<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I updated the email subject to make the ballot easier to follow.
Please comment on this email thread instead of the other.<br>
<br>
<blockquote cite="mid:542C8FC1.2000503@digicert.com" type="cite">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span>
<div class="moz-forward-container">
<div class="WordSection1">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi
everyone, <br>
</p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">This
is the ballot from the EV working group that attempts to
clarify the language in 11.14 (11.13 previous to the
verified method of communication ballot) without changing
any of the requirements. Previous section 11.13 was poorly
organized with lots of semi-conflicting statements on when
data re-verification was required. Changes were not tracked
in this ballot as every single section was moved or
rewritten, making any comparison futile.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">---------<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b>Ballot
123 – Reuse of Information</b><o:p></o:p></p>
<p>Revised Section 11.14 (previous 11.13) <o:p></o:p></p>
<p class="MsoNormal">Jeremy Rowley of DigiCert made the
following motion, and Cecilia Kam of Symantec and Joanna Fox
of GoDaddy have endorsed it. <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Motion
Begins<o:p></o:p></p>
<p>Section 11.14 is amended to read as follows:<o:p></o:p></p>
<p class="line874"><b>11.14 Requirements on the Re-use of
Documentation </b><o:p></o:p></p>
<p class="line874">For each EV Certificate Request, including
requests to renew existing EV Certificates, the CA MUST
perform all authentication and verification tasks required
by these Guidelines to ensure that the request is properly
authorized by the Applicant and that the information in the
EV Certificate is still accurate and valid. This section
sets forth the age limitations on for the use of
documentation collected by the CA. <o:p></o:p></p>
<p class="line874"><b>11.14.1 Validation For Existing
Subscribers </b><o:p></o:p></p>
<p class="line874">If an Applicant has a currently valid EV
Certificate issued by the CA, a CA MAY rely on its prior
authentication and verification of: <o:p></o:p></p>
<p class="line874">(1) The Principal Individual verified under
Section 11.2.2 (4) if the individual is the same person as
verified by the CA in connection with the Applicant’s
previously issued and currently valid EV Certificate; <o:p></o:p></p>
<p class="line874">(2) The Applicant's Place of Business under
Section 11.4.1; <o:p> </o:p></p>
<p class="line874">(3) The Applicant’s Verified Method of
Communication required by Section 11.5, provided that the CA
verifies the communications as required by Section 11.4.2
(2)(A); <o:p></o:p></p>
<p class="line874">(4) The Applicant's Operational Existence
under Section 11.6; <o:p> </o:p></p>
<p class="line874">(5) The Name, Title, Agency, and Authority
of the Contract Signer and Certificate Approver under
Section 11.8; and <o:p></o:p></p>
<p class="line874">(6) The Applicant's right to use the
specified Domain Name under Section 11.7, provided that the
CA verifies that the WHOIS record still shows the same
registrant as when the CA verified the specified Domain Name
for the initial EV Certificate. <o:p></o:p></p>
<p class="line874"><b>11.14.2 Re-issuance Requests </b><o:p></o:p></p>
<p class="line874">A CA may rely on a previously verified
certificate request to issue a replacement certificate, so
long as the certificate being referenced was not revoked due
to fraud or other illegal conduct, if: <o:p></o:p></p>
<p class="line874">(1) The expiration date of the replacement
certificate is the same as the expiration date of the EV
Certificate that is being replaced, and <o:p></o:p></p>
<p class="line874">(2) The Subject Information of the
Certificate is the same as the Subject in the EV Certificate
that is being replaced. <o:p></o:p></p>
<p class="line874"><b>11.14.3 Age of Validated Data </b><o:p></o:p></p>
<p class="line874">(1) Except for reissuance of an EV
Certificate under Section 11.14.2 and except when permitted
otherwise under Section 11.14.1, the age of all data used to
support issuance of an EV Certificate (before revalidation
is required) SHALL NOT exceed the following limits: <o:p></o:p></p>
<p class="line874">(A) Legal existence and identity – thirteen
months; <o:p></o:p></p>
<p class="line874">(B) Assumed name – thirteen months; <o:p></o:p></p>
<p class="line874">(C) Address of Place of Business – thirteen
months; <o:p></o:p></p>
<p class="line874">(D) Applicant's telephone number – thirteen
months; <o:p></o:p></p>
<p class="line874">(E) Operational existence – thirteen
months; <o:p></o:p></p>
<p class="line874">(F) Domain Name – thirteen months; <o:p></o:p></p>
<p class="line874">(G) Name, Title, Agency, and Authority–
thirteen months, unless a contract between the CA and the
Applicant specifies a different term, in which case, the
term specified in such contract controls. For example, the
contract MAY include the perpetual assignment of EV roles
until revoked by the Applicant or CA, or until the contract
expires or is terminated. <o:p></o:p></p>
<p class="line874">(2) The thirteen-month period set forth
above SHALL begin to run on the date the information was
collected by the CA. <o:p></o:p></p>
<p class="line874">(3) The CA MAY reuse a previously submitted
EV Certificate Request, Subscriber Agreement, or Terms of
Use, including use of a single EV Certificate Request in
support of multiple EV Certificates containing the same
Subject, to the extent permitted under Sections 11.9 and
11.10. <o:p></o:p></p>
<p class="line874">(4) The CA MUST repeat the verification
processes required in these Guidelines for any information
obtained outside the time limits specified above except when
permitted otherwise under section 11.14.1. <o:p></o:p></p>
<p class="MsoNormal">Motion Ends <o:p></o:p></p>
<p class="line874">-----<br>
The review period for this ballot shall commence at 2200 UTC
on October 2 2014, and will close at 2200 UTC on October 9,
2014. Unless the motion is withdrawn during the review
period, the voting period will start immediately thereafter
and will close at 2200 UTC on October 16, 2014. Votes must
be cast by posting an on-list reply to this thread. <o:p></o:p></p>
<p class="line862">A vote in favor of the motion must indicate
a clear 'yes' in the response. A vote against must indicate
a clear 'no' in the response. A vote to abstain must
indicate a clear 'abstain' in the response. Unclear
responses will not be counted. The latest vote received from
any representative of a voting member before the close of
the voting period will be counted. Voting members are listed
here: <a moz-do-not-send="true"
href="https://cabforum.org/members/">https://cabforum.org/members/</a>
<o:p></o:p></p>
<p class="MsoNormal">In order for the motion to be adopted,
two thirds or more of the votes cast by members in the CA
category and greater than 50% of the votes cast by members
in the browser category must be in favor. Also, at least
seven members must participate in the ballot, either by
voting in favor, voting against, or abstaining. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D"><o:p> </o:p></span><br>
</p>
</div>
</div>
</blockquote>
<br>
</body>
</html>