[cabfpub] Revision to the definitoin of a QIIS

Jeremy Rowley jeremy.rowley at digicert.com
Wed Dec 18 18:08:05 MST 2013 

The following proposal is from the EV working group.  The test is a proposed
replacement for Section 11.10.5, which is the definition of a QIIS.  

 

The previous QIIS definition did not accurately capture current CA
practices. In fact, a strict reading of the existing definition prohibits
CAs from using D&B or Hoovers, which are generally regarded as accurate
information sources.  The definition below consolidates the confusing and
overlapping requirements while clarifying the QIIS verification requirements
for CAs.  The new definition permits CAs to use databases of information if
the CA has documented its process to verify the data's accuracy and the CA
knows the information is not self-reported.  

 

I'm looking for comments from those not involved in the working group along
with two endorsers who are willing to move this forward. Thanks!

 

Jeremy

 

----------------

Proposed update to EV Section 11.10.5:

 

11.10.5 Qualified Independent Information Source

A Qualified Independent Information Source (QIIS) is a regularly updated and
publicly available database that is generally  recognized as a dependable
and accurate source for such information. A database qualifies as a QIIS if
the CA determines that: 

(1) Industries other than the certificate industry rely on the database for
accurate location, contact, or other information and

(2) The database provider updates its data on at least an annual basis.

The CA SHALL use a documented process to check the accuracy of the database
and ensure its data is acceptable, including reviewing the database
provider's terms of use.  The CA SHALL NOT use any data in a QIIS that the
CA knows is (i) self-reported, and (ii) not verified by the QIIS as
accurate.  

Databases in which the CA or its owners or affiliated companies maintain a
controlling interest, or in which any Registration Authorities or
subcontractors to whom the CA has outsourced any portion of the vetting
process (or their owners or affiliated companies) maintain any ownership or
beneficial interest, do not qualify as a QIIS. 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20131218/b3cb2618/attachment.html

More information about the Public mailing list