[cabfpub] Ballot 123 - Revisions to former section 11.13

Moudrick M. Dadashov md at ssc.lt
Fri Oct 10 19:54:30 UTC 2014

SSC votes: "Yes".


On 10/10/2014 1:39 AM, Jeremy Rowley wrote:
> DigiCert votes "Yes"
> *From:*public-bounces at cabforum.org 
> [mailto:public-bounces at cabforum.org] *On Behalf Of *Jeremy.Rowley
> *Sent:* Wednesday, October 1, 2014 5:37 PM
> *To:* CABFPub
> *Subject:* [cabfpub] Ballot 123 - Revisions to former section 11.13
> I updated the email subject to make the ballot easier to follow.  
> Please comment on this email thread instead of the other.
> Hi everyone,
> This is the ballot from the EV working group that attempts to clarify 
> the language in 11.14 (11.13 previous to the verified method of 
> communication ballot) without changing any of the requirements.  
> Previous section 11.13 was poorly organized with lots of 
> semi-conflicting statements on when data re-verification was 
> required.  Changes were not tracked in this ballot as every single 
> section was moved or rewritten, making any comparison futile.
> ---------
> *Ballot 123 -- Reuse of Information*
> Revised Section 11.14 (previous 11.13)
> Jeremy Rowley of DigiCert  made the following motion, and Cecilia Kam 
> of Symantec and Joanna Fox of GoDaddy have endorsed it.
> Motion Begins
> Section 11.14 is amended to read as follows:
> *11.14 Requirements on the Re-use of Documentation *
> For each EV Certificate Request, including requests to renew existing 
> EV Certificates, the CA MUST perform all authentication and 
> verification tasks required by these Guidelines to ensure that the 
> request is properly authorized by the Applicant and that the 
> information in the EV Certificate is still accurate and valid. This 
> section sets forth the age limitations on for the use of documentation 
> collected by the CA.
> *11.14.1 Validation For Existing Subscribers *
> If an Applicant has a currently valid EV Certificate issued by the CA, 
> a CA MAY rely on its prior authentication and verification of:
> (1) The Principal Individual verified under Section 11.2.2 (4) if the 
> individual is the same person as verified by the CA in connection with 
> the Applicant's previously issued and currently valid EV Certificate;
> (2) The Applicant's Place of Business under Section 11.4.1;
> (3) The Applicant's Verified Method of Communication required by 
> Section 11.5, provided that the CA verifies the communications as 
> required by Section 11.4.2 (2)(A);
> (4) The Applicant's Operational Existence under Section 11.6;
> (5) The Name, Title, Agency, and Authority of the Contract Signer and 
> Certificate Approver under Section 11.8; and
> (6) The Applicant's right to use the specified Domain Name under 
> Section 11.7, provided that the CA verifies that the WHOIS record 
> still shows the same registrant as when the CA verified the specified 
> Domain Name for the initial EV Certificate.
> *11.14.2 Re-issuance Requests *
> A CA may rely on a previously verified certificate request to issue a 
> replacement certificate, so long as the certificate being referenced 
> was not revoked due to fraud or other illegal conduct, if:
> (1) The expiration date of the replacement certificate is the same as 
> the expiration date of the EV Certificate that is being replaced, and
> (2) The Subject Information of the Certificate is the same as the 
> Subject in the EV Certificate that is being replaced.
> *11.14.3 Age of Validated Data *
> (1) Except for reissuance of an EV Certificate under Section 11.14.2 
> and except when permitted otherwise under Section 11.14.1, the age of 
> all data used to support issuance of an EV Certificate (before 
> revalidation is required) SHALL NOT exceed the following limits:
> (A) Legal existence and identity -- thirteen months;
> (B) Assumed name -- thirteen months;
> (C) Address of Place of Business -- thirteen months;
> (D) Applicant's telephone number -- thirteen months;
> (E) Operational existence -- thirteen months;
> (F) Domain Name -- thirteen months;

> (G) Name, Title, Agency, and Authority-- thirteen months, unless a 
> contract between the CA and the Applicant specifies a different term, 
> in which case, the term specified in such contract controls. For 
> example, the contract MAY include the perpetual assignment of EV roles 
> until revoked by the Applicant or CA, or until the contract expires or 
> is terminated.
> (2) The thirteen-month period set forth above SHALL begin to run on 
> the date the information was collected by the CA.
> (3) The CA MAY reuse a previously submitted EV Certificate Request, 
> Subscriber Agreement, or Terms of Use, including use of a single EV 
> Certificate Request in support of multiple EV Certificates containing 
> the same Subject, to the extent permitted under Sections 11.9 and 11.10.
> (4) The CA MUST repeat the verification processes required in these 
> Guidelines for any information obtained outside the time limits 
> specified above except when permitted otherwise under section 11.14.1.
> Motion Ends
> -----
> The review period for this ballot shall commence at 2200 UTC on 
> October 2 2014, and will close at 2200 UTC on October 9, 2014. Unless 
> the motion is withdrawn during the review period, the voting period 
> will start immediately thereafter and will close at 2200 UTC on 
> October 16, 2014. Votes must be cast by posting an on-list reply to 
> this thread.
> A vote in favor of the motion must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting member before the close of the voting 
> period will be counted. Voting members are listed here: 
> https://cabforum.org/members/
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Also, at 
> least seven members must participate in the ballot, either by voting 
> in favor, voting against, or abstaining.
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141010/501729a1/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3653 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141010/501729a1/attachment-0001.p7s>

More information about the Public mailing list