[cabfpub] Ballot 113 - Revision to QIIS in EV Guidelines

Mert ÖZARAR mert.ozarar at gmail.com
Sun Jan 12 06:28:50 MST 2014 

TURKTRUST votes YES.

Regards,

Mert




>
> *From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org<public-bounces at cabforum.org>]
> *On Behalf Of *Ben Wilson
> *Sent:* Monday, December 30, 2013 4:47 PM
> *To:* public at cabforum.org
> *Subject:* [cabfpub] Ballot 113 - Revision to QIIS in EV Guidelines
>
>
>
> Ballot 113 - Revision to QIIS in EV Guidelines
>
>
>
> The following proposal comes from EV working group.    Jeremy Rowley made
> the following motion, and Rich Smith and Kirk Hall have endorsed it.
>
>
>
> This ballot proposes a replacement to Section 11.10.5 of the Extended
> Validation Guidelines, which defines the qualifications of a QIIS.  The
> previous QIIS definition did not accurately capture current CA practices.
> In fact, a strict reading of the existing definition might imply that CAs
> were prohibited from using Dun & Bradstreet, Hoovers, and other
> commercially reliable sources generally regarded as accurate sources of
> information.  The proposed definition consolidates confusing and
> overlapping requirements while clarifying the QIIS verification
> requirements for CAs.  The new definition permits CAs to use databases of
> information if the CA has documented its process to verify the data’s
> accuracy and the CA knows the information is not self-reported.
>
>
>
> --- Motion begins ---
>
>
>
> Effective immediately:
>
>
>
> Replace Section 11.10.5 in the EV Guidelines:
>
>
>
> 11.10.5  Qualified Independent Information Source
>
>
>
> A Qualified Independent Information Source (QIIS) is a regularly-updated
> and current, publicly available, database designed for the purpose of
> accurately providing the information for which it is consulted, and which
> is generally recognized as a dependable source of such information.  A
> commercial database is a QIIS if the following are true:
>
> (1)          Industry groups rely on the database for providing accurate
> location or contact information;
>
> (2)          The database distinguishes between self-reported data and
> data reported by independent information sources;
>
> (3)          The database provider identifies how frequently they update
> the information in their database;
>
> (4)          Changes in the data that will be relied upon will be
> reflected in the database in no more than 12 months; and
>
> (5)          The database provider uses authoritative sources independent
> of the Subject, or multiple corroborated sources, to which the data
> pertains.
>
> Databases in which the CA or its owners or affiliated companies maintain a
> controlling interest, or in which any Registration Authorities or
> subcontractors to whom the CA has outsourced any portion of the vetting
> process (or their owners or affiliated companies) maintain any ownership or
> beneficial interest do not qualify as a QIIS.  The CA MUST check the
> accuracy of the database and ensure its data is acceptable.
>
>
>
> With the following proposed language for Section 11.10.5:
>
>
>
> 11.10.5 Qualified Independent Information Source
>
>
>
> A Qualified Independent Information Source (QIIS) is a regularly updated
> and publicly available database that is generally recognized as a
> dependable and accurate source for certain information.
>
> A database qualifies as a QIIS if the CA determines that:
>
> (1) Industries other than the certificate industry rely on the database
> for accurate location, contact, or other information; and
>
> (2) The database provider updates its data on at least an annual basis.
>
> The CA SHALL use a documented process to check the accuracy of the
> database and ensure its data is acceptable, including reviewing the
> database provider’s terms of use.
>
> The CA SHALL NOT use any data in a QIIS that the CA knows is (i)
> self-reported and (ii) not verified by the QIIS as accurate.
>
> Databases in which the CA or its owners or affiliated companies maintain a
> controlling interest, or in which any Registration Authorities or
> subcontractors to whom the CA has outsourced any portion of the vetting
> process (or their owners or affiliated companies) maintain any ownership or
> beneficial interest, do not qualify as a QIIS.
>
>
>
> --- Motion ends ---
>
>
>
> The review period for this ballot shall commence immediately at 2300 UTC
> on 30 December 2013 and will close on 6 January 2014.
>
> Unless the motion is withdrawn during the review period, the voting period
> will start immediately thereafter and will close at 2300 UTC on 13 January
> 2014.
>
> Votes must be cast by posting an on-list reply to this thread.
>
> A vote in favor of the ballot must indicate a clear ‘yes’ in the response.
>
> A vote against the ballot must indicate a clear ‘no’ in the response.
>
> A vote to abstain must indicate a clear ‘abstain’ in the response.
>
> Unclear responses will not be counted.
>
> The latest vote received from any representative of a voting member before
> the close of the voting period will be counted.
>
> Voting members are listed here: https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and more than one half of the votes cast
> by members in the browser category must be in favor.
>
> Quorum is currently six (6) members– at least six members must participate
> in the ballot, either by voting in favor, voting against, or by abstaining
> for the vote to be valid.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140112/05ebcb4f/attachment.html

More information about the Public mailing list