[cabfpub] Ballot 131 - Update to Verified Method of Communication

Ben Wilson ben.wilson at digicert.com
Fri Sep 5 13:13:45 MST 2014


Per Moudrick’s request, here is a comprehensive statement of Ballot 131.
Due to all of the mid-voting changes, voting on this ballot is extended to
Friday, 12 Sept. 2014.  

As usually stated in our ballots, “the latest vote received from any
representative of a voting member before the close of the voting period will
be counted.”

The latest votes I’ve received from members were received (UTC) as follows:

GlobalSign           Yes         Fri 05-Sep-14 17:49 

OpenTrust           Yes         Fri 05-Sep-14 17:00

Buypass               Yes         Fri 05-Sep-14 14:54

SECOM                 Yes         Fri 05-Sep-14 00:27

TrendMicro         Yes         Thu 04-Sep-14 19:50

Comodo              yes         Thu 04-Sep-14 18:09

SSC                        yes         Thu 04-Sep-14 16:46

GoDaddy             Yes         Thu 04-Sep-14 16:24

Trustwave           Yes         Thu 04-Sep-14 16:21

Symantec            Yes         Wed 03-Sep-14 17:24

Startcom             Yes         Wed 03-Sep-14 09:27

Disig                     Yes         Tue 02-Sep-14 14:20

Trustis                  Yes         Tue 02-Sep-14 13:41

QuoVadis             Yes         Tue 02-Sep-14 12:24

Entrust                 Yes         Tue 02-Sep-14 11:34

Turktrust              yes         Tue 02-Sep-14 08:36

WoSign                yes         Tue 02-Sep-14 06:22

Actalis                  yes         Tue 02-Sep-14 06:18

Digicert                yes         Tue 02-Sep-14 05:15

Mozilla                 yes         Mon 01-Sep-14 16:55

 

So, if you’d like, feel free to change your vote.

Thanks

 

Ballot 131 - Update to Verified Method of Communication

 

The EV Guidelines Working Group has revisited Section 11.4 of the EV
Guidelines (Applicant’s Physical Existence) and has decided that it is best
to split it into two separate sections. Section 11.4.1 would remain as is
for "Address of Applicant’s Place of Business." Section 11.4.2 would be
moved to its own section--a new 11.5, and all subsequent section numbers in
11 would be renumbered accordingly. The new Section 11.5 will focus on a
verified means for communicating with the organization to be named as the
subject in the certificate (to verify the authority of EV roles and ensure
that it was appropriately aware of the certificate request).

 

Cecilia Kam of Symantec made the following motion, and Rich Smith from
Comodo and Jeremy Rowley from DigiCert have endorsed it.

 

Motion Begins

 

In the Guidelines for the Issuance and Management of Extended Validation
Certificates:

 

1. DELETE Section 11.4.2 (Telephone Number for Applicant's Place of
Business)

 

2. INSERT a new definition - "Verified Method of Communication" - in Section
4 as follows: Verified Method of Communication: The use of a telephone
number, a fax number, an email address, or a postal delivery address,
confirmed by the CA in accordance with Section 11.5 of the Guidelines as a
reliable way of communicating with the Applicant.

 

3. In Section 11.1.1, renumber the existing subsection (3) as subsection (4)
and INSERT a new subsection (3) as follows: "(3) Verify a reliable means of
communication with the entity to be named as the Subject in the
Certificate;"

 

4. RENUMBER sections 11.5 through 11.13 by increasing them each by .1 and
UPDATE all cross-references in the EV Guidelines.

 

5. INSERT a new Section 11.5 titled, "Verified Method of Communication" as
follows:

 

11.5 Verified Method of Communication

 

11.5.1 Verification Requirements

 

To assist in communicating with the Applicant and confirming that the
Applicant is aware of and approves issuance, the CA MUST verify a telephone
number, fax number, email address, or postal delivery address as a Verified
Method of Communication with the Applicant.

 

11.5.2 Acceptable Methods of Verification 

To verify a Verified Method of Communication with the Applicant, the CA
MUST:

 

(A) Verify that the Verified Method of Communication belongs to the
Applicant, or a Parent/Subsidiary or Affiliate of the Applicant, by matching
it with one of the Applicant’s Parent/Subsidiary or Affiliate’s Places of
Business in: (i) records provided by the applicable phone company; (ii) a
QGIS, QTIS, or QIIS; or (iii) a Verified Legal Opinion or Verified
Accountant Letter; and

 

(B) Confirm the Verified Method of Communication by using it to obtain an
affirmative response sufficient to enable a reasonable person to conclude
that the Applicant, or a Parent/Subsidiary or Affiliate of Applicant, can be
contacted reliably by using the Verified Method of Communication.

 

6. Amend newly renumbered subsection 11.11.4(1)(A)(i) as follows: "A
position within the Applicant’s organization that qualifies as a Confirming
Person (e.g., Secretary, President, CEO, CFO, COO, CIO, CSO, Director, etc.)
and is identified by name and title in a current QGIS, QIIS, QTIS, Verified
Legal Opinion, Verified Accountant Letter, or by contacting the Applicant
using a Verified Method of Communication; or"

 

7. REPLACE newly renumbered subsection 11.14.1(1) (D) with "(D) Verified
Method of Communication – thirteen months "

 

8. REPLACE newly renumbered subsection 11.14.3(1)(C) with "The Verified
Method of Communication required by Section 11.5 but still MUST perform the
verification required by Section 11.5.2(B);"

 

9. REPLACE newly renumbered subsection 11.8.2(2)(A) with "(A) Contacting the
Applicant using a Verified Method of Communication for the Applicant, and
obtaining confirmation that the Contract Signer and/or the Certificate
Approver, as applicable, is an employee;”

 

10. REPLACE newly renumbered subsection 11.9.2(1) with "Contacting the
Applicant using a Verified Method of Communication for the Applicant, for
the attention of the Certificate Requester or Contract Signer, as
applicable, followed by a response from someone who identifies themselves as
such person confirming that he/she did sign the applicable document on
behalf of the Applicant;"

 

and

 

REPLACE newly renumbered subsection 11.9.2(2) with "A letter mailed to the
Applicant’s or Agent’s address, as verified through independent means in
accordance with these Guidelines, for the attention of the Certificate
Requester or Contract Signer, as applicable, followed by a response through
a Verified Method of Communication from someone who identifies themselves as
such person confirming that he/she did sign the applicable document on
behalf of the Applicant;"

 

11. REPLACE newly renumbered subsection 11.10.2(1) with "Contacting the
Certificate Approver using a Verified Method of Communication for the
Applicant and obtaining oral or written confirmation that the Certificate
Approver has reviewed and approved the EV Certificate Request;"

 

Motion Ends

 

The review period for this ballot shall commence at 2200 UTC on Friday, 22
August 2014, and will close at 2200 UTC on Friday, 29 August 2014. Unless
the motion is withdrawn during the review period, the voting period will
start immediately thereafter and will close at 2200 UTC on Friday, 5
September 2014. Votes must be cast by posting an on-list reply to this
thread. THE VOTING PERIOD FOR THIS BALLOT HAS BEEN EXTENDED TO 2200 UTC
FRIDAY, 12 SEPTEMBER 2014.

 

A vote in favor of the motion must indicate a clear 'yes' in the response. A
vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted. Voting members
are listed here: https://cabforum.org/members/

 

In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and greater than 50% of the votes cast by
members in the browser category must be in favor. Also, at least seven
members must participate in the ballot, either by voting in favor, voting
against, or abstaining.

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Ben Wilson
Sent: Friday, August 29, 2014 9:33 AM
To: 'public at cabforum.org'
Subject: Re: [cabfpub] Ballot 131 - Update to Verified Method of
Communication

 

Reminder- comment period ends today and voting starts. 

  _____  

From: Ben Wilson <mailto:ben.wilson at digicert.com> 
Sent: ‎8/‎26/‎2014 12:57 PM
To: Jeremy Rowley <mailto:jeremy.rowley at digicert.com> ;
'public at cabforum.org' <mailto:public at cabforum.org> 
Subject: Re: [cabfpub] Ballot 131 - Update to Verified Method of
Communication

Attached is the redlined version of the EV Guidelines for this Ballot 131.

A few things to mention:

1.      The redlining program that I used to create the attached version did
not mark the automatic renumbering of paragraphs 11.5 through 11.6 as having
changed, but they have automatically renumbered to 11.6 to 11.14.

2.      Item 3 in the ballot should have said “3. In Section 11.1.1,
renumber …”  (there was an extra “1” in the reference to “Section 11.11.1”.)

3.      Item 8 in the ballot should have said “8. REPLACE newly renumbered
subsection 11.14.3(1)(C) with ‘The Verified Method of Communication required
by Section 11.5 but still MUST perform the verification required by Section
11.5.2(B);’”

If you see anything else, please advise me or the proponents.  Thanks.

Cheers,

Ben

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Jeremy Rowley
Sent: Friday, August 22, 2014 10:51 AM
To: 'public at cabforum.org'
Subject: [cabfpub] Ballot 131 - Update to Verified Method of Communication

 

Hi everyone, 

The following is a revised ballot for verifying a method of communication
from the EV working group. The changes in this ballot incorporate the
comments provide during the face-to-face and on the mailing list.    

Jeremy

------------------  

Ballot 131 - Update to Verified Method of Communication

The EV Guidelines Working Group has revisited Section 11.4 of the EV
Guidelines (Applicant’s Physical Existence) and has decided that it is best
to split it into two separate sections.  Section 11.4.1 would remain as is
for "Address of Applicant’s Place of Business."  Section 11.4.2 would be
moved to its own section--a new 11.5, and all subsequent section numbers in
11 would be renumbered accordingly. The new Section 11.5 will focus on a
verified means for communicating with the organization to be named as the
subject in the certificate (to verify the authority of EV roles and ensure
that it was appropriately aware of the certificate request).

Cecilia Kam of Symantec made the following motion, and Rich Smith from
Comodo and Jeremy Rowley from DigiCert have endorsed it.

 

Motion Begins 

In the Guidelines for the Issuance and Management of Extended Validation
Certificates:

 

1. DELETE Section 11.4.2 (Telephone Number for Applicant's Place of
Business)

2. INSERT a new definition - "Verified Method of Communication" - in Section
4 as follows:

Verified Method of Communication: The use of a telephone number, a fax
number, an email address, or a postal delivery address, confirmed by the CA
in accordance with Section 11.5 of the Guidelines as a reliable way of
communicating with the Applicant.

3. In Section 11.11.1, renumber the existing subsection (3) as subsection
(4) and INSERT a new subsection (3) as follows:

"(3) Verify a reliable means of communication with the entity to be named as
the Subject in the Certificate;" 

4. RENUMBER sections 11.5 through 11.13 by increasing them each by .1 and
UPDATE all cross-references in the EV Guidelines.

5.  INSERT a new Section 11.5 titled, "Verified Method of Communication" as
follows:

11.5 Verified Method of Communication 

11.5.1 Verification Requirements

To assist in communicating with the Applicant and confirming that the
Applicant is aware of and approves issuance, the CA MUST verify a telephone
number, fax number, email address, or postal delivery address as a Verified
Method of Communication with the Applicant.

11.5.2 Acceptable Methods of Verification

To verify a Verified Method of Communication with the Applicant, the CA
MUST: 

(A) Verify that the Verified Method of Communication belongs to the
Applicant, or a Parent/Subsidiary or Affiliate of the Applicant, by matching
it with one of the Applicant’s Parent/Subsidiary or Affiliate’s Places of
Business in: (i) records provided by the applicable phone company; (ii) a
QGIS, QTIS, or QIIS; or (iii) a Verified Legal Opinion or Verified
Accountant Letter; and 

(B) Confirm the Verified Method of Communication by using it to obtain an
affirmative response sufficient to enable a reasonable person to conclude
that the Applicant, or a Parent/Subsidiary or Affiliate of Applicant, can be
contacted reliably by using the Verified Method of Communication. 

6. Amend newly renumbered subsection 11.11.4(1)(A)(i) as follows: "A
position within the Applicant’s organization that qualifies as a Confirming
Person (e.g., Secretary, President, CEO, CFO, COO, CIO, CSO, Director, etc.)
and is identified by name and title in a current QGIS, QIIS, QTIS, Verified
Legal Opinion, Verified Accountant Letter, or by contacting the Applicant’s
using a Verified Method of Communication; or"

7. REPLACE newly renumbered subsection 11.14.1(1) (D) with "(D) Verified
Method of Communication – thirteen months " 

8. REPLACE newly renumbered subsection 11.14.3(1)(C) with "The Verified
Method of Communication required by Section 11.4.2 but still MUST perform
the verification required by Section 11.4.2(2)(B);" 

9. REPLACE newly renumbered subsection 11.8.2(2)(A) with "The Verified
Method of Communication"

10. REPLACE newly renumbered subsection 11.9.2(1) with "The Verified Method
of Communication"

11. REPLACE newly renumbered subsection 11.10.2 (1) with "The Verified
Method of Communication"

Motion Ends 

The review period for this ballot shall commence at 2200 UTC on Friday, 22
August 2014, and will close at 2200 UTC on Friday, 29 August 2014. Unless
the motion is withdrawn during the review period, the voting period will
start immediately thereafter and will close at 2200 UTC on Friday, 5
September 2014. Votes must be cast by posting an on-list reply to this
thread. 

A vote in favor of the motion must indicate a clear 'yes' in the response. A
vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted. Voting members
are listed here: https://cabforum.org/members/ 

In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and greater than 50% of the votes cast by
members in the browser category must be in favor. Also, at least seven
members must participate in the ballot, either by voting in favor, voting
against, or abstaining. 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140905/f6274ce1/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: EV V1_5_1-redlined-for-ballot-131.pdf
Type: application/pdf
Size: 696770 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20140905/f6274ce1/attachment-0001.pdf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4998 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20140905/f6274ce1/attachment-0001.bin 


More information about the Public mailing list