[cabfpub] Ballot 123 redlines

Jeremy Rowley jeremy.rowley at digicert.com
Thu Oct 2 13:18:16 MST 2014

Here is the comparison between the proposed language and revised language.

11.14.                       Requirements for Re-use of Existing Documentation
For each EV Certificate Request, including requests to renew existing EV Certificates, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the request is properly authorized by the Applicant and that the information in the EV Certificate is still accurate and valid. This section sets forth the age limitations on for the use of documentation collected by the CA.

11.14.1.            Exceptions Validation For Existing Subscribers (formerly 11.14.3)
Notwithstanding the requirements set forth in Section 11.14.1, when performing the authentication and verification tasks for issuing an EV Certificate where theIf an Applicant has a currently valid EV Certificate issued by the CA, a CA MAY   rely on its prior authentication and verification of:
(1) Rely on its prior authentication and verification of:

(A) The Principal Individual of a Business Entity verified under Section 11.2.2 (4) if the Principal Iindividual is the same   person as the Principal Individual verified by the CA in connection with the Applicant's previously issued and currently valid EV Certificate;

(2)(B) The Applicant's Place of Business under Section 11.4.1;
(3)      (C) The Applicant's Verified Method of Communication required by Section 11.5 but still MUST perform the verification required by section 11.5.2(B) provided that the CA verifies the communications as required by Section 11.4.2(2)(A);
(4)      (D) The Applicant's Operational Existence under Section 11.6;
(5)(E) The nName, tTitle, Agency and aAuthority of the Contract Signer, and Certificate Approver, and Certificate Requester under Section 11.8, except where a contract is in place between the CA and the Applicant that specifies a specific term for the authority of the Contract Signer, and/or the Certificate Approver, and/or Certificate Requester in which case, the term specified in such contract will control; and
(F)  The  email  address  used  by  the  CA  for  independent  confirmation  from  the  Applicant  under  Section 11.11.4(1)(B)(ii);
(2) Rely on a prior Verified Legal Opinion or Accountant Letter that established:
(6) (A)  The Applicant's right to use the specified Domain Name under Section 11.7, provided that the CA verifies that either:
       (i) Tthe WHOIS record still shows the same registrant as indicated when the CA verified the specified Domain Name for the initial EV Certificate. received the prior Verified Legal Opinion or Verified Accountant Letter, or
       (ii) The Applicant establishes domain control via a process permitted under Section 11.7.

11.14.2.  Validation of Re-issuance Requests
A CA may rely on a previously verified information certificate request to issue a replacement certificate, so long as the certificate being referenced was not revoked due to fraud or other illegal conduct, ifwhere:
(1)               The expiration date of the replacement certificate is the same as the expiration date of the currently valid EV Certificate that is being replaced, and
(2)               The Subject Information of the Certificate is the same as the Subject in the currently valid EV Certificate that is being replaced.

11.14.3.  ForAge of Validated Data (formerly 11.14.1)
(1)Except for reissuance of an EV Certificate under Section 11.14.2 and except when permitted otherwise in Section 11.14.1, Tthe age of validatedall data used to support issuance of an EV Certificate (before revalidation is required) SHALL NOT exceed the following limits:

(A)    Legal existence and identity - thirteen months;
(B)     Assumed name - thirteen months;
(C)     Address of Place of Business - thirteen months, but thereafter data MAY be refreshed by checking a Qualified Independent Information Source, even where a site visit was originally required;
(D)    Verified Method of CommunicationApplicant's telephone number - thirteen months;
(E)     Bank account verificationOperational existence - thirteen months;
(F)      Domain Name - thirteen months;
(G)    Identity and authority of Certificate ApproverName, Title, Agency, and Authority - thirteen months, unless a contract is in place between the CA and the Applicant that specifies a different term, in which case, the term specified in such contract will controls. For example, the contract MAY include the perpetual use terms that allow the assignment of EV roles that are perpetual until revoked by the Applicant or CA, or until the contract expires or is terminated.

(2)The age of information used by the CA to verify such an EV Certificate Request MUST NOT exceed the MaximumValidity Period for such information set forth above in subsection (1), based on the date the information was last updated by the QIIS, QGIS, or QTIS (e.g., if an online database was accessed by the CA on July 1, but contained data last updated by the QIIS, QGIS, or QTIS on February 1 of the same year, then the date on which the information was obtained would be considered to be February 1)The thirteen-month period set forth above SHALL begin to run on the date the information was collected by the CA.

(3)  The CA MAY issue multiple reuse a previously submitted EV Certificates Request, Subscriber Agreement, or Terms of Use, including use of listing the same Subject and based on a single EV Certificate Request in support of multiple EV Certificates containing the same Subject to the extent permitted under Sections 11.9 and 11.10, subject to the aging and updating requirement stated above.

(4) Each EV Certificate issued by the CA MUST be supported by a valid current EV Certificate Request and a Subscriber Agreement signed by the appropriate Applicant Representative on behalf of the Applicant or Terms of Use acknowledged by the appropriate Applicant Representative The CA MUST repeat the verification process required in these Guidelines for any information obtained outside the time limits specified above except when permitted otherwise under section 11.14.1.

(5) In the case of outdated information, the CA MUST repeat the verification processes required in these Guidelines.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141002/bf6e4997/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ballot 123 redlines.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 40552 bytes
Desc: Ballot 123 redlines.docx
Url : https://cabforum.org/pipermail/public/attachments/20141002/bf6e4997/attachment-0001.bin 

More information about the Public mailing list