[cabfpub] Ballot 122 - Verified Method of Communication

i-barreira at izenpe.net i-barreira at izenpe.net
Wed Apr 23 08:37:42 UTC 2014

In Spain is similar.



Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net




ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.


De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Steve Roylance
Enviado el: miércoles, 16 de abril de 2014 18:59
Para: ben at digicert.com; 'Erwann Abalea'; public at cabforum.org
Asunto: Re: [cabfpub] Ballot 122 - Verified Method of Communication


Hi Ben,

Here’s an example for everyone.

The Italian Business Registry provides an e-mail authentication mechanism for Italian companies (From roughly 2011 and I don’t have a link to hand).  i.e. it’s deemed by them to be stronger and more convenient than other methods and it’s legally required.  This means for Italy it’s not necessary to make any phone call which is the intention behind the rewording in the ballot.   So this, in part, answers Erwann’s point on e-mail – Yes it’s good enough.

Doug suggested making the remit wider for the future by allowing other methods and making the decision on the acceptable method be made by the appropriate QGIS, but rather thank stating QGIS which is limiting he suggested using the term from the forthcoming ISO 29003 definition i.e. a “Source of Authority”.  i.e. If a source of authority starts to store Skype IDs as ‘official’ communication channels then we should relish the opportunity to use this as a method of verification.  If the CABforum remains too prescriptive in our choices we’ll continue to see low adoption of EV.  Rather than make our own rules we should allow best practice from any jurisdiction on what they agree as a method of communication within that jurisdiction.  The one size fits all rule does not work across the planet.   

If it’s too early for this mind set change then that’s fine, but I’d personally rather weave in flexibility earlier rather than later as I’ve always been frustrated that EV has not been as successful as we all would want.

Kind Regards




From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: 16 April 2014 16:33
To: 'Erwann Abalea'; public at cabforum.org
Subject: Re: [cabfpub] Ballot 122 - Verified Method of Communication


I think if anyone wants to propose that we go beyond email or POTS (to things like Messenger and Skype-Skype), then the proponent should put forth a ballot that explains the verification steps that would have to be performed to ensure the reliability of that communication process, and I would not want anyone to be holding a patent or patent application on that process.  I was also hoping that we wouldn’t have to get into a debate about the vulnerabilities or merits of using email vs. those other methods.   Also, if someone wants to layer those other methods (like video conferencing) on top of the other acceptable ones for use in other day-to-day communications, then I don’t think they should be prohibited, but I think that is another issue/discussion.  


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Erwann Abalea
Sent: Wednesday, April 16, 2014 8:18 AM
To: Ben Wilson; public at cabforum.org
Subject: Re: [cabfpub] Ballot 122 - Verified Method of Communication


It can, but it's not mandatory. Skype to Skype doesn't, for example. Neither does XMPP, nor Yahoo Messenger, ...
My question was more: is an email address a "Verified Method of Communication"? Is it more verified than a Skype handle? Or a verified Twitter account?


Le 16/04/2014 15:37, Ben Wilson a écrit :

	Doesn't Skype interface with the ITU-T E.164 POTS network using a numbers-only assigned route?


	From: Erwann Abalea <mailto:erwann.abalea at keynectis.com> 
	Sent: ‎4/‎16/‎2014 2:51 AM
	To: public at cabforum.org
	Subject: Re: [cabfpub] Ballot 122 - Verified Method of Communication

	Is the ITU-T E.164 reference used to disallow Skype or similar services?
	Is an email address considered more "verified" than a Skype/whatever identifier?

	Erwann ABALEA

	Le 15/04/2014 22:57, Ben Wilson a écrit :

		Ballot 122 - Verified Method of Communication 

		The EV Guidelines Working Group has completed its review of Section 11.4.2 of the EV Guidelines (Telephone Number for Applicant’s Place of Business). The purpose of the review was to "develop a more international process for verifying contact information,” especially to transition away from a landline-centric focus. The purpose of Section 11.4.2 has been to ensure a means for communicating with an organization (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request) and to provide additional evidence of an organization's existence. This is maintained by the proposed replacement language. 

		Cecilia Kam of Symantec made the following motion, and Rich Smith from Comodo and Jeremy Rowley from DigiCert have endorsed it. 

		Motion Begins 

		1. Create a new definition for a "Verified Method of Communication" in the EV Guidelines: 

		" Verified Method of Communication: The use of a public telecommunication routing number (ITU-E.164-compliant fixed, mobile, fax, or SMS), an email address, or a postal delivery address, confirmed by the CA in accordance with Section 11.4.2 of the Guidelines as a reliable way of communicating with the Applicant." 

		2. DELETE Section 11.4.2 (Telephone Number for Applicant's Place of Business) and INSERT the following: 

		"11.4.2 Verified Method of Communication 

		(1) Verification Requirements: To assist in communicating with the Applicant and confirming that the Applicant is aware of and approves issuance, the CA MUST establish at least one Verified Method of Communication with the Applicant. 

		(2) Acceptable Methods of Verification: To verify a Verified Method of Communication with the Applicant, the CA MUST: 

		(A) Verify that the number or address belongs to the Applicant, or a Parent or Affiliate of the Applicant, by matching it with one of the Applicant’s Places of Business in: (i) records provided by the applicable phone company; (ii) a QGIS, QTIS, or QIIS; or (iii) a Verified Legal Opinion or Verified Accountant Letter; and 

		(B) Confirm the Verified Method of Communication by using it to obtain an affirmative response sufficient to enable a reasonable person to conclude that the Applicant, or a Parent or Affiliate of Applicant, can be contacted reliably by using the Verified Method of Communication. 

		3. In subsection 11.13.1(1)(D), REPLACE "Telephone number for Place of Business" with "Verified Method of Communication." 

		4. REPLACE subsection 11.13.3(1)(C) with "The Verified Method of Communication required by Section 11.4.2, but still MUST perform the verification required by Section 11.4.2(2)(B);" 

		Motion Ends 

		The review period for this ballot shall commence at 2200 UTC on Tuesday, 15 April 2014, and will close at 2200 UTC on Tuesday, 22 April 2014. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on Tuesday, 29 April 2014. Votes must be cast by posting an on-list reply to this thread. 

		A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: https://cabforum.org/members/ 

		In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Also, at least six members must participate in the ballot, either by voting in favor, voting against, or abstaining. 



		Public mailing list
		Public at cabforum.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140423/93f7e89f/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 19121 bytes
Desc: image001.png
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140423/93f7e89f/attachment-0003.png>

More information about the Public mailing list