[cabfpub] Ballot 122 - Verified Method of Communication

Doug Beattie doug.beattie at globalsign.com
Wed Apr 16 05:16:31 MST 2014


Hi Cecelia and Ben,

In order to future proof this, could we consider modifying the definition of
"Verified Method of Communication" and add a new definition "Source of
Authority" to support other methods of communications, provided they are
specified in an authorized source?  This would allow the use of social media
(Twitter, Skype, Facebook, etc.) provided those communications methods and
IDs were registered the same way phone numbers and email addresses are
today.  I believe this is consistent with the stated goal to move away from
a landline-centric focus.

 

" Verified Method of Communication: The use of any available method of
communication offered by the Source of Authority.  For example this may
include inclusion of VOIP based communication channels, public
telecommunication routing numbers (ITU-E.164-compliant fixed, mobile, fax,
or SMS), email address, or postal delivery addresses etc., as confirmed by
the CA in accordance with Section 11.4.2 of the Guidelines as a reliable way
of communicating with the Applicant."

"Source of Authority: An Authoritative Source, register or database of
entities' identity attributes that have been subject to certification to a
specified Level of Assurance, sufficient for other parties to rely upon the
registered data for an entity and establish a trust relationship with that
entity.  Examples include QGIS, QIIS and QGTIS within this document"

Doug

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Ben Wilson
Sent: Tuesday, April 15, 2014 4:57 PM
To: public at cabforum.org
Subject: [cabfpub] Ballot 122 - Verified Method of Communication

 

Ballot 122 - Verified Method of Communication 

The EV Guidelines Working Group has completed its review of Section 11.4.2
of the EV Guidelines (Telephone Number for Applicant's Place of Business).
The purpose of the review was to "develop a more international process for
verifying contact information," especially to transition away from a
landline-centric focus. The purpose of Section 11.4.2 has been to ensure a
means for communicating with an organization (to verify the authority of EV
roles and ensure that it was appropriately aware of the certificate request)
and to provide additional evidence of an organization's existence. This is
maintained by the proposed replacement language. 

Cecilia Kam of Symantec made the following motion, and Rich Smith from
Comodo and Jeremy Rowley from DigiCert have endorsed it. 

Motion Begins 

1. Create a new definition for a "Verified Method of Communication" in the
EV Guidelines: 

" Verified Method of Communication: The use of a public telecommunication
routing number (ITU-E.164-compliant fixed, mobile, fax, or SMS), an email
address, or a postal delivery address, confirmed by the CA in accordance
with Section 11.4.2 of the Guidelines as a reliable way of communicating
with the Applicant." 

2. DELETE Section 11.4.2 (Telephone Number for Applicant's Place of
Business) and INSERT the following: 

"11.4.2 Verified Method of Communication 

(1) Verification Requirements: To assist in communicating with the Applicant
and confirming that the Applicant is aware of and approves issuance, the CA
MUST establish at least one Verified Method of Communication with the
Applicant. 

(2) Acceptable Methods of Verification: To verify a Verified Method of
Communication with the Applicant, the CA MUST: 

(A) Verify that the number or address belongs to the Applicant, or a Parent
or Affiliate of the Applicant, by matching it with one of the Applicant's
Places of Business in: (i) records provided by the applicable phone company;
(ii) a QGIS, QTIS, or QIIS; or (iii) a Verified Legal Opinion or Verified
Accountant Letter; and 

(B) Confirm the Verified Method of Communication by using it to obtain an
affirmative response sufficient to enable a reasonable person to conclude
that the Applicant, or a Parent or Affiliate of Applicant, can be contacted
reliably by using the Verified Method of Communication. 

3. In subsection 11.13.1(1)(D), REPLACE "Telephone number for Place of
Business" with "Verified Method of Communication." 

4. REPLACE subsection 11.13.3(1)(C) with "The Verified Method of
Communication required by Section 11.4.2, but still MUST perform the
verification required by Section 11.4.2(2)(B);" 

Motion Ends 

The review period for this ballot shall commence at 2200 UTC on Tuesday, 15
April 2014, and will close at 2200 UTC on Tuesday, 22 April 2014. Unless the
motion is withdrawn during the review period, the voting period will start
immediately thereafter and will close at 2200 UTC on Tuesday, 29 April 2014.
Votes must be cast by posting an on-list reply to this thread. 

A vote in favor of the motion must indicate a clear 'yes' in the response. A
vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted. Voting members
are listed here: https://cabforum.org/members/ 

In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and greater than 50% of the votes cast by
members in the browser category must be in favor. Also, at least six members
must participate in the ballot, either by voting in favor, voting against,
or abstaining. 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140416/22058a64/attachment.html 


More information about the Public mailing list