<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">ANF AC votes YES<br>
<div class="moz-signature">
<p><img src="cid:part1.06090705.05030406@anf.es" alt="ANF
Autoridad de Certificación"></p>
<b>Enric Castillo</b><br>
Director Técnico<br>
+34 626818285<br>
+593 0 987684866<br>
ANF Autoridad de Certificación<br>
<a style="color: #007fa9;" href="https://www.anf.es">www.anf.es</a><br>
<br>
<b>Aviso</b>
<p style="font-size: x-small;">Este mensaje se dirige
exclusivamente a su destinatario y puede contener información
privilegiada o confidencial y/o datos de carácter personal,
cuya difusión está regulada por la Ley Orgánica de Protección
de Datos y la Ley de Servicios de la Sociedad de la
Información. Si usted no es el destinatario indicado (o el
responsable de la entrega al mismo), no debe copiar o entregar
este mensaje a terceros bajo ningún concepto. Si ha recibido
este mensaje por
error o lo ha conseguido por otros medios, le rogamos que nos
lo comunique inmediatamente por esta misma vía y proceda a su
eliminación irreversible. Las opiniones,
conclusiones y demás informaciones incluidas en este mensaje
que no estén relacionadas con asuntos profesionales de ANF
Autoridad de Certificación no están respaldadas por la
empresa.
</p>
</div>
El 22/05/2014 12:58, Ben Wilson escribió:<br>
</div>
<blockquote cite="mid:022e01cf75e7$75444fa0$5fcceee0$@digicert.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line862, li.line862, div.line862
{mso-style-name:line862;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Kirk Hall of
TrendMicro made the following motion and Jeremy Rowley of
DigiCert and Cecilia Kam of Symantec have endorsed it:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><u>Ballot
120 - Affiliate Authority to Verify Domain<o:p></o:p></u></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><u><o:p><span
style="text-decoration:none"> </span></o:p></u></b></p>
<p class="MsoNormal"><b><u>Reasons for proposed ballot<o:p></o:p></u></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Ballot 72 in May 2012 reorganized the EV
Guidelines by moving certain definitions and common provisions
to the Baseline Requirements and replacing them with cross
references to the Baseline Requirements. In July 2013,
Ballot 104 was a similar replacement with a cross reference to
avoid unnecessary duplication between the two sets of
guidelines , but it inadvertently removed domain verification
through a parent or subsidiary from EV Guidelines Sec. 11.6.2
(now renumbered as EVGL 11.6.1), which had listed it as part
of the allowed verification process. Ballot 104 essentially
deleted the separately listed EVGL 11.6.2 methods for
verifying domain ownership, and instead inserted a
cross-reference to the methods of verifying domain ownership
in BR 11.1.1 (except for subsection (7) – “any other method of
confirmation” – which was not deemed reliable enough for
EV). <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There was no discussion to indicate that
the removal was intentional, and no one caught the mistake
during the review period. (If you want to see EVGL 11.6.2
before the changes deleting the former parent/subsidiary
language, see <a moz-do-not-send="true"
href="https://cabforum.org/wp-content/uploads/EV-V1_4_2.pdf">https://cabforum.org/wp-content/uploads/EV-V1_4_2.pdf</a>.)
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Because Ballot 104 inadvertently wiped out
the ability to rely on parent-subsidiary/affiliate ownership
of domains for all types of certs, previously only found in
EVGL 11.6.2, the EV WG determined that corrections to both the
EVGL and BR are needed. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">“Affiliate” was copied over to the BR
definitions and removed from the EVGL, but other related
definitions were not. We allow use of “affiliate” data for
EV vetting in other contexts, and many CAs have applied the
parent-subsidiary/affiliate rule in former EVGL 11.6.2 to
vetting domains for both DV and OV certs, on the grounds that
some companies have specially designated affiliates for
holding intellectual property, like domain names, and also if
the domain vetting method was good enough for EV certs, it was
good enough for DV and OV certs as well.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Ballot 120 would simply restore the prior
rule of former EVGL 11.6.2, inadvertently wiped out by Ballot
104, and fix the copying and updating of definitions that were
not done in Ballot 72. This will clarify that (1) domain
ownership by a parent, subsidiary, or affiliate (under both
the BRs and EVGL) would again be sufficient to let a customer
obtain a certificate for its domain, and (2) ensure the
corrected rule applies to all classes of server certs – EV,
OV, and DV. Ballot 120 is not intended to change prior
approved practices for domain confirmation. <o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b><u><o:p><span
style="text-decoration:none"> </span></o:p></u></b></p>
<p class="MsoNormal" style="text-autospace:none"><b>---MOTION
BEGINS---<o:p></o:p></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><u><o:p><span
style="text-decoration:none"> </span></o:p></u></b></p>
<p class="MsoNormal" style="text-autospace:none">The Baseline
Requirements would be amended as follows:<o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b>(1) MOVE
definitions </b>for “Control”, “Country”, “Parent Company,”
“Sovereign State,” and “Subsidiary Company” from the EV
Guidelines to the Baseline Requirements, and<o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b>
<o:p></o:p></b></p>
<p class="MsoNormal" style="text-autospace:none"><b>DELETE the
following definitions from the EV Guidelines as redundant</b>
(because the definitions already exist or will exist in the
Baseline Requirements):<o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal" style="text-autospace:none">“Control”,
“Country”, “Government Entity,” “Parent Company,” “Sovereign
State,” and “Subsidiary Company” ;<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b>(2) Amend BR
11.1.1 to read as follows:<o:p></o:p></b></p>
<p class="MsoNormal" style="text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><u>BR 11.1.1
Authorization by Domain Name Registrant<o:p></o:p></u></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><i><o:p> </o:p></i></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none">For each
Fully-Qualified Domain Name listed in a Certificate, the CA
SHALL confirm that, as of the date the Certificate was issued,
the Applicant <b><u><span style="color:red">(or the
Applicant’s Parent Company, Subsidiary Company, or
Affiliate, collectively referred to as “Applicant” for
the purposes of this section)</span></u></b><span
style="color:red"> </span>either is the Domain Name
Registrant or has control over the FQDN by:<o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none">1. Confirming
the Applicant as the Domain Name Registrant directly with the
Domain Name Registrar;<o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none">2. Communicating
directly with the Domain Name Registrant using an address,
email, or telephone number provided by the Domain Name
Registrar;<o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none">3. Communicating
directly with the Domain Name Registrant using the contact
information listed in the WHOIS record’s “registrant”,
“technical”, or “administrative” field;<o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none">4. Communicating
with the Domain’s administrator using an email address created
by pre-pending ‘admin’, ‘administrator’, ‘webmaster’,
‘hostmaster’, or ‘postmaster’ in the local part, followed by
the at-sign (“@”), followed by the Domain Name, which may be
formed by pruning zero or more components from the requested
FQDN;<o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none">5. Relying upon
a Domain Authorization Document;<o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none">6. Having the
Applicant demonstrate practical control over the FQDN by
making an agreed-upon change to information found on an online
Web page identified by a uniform resource identifier
containing the FQDN; or<o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none">7. Using any
other method of confirmation, provided that the CA maintains
documented evidence that the method of confirmation
establishes that the Applicant is the Domain Name Registrant
or has control over the FQDN to at least the same level of
assurance as those methods previously described. *** <o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal" style="text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"
style="page-break-after:avoid;text-autospace:none"><b>(3)
Amend EVGL 11.6.1(1) to read as follows:<o:p></o:p></b></p>
<p class="MsoNormal"
style="page-break-after:avoid;text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none"><u>EVGL 11.6.1
Verification Requirements <o:p></o:p></u></p>
<p class="MsoNormal"
style="margin-left:.25in;page-break-after:avoid;text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"
style="margin-left:.25in;text-autospace:none">(1) For each
Fully-Qualified Domain Name listed in a Certificate, the CA
SHALL confirm that, as of the date the Certificate was issued,
the Applicant <b><u><span style="color:red">(or the
Applicant’s Parent Company, Subsidiary Company, or
Affiliate, collectively referred to as “Applicant” for
the purposes of this section)</span></u></b><span
style="color:red"> </span>either is the Domain Name
Registrant or has control over the FQDN using a procedure
specified in Section 11.1.1 of the Baseline Requirements,
except that a CA MAY NOT verify a domain using the procedure
described 11.1.1(7). ***<o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b>---MOTION
ENDS---<o:p></o:p></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
style="color:#1F497D"><o:p> </o:p></span></b></p>
<p class="line874">The review period for this ballot shall
commence at 2200 UTC on Thursday, May 22, 2014, and will close
at 2200 UTC on Thursday, May 29, 2014. <o:p></o:p></p>
<p class="line874">Unless the motion is withdrawn during the
review period, the voting period will start immediately
thereafter and will close at 2200 UTC on Thursday, June 5,
2014. Votes must be cast by posting an on-list reply to this
thread. <o:p></o:p></p>
<p class="line874">A vote in favor of the motion must indicate a
clear 'yes' in the response. <o:p></o:p></p>
<p class="line874">A vote against must indicate a clear 'no' in
the response. <o:p></o:p></p>
<p class="line874">A vote to abstain must indicate a clear
'abstain' in the response. Unclear responses will not be
counted. <o:p></o:p></p>
<p class="line874">The latest vote received from any
representative of a voting member before the close of the
voting period will be counted. <o:p></o:p></p>
<p class="line862">Voting members are listed here: <a
moz-do-not-send="true" href="https://cabforum.org/members/">https://cabforum.org/members/</a>
<o:p></o:p></p>
<p class="line874">In order for the motion to be adopted, two
thirds or more of the votes cast by members in the CA category
and more than one half of the votes cast by members in the
browser category must be in favor. Quorum is currently six (6)
members– at least six members must participate in the ballot,
either by voting in favor, voting against, or by abstaining
for the vote to be valid. <o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
style="color:#1F497D"><o:p> </o:p></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>