[cabfpub] EV Domain Verification Proposal (Ballot 104)

[Rich Smith]

Jeremy,

Since there have been no comments to this I suggest we start the formal
ballot process as we have a proposal with two endorsements.

 

Regards,

Rich

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Jeremy Rowley
Sent: Thursday, June 20, 2013 5:19 PM
To: public at cabforum.org
Subject: [cabfpub] EV Domain Verification Proposal (Ballot 104)

 

Hi everyone, 

 

I've updated the proposed EV domain verification ballot in accordance with
the face-to-face discussion in Munich.  I removed the confusing language
currently in 11.6 and replaced it with a simple reference to the Baseline
Requirements.  Per the discussion, the ballot excludes the "any alternative
method providing a similar level of assurance" validation process permitted
under 11.1.1(7) of the Baseline Requirements. The rest of the changes are
supplemental to clean up referencing language.

 

Here's the proposed motion, which has been approved by Rich and endorsed by
Mads.  I plan to start the formal ballot process once I've received
constructive feedback. 

 

Thanks,

 

Jeremy

 

------------------

 

Ballot 104 - Modification of Domain Verification under Section 11.6 of the
EV Guidelines

 

Rich Smith of Comodo made the following motion, and Jeremy Rowley from
DigiCert and Mads Henriksveen from Buypass endorsed it:

 

===== Motion Begins =====

 

EFFECTIVE IMMEDIATELY, in order to reconcile the differences in domain
verification specified in the Baseline Requirements and EV Guidelines,
clarify language within the EV Guidelines about the right to use a domain
name, and permit additional alternatives in verifying domain control or
ownership, we propose amending the EV Guidelines as follows:

 

1.       DELETE the definition of Domain Authorization Document since this
is already defined in the Baseline Requirements.

2.       AMEND section 7.1(c) as follows: 

"(C) Right to Use Domain Name: The CA has taken all steps reasonably
necessary to verify that, as of the date the EV Certificate was issued, the
Subject named in the EV Certificate has the exclusive right to use all the
Domain Name(s) listed in the EV Certificate."

3.       AMEND section 11.1.1(2) as follows:

        "(2) Verify the Applicant is a registered holder, or has exclusive
control, of the Domain Name(s) to be included in the EV Certificate;"

4.       REPLACE section 11.6 with the following:

"11.6 Verification of Applicant's Domain Name

For each Fully-Qualified Domain Name listed in a Certificate, the CA SHALL
confirm that, as of the date the Certificate was issued, the Applicant
either is the Domain Name Registrant or has control over the FQDN using a
procedure specified in Section 11.1.1 of the Baseline Requirements, except
that a CA MAY NOT verify a domain using the procedure described 11.1.1(7)."

5.       AMEND the first paragraph of section 11.10.4 as follows:

"An Independent Confirmation from the Applicant is a confirmation of a
particular fact (e.g., knowledge of its exclusive control of a Domain Name,
confirmation of the employee or agency status of a Contract Signer or
Certificate Approver, confirmation of the EV Authority of a Certificate
Approver, etc.) that is:"

6.       AMEND section 11.13.3(2) as follows:

"(2) Rely on a prior Verified Legal Opinion or Accountant Letter that
established:

(A) The Applicant's exclusive right to use the specified Domain Name under
Section 11.6.2 (2)(A)(i) and Section 11.6.2 (2)(B)(i), provided that the CA
verifies that either:

(i) The WHOIS record still shows the same registrant as indicated when the
CA received the prior Verified Legal Opinion or Verified Accountant Letter,
or

(ii) The Applicant establishes domain control via a process permitted under
section 11.6practical demonstration as detailed in Section 11.6.2(2)(B)(ii).

(B) That the Applicant is aware that it has exclusive control of the Domain
Name, under Section 11.6.1 (3).

 

 

=====Motion Ends=====

 

The review period for this ballot shall commence at ______________ and will
close at _______________.  Unless the motion is withdrawn during the review
period, the voting period will start immediately thereafter and will close
at ___________________.  Votes must be cast by posting an on-list reply to
this thread.

 

===== Motion Ends =====

 

A vote in favor of the motion must indicate a clear 'yes' in the response.
A vote against must indicate a clear 'no' in the response.  A vote to
abstain must indicate a clear 'abstain' in the response.  Unclear responses
will not be counted.  The latest vote received from any representative of a
voting member before the close of the voting period will be counted.  Voting
members are listed here:   <http://www.cabforum.org/forum.html>
http://www.cabforum.org/forum.html

 

In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and one half or more of the votes cast by
members in the browser category must be in favor.  Also, at least seven
members must participate in the ballot, either by voting in favor, voting
against, or abstaining.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130625/02183cca/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6391 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130625/02183cca/attachment-0003.bin>