[cabfpub] Ballot 113 - Revision to QIIS in EV Guidelines

Enric Castillo enric.castillo at anf.es
Wed Jan 8 14:00:27 MST 2014 

ANF Autoridad de Certificación votes yes.

ANF Autoridad de Certificación

*Enric Castillo*
Departamento de Ingeniería
ANF Autoridad de Certificación
enric.castillo at anf.es <mailto:enric.castillo at anf.es>
www.anf.es <https://www.anf.es>

*Aviso*

Este mensaje se dirige exclusivamente a su destinatario y puede contener
información privilegiada o confidencial y/o datos de carácter personal,
cuya difusión está regulada por la Ley Orgánica de Protección de Datos y
la Ley de Servicios de la Sociedad de la Información. Si usted no es el
destinatario indicado (o el responsable de la entrega al mismo), no debe
copiar o entregar este mensaje a terceros bajo ningún concepto. Si ha
recibido este mensaje por error o lo ha conseguido por otros medios, le
rogamos que nos lo comunique inmediatamente por esta misma vía y proceda
a su eliminación irreversible. Las opiniones, conclusiones y demás
informaciones incluidas en este mensaje que no estén relacionadas con
asuntos profesionales de ANF Autoridad de Certificación no están
respaldadas por la empresa.

El 31/12/2013 0:47, Ben Wilson escribió:
>
> Ballot 113 - Revision to QIIS in EV Guidelines
>
>  
>
> The following proposal comes from EV working group.    Jeremy Rowley
> made the following motion, and Rich Smith and Kirk Hall have endorsed
> it. 
>
>  
>
> This ballot proposes a replacement to Section 11.10.5 of the Extended
> Validation Guidelines, which defines the qualifications of a QIIS. 
> The previous QIIS definition did not accurately capture current CA
> practices. In fact, a strict reading of the existing definition might
> imply that CAs were prohibited from using Dun & Bradstreet, Hoovers,
> and other commercially reliable sources generally regarded as accurate
> sources of information.  The proposed definition consolidates
> confusing and overlapping requirements while clarifying the QIIS
> verification requirements for CAs.  The new definition permits CAs to
> use databases of information if the CA has documented its process to
> verify the data's accuracy and the CA knows the information is not
> self-reported. 
>
>  
>
> --- Motion begins ---
>
>  
>
> Effective immediately:
>
>  
>
> Replace Section 11.10.5 in the EV Guidelines:
>
>  
>
> 11.10.5  Qualified Independent Information Source
>
>  
>
> A Qualified Independent Information Source (QIIS) is a
> regularly-updated and current, publicly available, database designed
> for the purpose of accurately providing the information for which it
> is consulted, and which is generally recognized as a dependable source
> of such information.  A commercial database is a QIIS if the following
> are true:
>
> (1)          Industry groups rely on the database for providing
> accurate location or contact information;
>
> (2)          The database distinguishes between self-reported data and
> data reported by independent information sources;
>
> (3)          The database provider identifies how frequently they
> update the information in their database;
>
> (4)          Changes in the data that will be relied upon will be
> reflected in the database in no more than 12 months; and
>
> (5)          The database provider uses authoritative sources
> independent of the Subject, or multiple corroborated sources, to which
> the data pertains.
>
> Databases in which the CA or its owners or affiliated companies
> maintain a controlling interest, or in which any Registration
> Authorities or subcontractors to whom the CA has outsourced any
> portion of the vetting process (or their owners or affiliated
> companies) maintain any ownership or beneficial interest do not
> qualify as a QIIS.  The CA MUST check the accuracy of the database and
> ensure its data is acceptable.
>
>  
>
> With the following proposed language for Section 11.10.5:
>
>  
>
> 11.10.5 Qualified Independent Information Source
>
>  
>
> A Qualified Independent Information Source (QIIS) is a regularly
> updated and publicly available database that is generally recognized
> as a dependable and accurate source for certain information.
>
> A database qualifies as a QIIS if the CA determines that:
>
> (1) Industries other than the certificate industry rely on the
> database for accurate location, contact, or other information; and
>
> (2) The database provider updates its data on at least an annual basis.
>
> The CA SHALL use a documented process to check the accuracy of the
> database and ensure its data is acceptable, including reviewing the
> database provider's terms of use. 
>
> The CA SHALL NOT use any data in a QIIS that the CA knows is (i)
> self-reported and (ii) not verified by the QIIS as accurate. 
>
> Databases in which the CA or its owners or affiliated companies
> maintain a controlling interest, or in which any Registration
> Authorities or subcontractors to whom the CA has outsourced any
> portion of the vetting process (or their owners or affiliated
> companies) maintain any ownership or beneficial interest, do not
> qualify as a QIIS.
>
>  
>
> --- Motion ends ---
>
>  
>
> The review period for this ballot shall commence immediately at 2300
> UTC on 30 December 2013 and will close on 6 January 2014.
>
> Unless the motion is withdrawn during the review period, the voting
> period will start immediately thereafter and will close at 2300 UTC on
> 13 January 2014.
>
> Votes must be cast by posting an on-list reply to this thread.
>
> A vote in favor of the ballot must indicate a clear 'yes' in the response.
>
> A vote against the ballot must indicate a clear 'no' in the response.
>
> A vote to abstain must indicate a clear 'abstain' in the response.
>
> Unclear responses will not be counted.
>
> The latest vote received from any representative of a voting member
> before the close of the voting period will be counted.
>
> Voting members are listed here: https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and more than one half of the votes
> cast by members in the browser category must be in favor.
>
> Quorum is currently six (6) members-- at least six members must
> participate in the ballot, either by voting in favor, voting against,
> or by abstaining for the vote to be valid.
>
>  
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140108/7bad45ba/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-anf.png
Type: image/png
Size: 4746 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20140108/7bad45ba/attachment-0001.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4389 bytes
Desc: Firma criptogr??fica S/MIME
Url : https://cabforum.org/pipermail/public/attachments/20140108/7bad45ba/attachment-0001.bin

More information about the Public mailing list