<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font face="Calibri">Actalis votes "Yes"<br>
<br>
<br>
<br>
</font>
<div class="moz-cite-prefix">Il 04/06/2014 10:52, Miskovic Peter ha
scritto:<br>
</div>
<blockquote
cite="mid:799f104e88f140fc8c843d2adcf3c3a3@DISIGEX.disig.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line862, li.line862, div.line862
{mso-style-name:line862;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US">Disig votes
„Yes“.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US">Peter
Miskovic<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a>
[<a class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Ben Wilson<br>
<b>Sent:</b> Thursday, May 22, 2014 7:59 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Subject:</b> [cabfpub] Ballot 120<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Kirk
Hall of TrendMicro made the following motion and Jeremy
Rowley of DigiCert and Cecilia Kam of Symantec have endorsed
it:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><u><span
lang="EN-US">Ballot 120 - Affiliate Authority to Verify
Domain<o:p></o:p></span></u></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><u><span
lang="EN-US"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal"><b><u><span lang="EN-US">Reasons for
proposed ballot<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Ballot 72 in May 2012
reorganized the EV Guidelines by moving certain definitions
and common provisions to the Baseline Requirements and
replacing them with cross references to the Baseline
Requirements. In July 2013, Ballot 104 was a similar
replacement with a cross reference to avoid unnecessary
duplication between the two sets of guidelines , but it
inadvertently removed domain verification through a parent
or subsidiary from EV Guidelines Sec. 11.6.2 (now
renumbered as EVGL 11.6.1), which had listed it as part of
the allowed verification process. Ballot 104 essentially
deleted the separately listed EVGL 11.6.2 methods for
verifying domain ownership, and instead inserted a
cross-reference to the methods of verifying domain ownership
in BR 11.1.1 (except for subsection (7) – “any other method
of confirmation” – which was not deemed reliable enough for
EV).
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">There was no discussion
to indicate that the removal was intentional, and no one
caught the mistake during the review period. (If you want
to see EVGL 11.6.2 before the changes deleting the former
parent/subsidiary language, see <a moz-do-not-send="true"
href="https://cabforum.org/wp-content/uploads/EV-V1_4_2.pdf">https://cabforum.org/wp-content/uploads/EV-V1_4_2.pdf</a>.)
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Because Ballot 104
inadvertently wiped out the ability to rely on
parent-subsidiary/affiliate ownership of domains for all
types of certs, previously only found in EVGL 11.6.2, the EV
WG determined that corrections to both the EVGL and BR are
needed. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">“Affiliate” was copied
over to the BR definitions and removed from the EVGL, but
other related definitions were not. We allow use of
“affiliate” data for EV vetting in other contexts, and many
CAs have applied the parent-subsidiary/affiliate rule in
former EVGL 11.6.2 to vetting domains for both DV and OV
certs, on the grounds that some companies have specially
designated affiliates for holding intellectual property,
like domain names, and also if the domain vetting method was
good enough for EV certs, it was good enough for DV and OV
certs as well.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Ballot 120 would simply
restore the prior rule of former EVGL 11.6.2, inadvertently
wiped out by Ballot 104, and fix the copying and updating of
definitions that were not done in Ballot 72. This will
clarify that (1) domain ownership by a parent, subsidiary,
or affiliate (under both the BRs and EVGL) would again be
sufficient to let a customer obtain a certificate for its
domain, and (2) ensure the corrected rule applies to all
classes of server certs – EV, OV, and DV. Ballot 120 is not
intended to change prior approved practices for domain
confirmation.
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><u><span
lang="EN-US"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
lang="EN-US">---MOTION BEGINS---<o:p></o:p></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><u><span
lang="EN-US"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal" style="text-autospace:none"><span
lang="EN-US">The Baseline Requirements would be amended as
follows:<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
lang="EN-US">(1) MOVE definitions
</span></b><span lang="EN-US">for “Control”, “Country”,
“Parent Company,” “Sovereign State,” and “Subsidiary
Company” from the EV Guidelines to the Baseline
Requirements, and<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
lang="EN-US">
<o:p></o:p></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
lang="EN-US">DELETE the following definitions from the EV
Guidelines as redundant</span></b><span lang="EN-US">
(because the definitions already exist or will exist in the
Baseline Requirements):<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
lang="EN-US">“Control”, “Country”, “Government Entity,”
“Parent Company,” “Sovereign State,” and “Subsidiary
Company” ;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
lang="EN-US">(2) Amend BR 11.1.1 to read as follows:<o:p></o:p></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><u><span
lang="EN-US">BR 11.1.1 Authorization by Domain Name
Registrant<o:p></o:p></span></u></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><i><span
lang="EN-US"><o:p> </o:p></span></i></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US">For each Fully-Qualified Domain Name listed in
a Certificate, the CA SHALL confirm that, as of the date the
Certificate was issued, the Applicant
<b><u><span style="color:red">(or the Applicant’s Parent
Company, Subsidiary Company, or Affiliate,
collectively referred to as “Applicant” for the
purposes of this section)</span></u></b><span
style="color:red">
</span>either is the Domain Name Registrant or has control
over the FQDN by:<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US">1. Confirming the Applicant as the Domain Name
Registrant directly with the Domain Name Registrar;<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US">2. Communicating directly with the Domain Name
Registrant using an address, email, or telephone number
provided by the Domain Name Registrar;<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US">3. Communicating directly with the Domain Name
Registrant using the contact information listed in the WHOIS
record’s “registrant”, “technical”, or “administrative”
field;<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US">4. Communicating with the Domain’s
administrator using an email address created by pre-pending
‘admin’, ‘administrator’, ‘webmaster’, ‘hostmaster’, or
‘postmaster’ in the local part, followed by the at-sign
(“@”), followed by the Domain Name, which may be formed by
pruning zero or more components from the requested FQDN;<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US">5. Relying upon a Domain Authorization
Document;<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US">6. Having the Applicant demonstrate practical
control over the FQDN by making an agreed-upon change to
information found on an online Web page identified by a
uniform resource identifier containing the FQDN; or<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US">7. Using any other method of confirmation,
provided that the CA maintains documented evidence that the
method of confirmation establishes that the Applicant is the
Domain Name Registrant or has control over the FQDN to at
least the same level of assurance as those methods
previously described. ***
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="page-break-after:avoid;text-autospace:none"><b><span
lang="EN-US">(3) Amend EVGL 11.6.1(1) to read as follows:<o:p></o:p></span></b></p>
<p class="MsoNormal"
style="page-break-after:avoid;text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><u><span
lang="EN-US">EVGL 11.6.1 Verification Requirements
<o:p></o:p></span></u></p>
<p class="MsoNormal"
style="margin-left:18.0pt;page-break-after:avoid;text-autospace:none">
<span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="margin-left:18.0pt;text-autospace:none"><span
lang="EN-US">(1) For each Fully-Qualified Domain Name listed
in a Certificate, the CA SHALL confirm that, as of the date
the Certificate was issued, the Applicant
<b><u><span style="color:red">(or the Applicant’s Parent
Company, Subsidiary Company, or Affiliate,
collectively referred to as “Applicant” for the
purposes of this section)</span></u></b><span
style="color:red">
</span>either is the Domain Name Registrant or has control
over the FQDN using a procedure specified in Section 11.1.1
of the Baseline Requirements, except that a CA MAY NOT
verify a domain using the procedure described 11.1.1(7). ***<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
lang="EN-US">---MOTION ENDS---<o:p></o:p></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></b></p>
<p class="line874"><span lang="EN-US">The review period for this
ballot shall commence at 2200 UTC on Thursday, May 22, 2014,
and will close at 2200 UTC on Thursday, May 29, 2014.
<o:p></o:p></span></p>
<p class="line874"><span lang="EN-US">Unless the motion is
withdrawn during the review period, the voting period will
start immediately thereafter and will close at 2200 UTC on
Thursday, June 5, 2014. Votes must be cast by posting an
on-list reply to this thread.
<o:p></o:p></span></p>
<p class="line874"><span lang="EN-US">A vote in favor of the
motion must indicate a clear 'yes' in the response.
<o:p></o:p></span></p>
<p class="line874"><span lang="EN-US">A vote against must
indicate a clear 'no' in the response.
<o:p></o:p></span></p>
<p class="line874"><span lang="EN-US">A vote to abstain must
indicate a clear 'abstain' in the response. Unclear
responses will not be counted.
<o:p></o:p></span></p>
<p class="line874"><span lang="EN-US">The latest vote received
from any representative of a voting member before the close
of the voting period will be counted.
<o:p></o:p></span></p>
<p class="line862"><span lang="EN-US">Voting members are listed
here: <a moz-do-not-send="true"
href="https://cabforum.org/members/">
https://cabforum.org/members/</a> <o:p></o:p></span></p>
<p class="line874"><span lang="EN-US">In order for the motion to
be adopted, two thirds or more of the votes cast by members
in the CA category and more than one half of the votes cast
by members in the browser category must be in favor. Quorum
is currently six (6) members– at least six members must
participate in the ballot, either by voting in favor, voting
against, or by abstaining for the vote to be valid.
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><span
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>