.com" class="">icann@ferdeline.com</a>><br class="">
<b class="">Cc:</b> <a href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a></span></span></p>
<div class="">
<div class="h5">
<div class=""><br class="">
</div>
<div class=""><b class="">Subject:</b> Re: [gnso-rds-pdp-wg] Use case for WHOIS/RDP<u class=""></u><u class=""></u><br class="">
</div>
</div>
</div>
<p class=""><br class="">
</p>
</div>
</div>
<div class="">
<div class="h5">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p class="MsoNormal">Hi Ayden, <u class=""></u><u class=""></u><br class="">
</p>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">Lets not forget that in terms of protecting user privacy the use of encryption is vital, so I believe this is an important use case. All web server certificates, no matter which flavor of CA is used (from self-signed, to free to high-end)
will result in data encryption at the transport layer. While the encryption is the same (assuming properly configured servers/clients) the difference between TLS certs is the level of authentication of the entity the server represents. <u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">Its way out of scope to dive deeper into the various CA business models, but search for Domain Validated, Organizational Validated and Extended Validated for more details on some of the various levels of “authentication”. <u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">Alex<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<div class="">
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt" class="">
<div class="">
<p class="MsoNormal">On Aug 15, 2016, at 2:41 PM, Ayden Férdeline <<a href="mailto:icann@ferdeline.com" class="">icann@ferdeline.com</a>> wrote:<u class=""></u><u class=""></u><br class="">
</p>
</div>
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<div class="">
<div class="">
<p class="MsoNormal">Thanks for this clarification, Theo. What would be the difference between these basic SSL certificates and those offered freely by, say, Let's Encrypt? (I'm just trying to get a sense of what forms of identity validation are used besides
automated WHOIS/DNS checks here, and to understand whether or not other identity checks might be economical for the Digital Certificate Authority. Thanks.)<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">- Ayden<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt" class="">
<div class="">
<p class="MsoNormal">-------- Original Message --------<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">Subject: Re: [gnso-rds-pdp-wg] Use case for WHOIS/RDP<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">Local Time: August 15, 2016 9:00 PM<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">UTC Time: August 15, 2016 8:00 PM<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">From: <a href="mailto:gtheo@xs4all.nl" class="">gtheo@xs4all.nl</a><u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">To: <a href="mailto:icann@ferdeline.com" class="">icann@ferdeline.com</a>,<a href="mailto:Geoffrey_Noakes@symantec.com" class="">Geoffrey_<wbr class="">Noakes@symantec.com</a><u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><a href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<p class="MsoNormal">Hi Ayden, <u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal">These types of SSL certificates are pretty cheap and the verification is pretty simple. Can be through a verification by email or a code in the name servers, as long you can prove control over the domain name.<u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal">The Extended Validation SSL certificates require way more verification. These are the ones you usually see for web shops and have this "green" bar in the web browser.
<u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal">Best regards, <u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal">Theo Geurts<u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">On 15-8-2016 20:16, Ayden Férdeline wrote:<u class=""></u><u class=""></u><br class="">
</p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt" class="">
<div class="">
<p class="MsoNormal">If I understand this use case correctly, when an SSL certificate is purchased, your system is sending an automated message to the registrant or the technical contact's email address as listed in WHOIS records. If the recipient of this email
clicks a URL, it validates the certificate?<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">If this is the case, I would like to understand how commonplace this practice is. Are these emails only sent once, when the certificate is initially purchased? I cannot imagine a significant volume of these certificates are purchased on
a daily basis, and I struggle to believe that there could be more than, say, 200 such certification bodies globally. If my assumptions are correct, are we talking, here, about a use case applicable to only a handful of businesses worldwide? Businesses selling
these certificates for large volumes of money?<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">The other issue I see is that there is very little verification of information in WHOIS as it stands today. To rely on the email addresses stored in WHOIS to authenticate a certificate strikes me as flawed. Would it not be more appropriate
for the Certification Authority to visit the domain name in question, call the phone number listed on their website, and to clarify with the contact that claims to have purchased your service that they have purchased your service? If the website does not list
even the number for a switchboard, perhaps that should raise red flags?<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<div class="">
<p class="MsoNormal">- Ayden <u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt" class="">
<div class="">
<p class="MsoNormal">-------- Original Message --------<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">Subject: [gnso-rds-pdp-wg] Use case for WHOIS/RDP<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">Local Time: August 15, 2016 6:40 PM<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">UTC Time: August 15, 2016 5:40 PM<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">From: <a href="mailto:Geoffrey_Noakes@symantec.com" class="">
Geoffrey_Noakes@symantec.com</a><u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">To: <a href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">I’ve attached a use case for WHOIS/RDP.<u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal"> <u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal">Thanks…<u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal"> <u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal">Geoff<u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal"> <u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal"><span class=""><span style="color:rgb(31, 73, 125)" class="colour"> </span></span><u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal"><span class=""><span style="color:rgb(31, 73, 125)" class="colour"> </span></span><u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<div class="">
<p class="MsoNormal"><b class="">From:</b> Lisa Phifer [<a href="mailto:lisa@corecom.com" class="">mailto:lisa@corecom.com</a>]
<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><b class="">Sent:</b> Monday, August 15, 2016 10:37 AM<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><b class="">To:</b> Geoffrey Noakes <a href="mailto:Geoffrey_Noakes@symantec.com" class="">
<Geoffrey_Noakes@symantec.com></a><u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><b class="">Subject:</b> RE: Use Case<u class=""></u><u class=""></u><br class="">
</p>
</div>
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p class="MsoNormal"> <u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<div class="">
<p class="MsoNormal">Hi Geoff, it's <<a href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a>><u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">For further info, see mailing list archives: <a href="http://mm.icann.org/pipermail/gnso-rds-pdp-wg/" rel="noreferrer" class="">
http://mm.icann.org/pipermail/<wbr class="">gnso-rds-pdp-wg/</a> <u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">As a WG member, you are on that mailing list, so if you're not currently receiving email from that list, please let me or the GNSO secretariat
<a href="mailto:gnso-secs@icann.org" class="">gnso-secs@icann.org</a> know.<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">Thanks again<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">Lisa<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">At 11:19 AM 8/15/2016, Geoffrey Noakes wrote:<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-bottom:12.0pt" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<div class="">
<p class="MsoNormal">Lisa, what is the “WG email list” email address?<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><b class="">From:</b> Lisa Phifer [<a href="mailto:lisa@corecom.com" class=""> mailto:lisa@corecom.com</a>]
<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><b class="">Sent:</b> Monday, August 15, 2016 10:17 AM<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><b class="">To:</b> Geoffrey Noakes <<a href="mailto:Geoffrey_Noakes@symantec.com" class="">Geoffrey_Noakes@symantec.com</a>><u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><b class="">Subject:</b> RE: Use Case<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">Thanks Geoff and welcome back. I hope you had an excellent vacation.<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">I will upload your case to the WG's table of example use cases and see that the case is included on the 23 August call agenda.<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">In addition, it is best if you would also email this example use case directly to the WG email list so that any comments that may be provided on the mailing list in advance of the call will be sent to your attention.<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">Best, Lisa<u class=""></u><u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal">At 11:11 AM 8/15/2016, you wrote:<u class=""></u><u class=""></u><br class="">
</p>
</div>
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">+Lisa (we had a side conversation about this), plus some Symantec employees who are involved in this
<u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">Chuck, I am just back from a week of PTO. I’ve attached a markup of a document originally authored by Scott Hollenbeck of VeriSign, which is essentially the use case for a CA’s use of WHOIS.
<u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">I would prefer the August 23 date – I am on jury duty the week of August 29-September 2.
<u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">Thanks… <u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">Geoff <u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">From: Gomes, Chuck [ <a href="mailto:cgomes@verisign.com" class="">
mailto:cgomes@verisign.com</a>] <u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">Sent: Monday, August 15, 2016 9:53 AM
<u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">To: Geoffrey Noakes <<a href="mailto:Geoffrey_Noakes@symantec.com" class=""> Geoffrey_Noakes@symantec.com</a>>
<u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">Cc: RDS-Leaders-List (<a href="mailto:gnso-next-gen-rds-lead@icann.org" class=""> gnso-next-gen-rds-lead@icann.<wbr class="">org</a>) <<a href="mailto:gnso-next-gen-rds-lead@icann.org" class=""> gnso-next-gen-rds-lead@icann.<wbr class="">org</a>>
<u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">Subject: Use Case <u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">Geoff, <u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">You volunteered to prepare a use case for Certificate Authorities. We hope to discuss that use case in the WG meeting on either August 23 or August 30? Which date would work better for you? In either case, we
would need the use case to be submitted to the WG list 24 hours in advance. <u class="">
</u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">Hope you are having a good vacation.
<u class=""></u><u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
<p style="margin-left:.5in" class="MsoNormal">Chuck <u class=""></u><u class=""></u><br class="">
</p>
<p class="MsoNormal"> <u class=""></u><u class=""></u><br class="">
</p>
</div>
</blockquote>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<pre class="">______________________________<wbr class="">_________________<u class=""></u><u class=""></u><br class=""></pre>
<pre class="">gnso-rds-pdp-wg mailing list<u class=""></u><u class=""></u><br class=""></pre>
<pre class=""><a href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><u class=""></u><u class=""></u><br class=""></pre>
<pre class=""><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" class="">https://mm.icann.org/mailman/<wbr class="">listinfo/gnso-rds-pdp-wg</a><u class=""></u><u class=""></u><br class=""></pre>
</blockquote>
</blockquote>
<div class="">
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
<div class=""><br class="webkit-block-placeholder">
</div>
<div class="">______________________________<wbr class="">_________________<br class="">
</div>
<div class="">gnso-rds-pdp-wg mailing list<br class="">
</div>
<div class=""><a href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><br class="">
</div>
<div class=""><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" class="">https://mm.icann.org/mailman/<wbr class="">listinfo/gnso-rds-pdp-wg</a><u class=""></u><u class=""></u><br class="">
</div>
<div class=""><br class="webkit-block-placeholder">
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><u class=""></u> <u class=""></u><br class="">
</p>
</div>
</div>
</div>
</div>
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">---------- Forwarded message ----------<br class="">
</div>
<div class="">From: Mike Prettejohn <<a href="mailto:mhp@netcraft.com" class="">mhp@netcraft.com</a>><br class="">
</div>
<div class="">To: Diana Marin Severino <<a href="mailto:Diana_Marin_Severino@symantec.com" class="">Diana_Marin_Severino@symantec.com</a>>, Sue Coakley <<a href="mailto:Sue_Coakley@symantec.com" class="">Sue_Coakley@symantec.com</a>>, Vijay NS <<a href="mailto:Vijay_NS@symantec.com" class="">Vijay_NS@symantec.com</a>>,
Sonya Perez <<a href="mailto:Sonya_Perez@symantec.com" class="">Sonya_Perez@symantec.com</a>>, Eric Lipman <<a href="mailto:Eric_Lipman@symantec.com" class="">Eric_Lipman@symantec.com</a>>, Laura Aviles <<a href="mailto:Laura_Aviles@symantec.com" class="">Laura_Aviles@symantec.com</a>>,
Jeffrey Whale <<a href="mailto:Jeffrey_Whale@symantec.com" class="">Jeffrey_Whale@symantec.com</a>>, Alex Wong <<a href="mailto:Alex_Wong@symantec.com" class="">Alex_Wong@symantec.com</a>>, Landon Borup <<a href="mailto:Landon_Borup@symantec.com" class="">Landon_Borup@symantec.com</a>>,
Alain Allen <<a href="mailto:Alain_Allen@symantec.com" class="">Alain_Allen@symantec.com</a>>, Frank Agurto-Machado <<a href="mailto:Frank_Agurto-Machado@symantec.com" class="">Frank_Agurto-Machado@symantec.com</a>>, Charlene Mike-Billstrom <<a href="mailto:Charlene_Mike-Billstrom@symantec.com" class="">Charlene_Mike-Billstrom@symantec.com</a>>,
Rick Andrews <<a href="mailto:Rick_Andrews@symantec.com" class="">Rick_Andrews@symantec.com</a>>, Anna Sampson <<a href="mailto:Anna_Sampson@symantec.com" class="">Anna_Sampson@symantec.com</a>>, Eiji Yahagi <<a href="mailto:Eiji_Yahagi@symantec.com" class="">Eiji_Yahagi@symantec.com</a>>,
Tomonori Sato <<a href="mailto:Tomonori_Sato@symantec.com" class="">Tomonori_Sato@symantec.com</a>>, Christiaan De Villiers <<a href="mailto:Christiaan_DeVilliers@symantec.com" class="">Christiaan_DeVilliers@symantec.com</a>>, Dean Coclin <<a href="mailto:Dean_Coclin@symantec.com" class="">Dean_Coclin@symantec.com</a>>,
Hari Veladanda <<a href="mailto:Hari_Veladanda@symantec.com" class="">Hari_Veladanda@symantec.com</a>>, Robert Hoblit <<a href="mailto:Robert_Hoblit@symantec.com" class="">Robert_Hoblit@symantec.com</a>>, Marisa Luke <<a href="mailto:Marisa_Luke@symantec.com" class="">Marisa_Luke@symantec.com</a>>,
Roxane Divol <<a href="mailto:Roxane_Divol@symantec.com" class="">Roxane_Divol@symantec.com</a>>, Norie Sato <<a href="mailto:Norie_Sato@symantec.com" class="">Norie_Sato@symantec.com</a>>, Masato Hayashi <<a href="mailto:Masato_Hayashi@symantec.com" class="">Masato_Hayashi@symantec.com</a>>,
DL-VSN-Data Analysis <<a href="mailto:DL-VSN-DataAnalysis@symantec.com" class="">DL-VSN-DataAnalysis@symantec.com</a>>, Bill Ng <<a href="mailto:Bill_Ng@symantec.com" class="">Bill_Ng@symantec.com</a>>, Geoffrey Noakes <<a href="mailto:Geoffrey_Noakes@symantec.com" class="">Geoffrey_Noakes@symantec.com</a>>,
Tracy Chao <<a href="mailto:Tracy_Chao@symantec.com" class="">Tracy_Chao@symantec.com</a>>, Tri Tang1 <<a href="mailto:Tri_Tang@symantec.com" class="">Tri_Tang@symantec.com</a>>, Jeff Barto <<a href="mailto:Jeff_Barto@symantec.com" class="">Jeff_Barto@symantec.com</a>>,
Theresa Garza <<a href="mailto:Theresa_Garza@symantec.com" class="">Theresa_Garza@symantec.com</a>>, Sven Skerka <<a href="mailto:Sven_Skerka@symantec.com" class="">Sven_Skerka@symantec.com</a>>, Helen Bates <<a href="mailto:Helen_Bates@symantec.com" class="">Helen_Bates@symantec.com</a>>,
Jonathan Skinner <<a href="mailto:Jonathan_Skinner@symantec.com" class="">Jonathan_Skinner@symantec.com</a>>, Kevin Brown <<a href="mailto:Kevin_Brown@symantec.com" class="">Kevin_Brown@symantec.com</a>>, Minori Nakanishi <<a href="mailto:Minori_Nakanishi@symantec.com" class="">Minori_Nakanishi@symantec.com</a>>,
"<a href="mailto:leeanne_dewit@netcraft.com" class="">leeanne_dewit@netcraft.com</a>" <<a href="mailto:leeanne_dewit@netcraft.com" class="">leeanne_dewit@netcraft.com</a>>, "<a href="mailto:antec.com@netcraft.com" class="">antec.com@netcraft.com</a>" <<a href="mailto:antec.com@netcraft.com" class="">antec.com@netcraft.com</a>>,
"<a href="mailto:tristan_fourcault@symantec.com" class="">tristan_fourcault@symantec.com</a>" <<a href="mailto:tristan_fourcault@symantec.com" class="">tristan_fourcault@symantec.com</a>>, Jun Kamimura <<a href="mailto:Jun_Kamimura@symantec.com" class="">Jun_Kamimura@symantec.com</a>>,
Shusuke Nakagawa <<a href="mailto:Shusuke_Nakagawa@symantec.com" class="">Shusuke_Nakagawa@symantec.com</a>>, Lisa Low <<a href="mailto:Lisa_Low@symantec.com" class="">Lisa_Low@symantec.com</a>>, Alejandro Borgia <<a href="mailto:Alejandro_Borgia@symantec.com" class="">Alejandro_Borgia@symantec.com</a>>,
Belinda Charleson <<a href="mailto:Belinda_Charleson@symantec.com" class="">Belinda_Charleson@symantec.com</a>>, Timothy Willey <<a href="mailto:Timothy_Willey@symantec.com" class="">Timothy_Willey@symantec.com</a>>, Wasi Wahid <<a href="mailto:Wasi_Wahid@symantec.com" class="">Wasi_Wahid@symantec.com</a>>,
Jo Ann Lambkin <<a href="mailto:JoAnn_Lambkin@symantec.com" class="">JoAnn_Lambkin@symantec.com</a>>, Abhijit Solanki <<a href="mailto:Abhijit_Solanki@symantec.com" class="">Abhijit_Solanki@symantec.com</a>>, Donald Baker <<a href="mailto:Donald_Baker@symantec.com" class="">Donald_Baker@symantec.com</a>>,
Harbir Singh <<a href="mailto:Harbir_Singh@symantec.com" class="">Harbir_Singh@symantec.com</a>>, Michael Klieman <<a href="mailto:Michael_Klieman@symantec.com" class="">Michael_Klieman@symantec.com</a>>, Takashi Abe <<a href="mailto:Takashi_Abe@symantec.com" class="">Takashi_Abe@symantec.com</a>>,
Helen Lew <<a href="mailto:Helen_Lew@symantec.com" class="">Helen_Lew@symantec.com</a>>, Jack Kato <<a href="mailto:Jack_Kato@symantec.com" class="">Jack_Kato@symantec.com</a>>, Nicolas Popp <<a href="mailto:Nicolas_Popp@symantec.com" class="">Nicolas_Popp@symantec.com</a>>,
Bartosz Begej <<a href="mailto:Bartosz_Begej@symantec.com" class="">Bartosz_Begej@symantec.com</a>>, Jon Kerr <<a href="mailto:Jon_Kerr@symantec.com" class="">Jon_Kerr@symantec.com</a>>, Roxane Jerbi <<a href="mailto:Roxane_Jerbi@symantec.com" class="">Roxane_Jerbi@symantec.com</a>>,
Tim Gallo <<a href="mailto:tim_gallo@symantec.com" class="">tim_gallo@symantec.com</a>>, Gautam Kanaparthi <<a href="mailto:Gautam_Kanaparthi@symantec.com" class="">Gautam_Kanaparthi@symantec.com</a>>, Thomas La <<a href="mailto:Thomas_La@symantec.com" class="">Thomas_La@symantec.com</a>>,
James Duff <<a href="mailto:James_Duff@symantec.com" class="">James_Duff@symantec.com</a>>, "<a href="mailto:aidan_calvert@symantec.com" class="">aidan_calvert@symantec.com</a>" <<a href="mailto:aidan_calvert@symantec.com" class="">aidan_calvert@symantec.com</a>>,
Ian McShane <<a href="mailto:Ian_Mcshane@symantec.com" class="">Ian_Mcshane@symantec.com</a>>, Yoshimasa Hiraiwa <<a href="mailto:Yoshimasa_Hiraiwa@symantec.com" class="">Yoshimasa_Hiraiwa@symantec.com</a>>, Robert Lin <<a href="mailto:Robert_Lin@symantec.com" class="">Robert_Lin@symantec.com</a>>,
Albert Cooley <<a href="mailto:Albert_Cooley@symantec.com" class="">Albert_Cooley@symantec.com</a>>, Mirco Reimann <<a href="mailto:Mirco_Reimann@symantec.com" class="">Mirco_Reimann@symantec.com</a>>, Jessica Crewse <<a href="mailto:Jessica_Crewse@symantec.com" class="">Jessica_Crewse@symantec.com</a>>,
Jason Luong <<a href="mailto:Jason_Luong@symantec.com" class="">Jason_Luong@symantec.com</a>>, Rory Tavares <<a href="mailto:Rory_Tavares@symantec.com" class="">Rory_Tavares@symantec.com</a>>, Asad Faruqui <<a href="mailto:Asad_Faruqui@symantec.com" class="">Asad_Faruqui@symantec.com</a>>,
Karina Stiller <<a href="mailto:Karina_Stiller@symantec.com" class="">Karina_Stiller@symantec.com</a>>, Pavan Bhat <<a href="mailto:Pavan_Bhat@symantec.com" class="">Pavan_Bhat@symantec.com</a>>, "<a href="mailto:jeannette_duong@symantec.c" class="">jeannette_duong@symantec.c</a>"
<<a href="mailto:jeannette_duong@symantec.c" class="">jeannette_duong@symantec.c</a>>, "<a href="mailto:om@netcraft.com" class="">om@netcraft.com</a>" <<a href="mailto:om@netcraft.com" class="">om@netcraft.com</a>>, Terri Parker <<a href="mailto:Terri_Parker@symantec.com" class="">Terri_Parker@symantec.com</a>>,
"K.J.Hari Hara Krishnan" <<a href="mailto:Hari_Krishnan@symantec.com" class="">Hari_Krishnan@symantec.com</a>>, Anna Brannan <<a href="mailto:Anna_Brannan@symantec.com" class="">Anna_Brannan@symantec.com</a>>, Graeme Watts <<a href="mailto:Graeme_Watts@symantec.com" class="">Graeme_Watts@symantec.com</a>>,
Russel Scovel <<a href="mailto:Russel_Scovel@symantec.com" class="">Russel_Scovel@symantec.com</a>>, Maren Peasley <<a href="mailto:maren_peasley@symantec.com" class="">maren_peasley@symantec.com</a>>, Tiphany Zellers <<a href="mailto:Tiphany_Zellers@symantec.com" class="">Tiphany_Zellers@symantec.com</a>>,
Randy Clark <<a href="mailto:randy_clark@symantec.com" class="">randy_clark@symantec.com</a>>, Susanne Lambert <<a href="mailto:Susanne_Lambert@symantec.com" class="">Susanne_Lambert@symantec.com</a>>, Alex Black <<a href="mailto:Alex_Black@symantec.com" class="">Alex_Black@symantec.com</a>>,
Davin Pick <<a href="mailto:Davin_Pick@symantec.com" class="">Davin_Pick@symantec.com</a>>, Akhil Verma <<a href="mailto:Akhil_Verma@symantec.com" class="">Akhil_Verma@symantec.com</a>>, Micheal Brown <<a href="mailto:Micheal_Brown@symantec.com" class="">Micheal_Brown@symantec.com</a>>,
Lee-Lin Thye <<a href="mailto:Lee-Lin_Thye@symantec.com" class="">Lee-Lin_Thye@symantec.com</a>>, Suhasini Anand <<a href="mailto:Suhasini_Anand@symantec.com" class="">Suhasini_Anand@symantec.com</a>>, Victoria Cloutier <<a href="mailto:Victoria_Cloutier@symantec.com" class="">Victoria_Cloutier@symantec.com</a>>,
Philip Antoniadis <<a href="mailto:Philip_Antoniadis@symantec.com" class="">Philip_Antoniadis@symantec.com</a>>, Ruth Singh <<a href="mailto:Ruth_Singh@symantec.com" class="">Ruth_Singh@symantec.com</a>>, Thiago Lacerda <<a href="mailto:Thiago_Lacerda@symantec.com" class="">Thiago_Lacerda@symantec.com</a>>,
"<a href="mailto:nilanjana_majumdar@symantec.com" class="">nilanjana_majumdar@symantec.com</a>" <<a href="mailto:nilanjana_majumdar@symantec.com" class="">nilanjana_majumdar@symantec.com</a>>, "Sarah Mellor (CS)" <<a href="mailto:Sarah_Mellor@symantec.com" class="">Sarah_Mellor@symantec.com</a>>,
Valerie Tsai <<a href="mailto:Valerie_Tsai@symantec.com" class="">Valerie_Tsai@symantec.com</a>>, Deepika Chauhan <<a href="mailto:Deepika_Chauhan@symantec.com" class="">Deepika_Chauhan@symantec.com</a>>, Angelique Pereira <<a href="mailto:Angelique_Pereira@symantec.com" class="">Angelique_Pereira@symantec.com</a>>,
Rachel Yokum <<a href="mailto:Rachel_Yokum@symantec.com" class="">Rachel_Yokum@symantec.com</a>>, Charlotte Pommier <<a href="mailto:Charlotte_Pommier@symantec.com" class="">Charlotte_Pommier@symantec.com</a>>, Ramana Murthy <<a href="mailto:Ramana_Murthy@symantec.com" class="">Ramana_Murthy@symantec.com</a>><br class="">
</div>
<div class="">Cc: <br class="">
</div>
<div class="">Date: Thu, 7 Jul 2016 16:27:35 +0000<br class="">
</div>
<div class="">Subject: Netcraft Secure Server Survey July 2016<br class="">
</div>
<div class=""><u class=""></u><br class="">
</div>
<div class="">
<table width="1000" cellspacing="0" border="0" class="">
<tbody class="">
<tr class="">
<td colspan="2" align="right" class=""><a href="http://www.twitter.com/Netcraft" rel="noreferrer" class="">Follow us on Twitter</a> &
<a href="http://www.facebook.com/Netcraft" rel="noreferrer" class="">Facebook</a><br class="">
</td>
</tr>
<tr class="">
<td width="175" class=""><a href="http://www.netcraft.com/" rel="noreferrer" class="">
<div class="image loading"><span id="cid:146790885556360@girvan.netcraft.com"><ATT00001.png></span><br class="">
</div>
</a><br class="">
</td>
<td width="825" class="">
<h1 style="font-size:1.5em;margin:0;padding:0" class="">Netcraft Secure Server Survey July 2016<br class="">
</h1>
</td>
</tr>
<tr class="">
<td style="border-bottom:#4b679f 5px solid" colspan="2" class=""><br class="">
</td>
</tr>
<tr class="">
<td valign="top" style="padding:15px 15px 15px 45px" colspan="2" class="">
<p class="">The Netcraft Secure Server Survey for July 2016 is now available.<br class="">
</p>
<p class="">You can find the data to which you subscribe at:<br class="">
</p>
<ul class="">
<li class=""><a href="https://ssl.netcraft.com/surveys/analysis/https/2016/Jul/" rel="noreferrer" class="">https://ssl.netcraft.com/<wbr class="">surveys/analysis/https/2016/<wbr class="">Jul/</a><br class="">
</li><li class=""><a href="https://ssl.netcraft.com/clients/iug3ore/symantec//Jul2016domain.csv.gz" rel="noreferrer" class="">https://ssl.netcraft.com/<wbr class="">clients/iug3ore/symantec//<wbr class="">Jul2016domain.csv.gz</a><br class="">
</li><li class=""><a href="https://ssl.netcraft.com/clients/iug3ore/symantec//Jul2016.csv.gz" rel="noreferrer" class="">https://ssl.netcraft.com/<wbr class="">clients/iug3ore/symantec//<wbr class="">Jul2016.csv.gz</a><br class="">
</li></ul>
<h3 class="">July 2016 Highlights<br class="">
</h3>
<h3 class="">July Trends<br class="">
</h3>
<p class="">Netcraft's July 2016 SSL Server Survey found 5,516,471 distinct <a href="https://ssl.netcraft.com/surveys/analysis/https/2016/Jul/glossary#valid_third_party" rel="noreferrer" class="">
valid third-party certificates</a>, representing a monthly gain of 188,016 (+3.5%).<br class="">
</p>
<p class="">Let's Encrypt gained a further 120,000 certificates in July, making up 64% of the total increase across all certificate authorities this month. This gain was enough to push Let's Encrypt into third place, with a total of 770,000 certificates.
<br class="">
</p>
<p class="">GoDaddy has fallen to fourth place after losing 4,900 certificates since last month, and now has a market share of 13.52%. GoDaddy remains significantly ahead of fifth-placed GlobalSign, leading by 406,000 certificates and 7.35 percentage points
of market share. <br class="">
</p>
<p class="">Comodo also grew significantly this month, increasing its total count of certificates by 56,000. Much of this growth can be attributed to its Western Digital and cPanel, Inc. sub-CAs . Due to the sheer volume of Let's Encrypt's growth, Comodo lost
a very small amount of market share, dropping to 30.52%, despite having the second-largest absolute gain of certificates.<br class="">
</p>
<p class="">GlobalSign lost 4,900 certificates as 12,000 Shopify, Inc. web stores replaced GlobalSign certificates with ones issued by Let's Encrypt.<br class="">
</p>
<p class="">Within the DV market, Let's Encrypt now has slightly more than half as many DV certificates as the first-placed Comodo. Although Symantec only took second place in the DV market from GoDaddy last month, it has now been relegated to third place despite
gaining 6,000 certificates and increasing its lead over GoDaddy to 25,000. <br class="">
</p>
<p class="">The DV market has seen significant change over the past 12 months: In the July 2015 survey GoDaddy was the largest issuer of DV certificates with a market share of 30.5% followed closely by Symantec and Comodo, and there were no Let's Encrypt certificates.
There are now 1.8 million more DV certificates (+73.2%) with a majority of this growth focused in just two CAs: Comodo (+871,000) and Let's Encrypt (+770,000).<br class="">
</p>
<p class="">The Extended Validation market once again saw Comodo gain the most certificates with an increase of 494. Almost all of the top ten EV certificate issuers gained certificates this month with Network Solutions being the lone exception, losing 23.
Symantec maintains its dominant market position at 48.4% market share.<br class="">
</p>
<p class="">Symantec continues to achieve the most estimated monthly revenue (<a href="https://ssl.netcraft.com/surveys/analysis/https/2016/Jul/CMatch/pricing/" rel="noreferrer" class="">using list prices</a>) from its certificates; it issued 87,000 certificates
in March to give estimated monthly revenue of $28.9 million. Comodo issued more than twice as many certificates, 205,000, yet has significantly smaller estimated revenue of $18.9 million. A majority of Symantec's revenue is derived from the much more expensive
Organisation Validated and Extended Validation certificates, markets in which Comodo plays a smaller part.<br class="">
</p>
<h4 class="">Comodo abandons attempt to trademark "Let's Encrypt"<br class="">
</h4>
<p class="">In October 2015 Comodo filed three trademark applications for "Let's Encrypt", "Comodo Let's Encrypt" and "Let's Encrypt with Comodo". All three applications were abandoned on June 24th 2016 after Let's Encrypt
<a href="https://letsencrypt.org//2016/06/23/defending-our-brand.html" rel="noreferrer" class="">
publicly pleaded</a>for Comodo to abandon its trademark application. Let's Encrypt claimed its lawyers had been requesting Comodo drop its applications since March 2016 without success.
<br class="">
</p>
<p class="">After Let's Encrypt's blog post was published, Comodo's CEO engaged with commentators on
<a href="https://forums.comodo.com/general-discussion-off-topic-anything-and-everything/shame-on-you-comodo-t115958.0.html;msg837411#msg837411" rel="noreferrer" class="">
Comodo's forum</a>alleging that Let's Encrypt had copied Comodo's 90-day certificate business model. Later in the same thread, Robin Alden confirmed that Comodo was intending to let the trademark application lapse and had no intention of pursuing them after
Let's Encrypt became operational. He explained that "Josh [Aas, the ISRG Executive Director] was wrong when he said we'd 'refused to abandon our applications'. We just hadn't told LE we would leave them to lapse."
<br class="">
</p>
<p class="">Let's Encrypt was officially announced in November 2014, almost a year before Comodo's trademark application. It issued its first certificate in September 2015, before it launched in April 2016 after a short public beta period.<br class="">
</p>
<h4 class="">ChaCha20-Poly1305 Cipher Suites<br class="">
</h4>
<p class=""><a href="https://tools.ietf.org/html/rfc7905" rel="noreferrer" class="">RFC 7905</a>, published in June 2016, specifies seven new cipher suites for TLS that combine the ChaCha20 variant of the ChaCha stream cipher with the Poly1305 one-time authenticator
method. The new cipher suites provide a replacement to the RC4 stream cipher which was
<a href="https://tools.ietf.org/html/rfc7465" rel="noreferrer" class="">prohibited for TLS</a> in February 2015 on the grounds that it no longer provided a sufficient level of security.<br class="">
</p>
<p class="">Both ChaCha20 and Poly1305 are designed with high performance in mind and the combination of the two is reportedly comparable to RC4 in speed.
<br class="">
</p>
<p class="">ChaCha20-Poly1305 isn't new; a <a href="https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04" rel="noreferrer" class="">
draft specification</a> written by Google was published in November 2013 which proposed three cipher suites. The Chrome browser has contained support for this older version of the specification since November 2013 and CloudFlare began using it in February 2015.
Some changes have been made over the course of the standardisation process which has now been completed and the RFC approved.<br class="">
</p>
<h4 class="">Apple updates App Transport Security<br class="">
</h4>
<p class="">Apple announced at its Worldwide Developer Conference (WWDC) <a href="http://devstreaming.apple.com/videos/wwdc/2016/706sgjvzkvg6rrg9icw/706/706_whats_new_in_security.pdf" rel="noreferrer" class="">
[slides]</a> that all App Store apps will be required to use App Transport Security from the start of 2017. ATS is designed to improve the security of apps by specifying
<a href="https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35" rel="noreferrer" class="">
minimum requirements</a> for the HTTP connections that they make.<br class="">
</p>
<p class="">ATS requires that all connections are HTTPS over TLS 1.2, that the cipher suite must support forward secrecy, and that the certificate must be signed using the SHA-2 hashing algorithm.<br class="">
</p>
<p class="">ATS was introduced with iOS 9 in September 2015 and is enabled by default although it is currently possible to specify that ATS should be disabled for connections to certain domains or disabled globally. After the end of 2016, exceptions to the
fundamental aspects of ATS will only be granted to Apps with valid justification – for example if you must communicate with a third-party service that you cannot control. Other exceptions, such as the requirement for perfect forward secrecy may be automatically
approved. Apple also announced the introduction of support for Certificate Transparency. In order to enforce CT, the developer must specify a list of domains for which to require CT, and in order for the check to pass Apple require proofs from at least two
CT logs. <br class="">
</p>
<h4 class="">StartCom launch and then retract StartEncrypt<br class="">
</h4>
<p class="">On 6th June, StartCom <a href="https://www.startssl.com/NewsDetails?date=20160606" rel="noreferrer" class="">
announced StartEncrypt</a>, a product designed to automatically acquire and install certificates using its StartAPI. On the 4th July,
<a href="https://www.startssl.com/NewsDetails?date=20160606" rel="noreferrer" class="">
StartCom announced</a>that StartEncrypt would be replaced with a new protocol based on ACME. ACME is undergoing IETF standardisation after being first used by Let's Encrypt.
<br class="">
</p>
<p class="">StartAPI was launched at the end of April 2016 and allowed users to programmatically acquire certificates as well as complete the validation processes required to prove domain ownership. StartEncrypt was the official client application which was
released just over a month later. The proprietary software can be used to obtain any class of certificate and install it automatically both on Windows and Linux servers.<br class="">
</p>
<p class="">A number of <a href="https://www.computest.nl/blog/startencrypt-considered-harmful-today/" rel="noreferrer" class="">
serious issues</a> have already been discovered since the release of the initial version of the StartEncrypt client, these allowed a user to gain valid SSL certificates by tampering with the URL used to verify control of a domain. StartCom was quick to respond
to this issue, taking the API offline on the same day that the issue was disclosed and issuing an updated client less than a week later.<br class="">
</p>
<p class="">The issues lay with the way in which ownership of the domain was verified. In order to prove domain ownership the user must upload a file to a specified path on the domain, but the path used could be specified by the user, the check also followed
redirects and didn't verify the file type of the response it received. Combined these issues led to users being able to acquire a valid certificate for any website that allowed file uploading or contained an open redirect, examples include sites such as Dropbox,
GitHub, Facebook, PayPal and Google. While the vulnerability was demonstrated with a proof of concept, there is no evidence that the API was mis-used or certificates issued for domains which the applicant did not control.<br class="">
</p>
<p class=""><a href="https://www.startssl.com/NewsDetails?date=20160323" rel="noreferrer" class="">Another bug</a>in the StartEncrypt system meant that certificates issued using the program were not logged to Certificate Transparency servers. StartCom had stated
that all of its SSL certificates would be published to CT logs as of 23rd March.
<br class="">
</p>
<h4 class="">Let's Encrypt leak user email addresses<br class="">
</h4>
<p class="">On the 11th June an automated email script designed to alert users of an update to Let's Encrypt's subscriber agreement accidentally also leaked the email addresses of 7,617 users. The script prepended the email addresses of the users it had already
emailed to the beginning of the message.<br class="">
</p>
<p class="">Let's Encrypt were alerted to the mistake 33 minutes after the emails began to send and subsequently stopped the script after it had sent 7,618 emails, 1.9% of the total it was expected to send.<br class="">
</p>
<p class="">An <a href="https://community.letsencrypt.org/t/email-address-disclosures-preliminary-report-june-11-2016/16867" rel="noreferrer" class="">
initial statement</a> by Josh Aas the Executive Director of ISRG was published less than two hours after the incident originally occurred with a
<a href="https://community.letsencrypt.org/t/email-address-disclosures-june-11-2016/17025" rel="noreferrer" class="">
longer analysis</a> following on the 14th June.<br class="">
</p>
<h4 class="">Symantec acquire Blue Coat<br class="">
</h4>
<p class="">Symantec has agreed to acquire the market leading web security company
<a href="https://www.symantec.com/en/uk/about/newsroom/press-releases/2016/symantec_0612_01" rel="noreferrer" class="">
Blue Coat for $4.65 billion</a>. The deal will see Blue Coat CEO Greg Clark appointed as the new CEO of Symantec, the post is currently vacant following Mike Brown's departure in April.<br class="">
</p>
<p class="">The acquisition will boost Symantec's enterprise security offerings and is expected to mean that
<a href="http://www.reuters.com/article/us-bluecoat-m-a-symantec-idUSKCN0YZ0BM" rel="noreferrer" class="">
62% of the company's revenue</a> will be derived from the enterprise security market.<br class="">
</p>
<p class="">Blue Coat and Symantec recently <a href="http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/" rel="noreferrer" class="">
made headlines</a> after Symantec issued an intermediate CA certificate for Blue Coat Public Services. Blue Coat creates security systems that include the capability to man-in-the-middle encrypted traffic, designed for use in corporate networks. Some reports
of the use of Blue Coat systems by foreign governments have prompted criticism, although Blue Coat has consistently denied having any direct involvement.<br class="">
</p>
<p class="">The existence of the sub-CA was incorrectly reported as allowing Blue Coat the ability to create trusted certificates for arbitrary domains; however,
<a href="http://www.symantec.com/connect/blogs/symantec-protocol-keeps-private-keys-its-control" rel="noreferrer" class="">
Symantec confirmed</a> that "private keys for the Blue Coat Intermediate CA were in Symantec's control at all times" and "the only certificates that could be issued from this Intermediate CA were limited solely to ones for the
<a href="http://bluecoat.com/" rel="noreferrer" class="">bluecoat.com</a> domain.".<br class="">
</p>
<h4 class="">Other News<br class="">
</h4>
<ul class="">
<li class="">Microsoft <a href="https://support.microsoft.com/en-us/kb/3161639" rel="noreferrer" class="">
update cipher suites</a> for IE and Edge.<br class="">
</li><li class="">Mozilla adding support for <a href="https://cabforum.org/2016/05/25/2016-05/" rel="noreferrer" class="">
reading from Windows Cert Stores</a> to Firefox.<br class="">
</li><li class="">GitHub Pages <a href="https://github.com/blog/2186-https-for-github-pages" rel="noreferrer" class="">
officially support HTTPS</a> and new sites enforce it.<br class="">
</li><li class="">Amazon is now HTTPS site wide.<br class="">
</li><li class="">UK government <a href="https://gdstechnology.blog.gov.uk/2016/06/28/updating-our-security-guidelines-for-digital-services/" rel="noreferrer" class="">
updates security guidelines</a> to enforce HTTPS, HSTS and DMARC by October 2016.<br class="">
</li><li class="">Microsoft Edge adds support for <a href="https://blogs.windows.com/msedgedev/2016/06/15/building-a-faster-and-more-secure-web-with-tcp-fast-open-tls-false-start-and-tls-1-3/" rel="noreferrer" class="">
TLS False Start and TCP Fast Open</a>.<br class="">
</li></ul>
</td>
</tr>
<tr class="">
<td colspan="2" align="center" class="">
<div class="">Copyright © Netcraft 2016. All Rights Reserved. <br class="">
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div class=""><br class="">
</div>
<div class="">______________________________<wbr class="">_________________<br class="">
</div>
<div class="">gnso-rds-pdp-wg mailing list<br class="">
</div>
<div class=""><a href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><br class="">
</div>
<div class=""><a rel="noreferrer" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" class="">https://mm.icann.org/mailman/<wbr class="">listinfo/gnso-rds-pdp-wg</a><br class="">
</div>
</blockquote>
</div>
</div>
</blockquote>
<div class=""><br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</body>
</html>