[cabfpub] Ballot 131 - Update to Verified Method of Communication
Moudrick M. Dadashov
md at ssc.lt
Thu Sep 4 20:15:19 UTC 2014
Would you mind to post a consolidated update so that we all reply to
that single email?
Thanks,
M.D.
On 9/4/2014 11:10 PM, Ben Wilson wrote:
>
> An additional change is needed to section 11.9.2, as I understand it.
> My previous email referred to a change to 11.9.2(2), but a
> modification really needs to be made in section 11.9.2 (1) as well to
> replace "phone number, as verified in accordance with these
> Guidelines." Replacing that language in section 11.9.2(1), it would
> read,
>
> (1) A phone call to _Contacting_ the Applicant's or Agent's phone
> number, as verified in accordance with these Guidelines _using a
> Verified Method of Communication for the Applicant_, _for the
> attention of_ asking to speak to the Certificate Requester or Contract
> Signer, as applicable, followed by a response from someone who
> identifies themselves as such person confirming that he/she did sign
> the applicable document on behalf of the Applicant
>
> So that section 11.9.2(1) be amended to read, "Contacting the
> Applicant using a Verified Method of Communication for the Applicant,
> for the attention of the Certificate Requester or Contract Signer, as
> applicable, followed by a response from someone who identifies
> themselves as such person confirming that he/she did sign the
> applicable document on behalf of the Applicant."
>
> *From:*public-bounces at cabforum.org
> [mailto:public-bounces at cabforum.org] *On Behalf Of *Ben Wilson
> *Sent:* Thursday, September 4, 2014 11:50 AM
> *To:* 'public at cabforum.org'
> *Subject:* Re: [cabfpub] Ballot 131 - Update to Verified Method of
> Communication
>
> All,
>
> Mads Henriksveen of Buypass has identified a mistake in the language
> of Ballot 131. Apparently the drafters only intended to replace
> references to telephone number/mailing address in sections 11.8.2,
> 11.9.2 and 11.10.2 (and not those entire sections). The believe that
> everyone who voted in favor thus far had that same understanding about
> this ballot, so they have asked me to update the ballot based on this
> correction and to republish the redlined version.
>
> I'd like everyone to re-vote on Ballot 131 with the following three
> changes in mind, and I'll hold Ballot 131 open for an additional few
> days.
>
> Sections 9, 10, and 11 should have read:
>
> 9. REPLACE newly renumbered subsection 11.8.2(2)(A) with " (A)
> Contacting the Applicant using a Verified Method of Communication for
> the Applicant, and obtaining confirmation that the Contract Signer
> and/or the Certificate Approver, as applicable, is an employee; or"
>
> 10. REPLACE newly renumbered subsection 11.9.2(1) with "A letter
> mailed to the Applicant's or Agent's address, as verified through
> independent means in accordance with these Guidelines, for the
> attention of the Certificate Requester or Contract Signer, as
> applicable, followed by a response through a Verified Method of
> Communication from someone who identifies themselves as such person
> confirming that he/she did sign the applicable document on behalf of
> the Applicant"
>
> 11. REPLACE newly renumbered subsection 11.10.2 (1) with "Contacting
> the Certificate Approver using a Verified Method of Communication for
> the Applicant and obtaining oral or written confirmation that the
> Certificate Approver has reviewed and approved the EV Certificate
> Request;"
>
> The previous redlined version also didn't include changes under
> paragraph 6 of the ballot for section 11.11.4(1)(A)(i). See the
> attached redlined version which should have all of those changes
> marked as intended, along with the punctuation consistency for
> sections 11.8.2, 11.9.2, and 11.10.2, as recommended by Wayne.
>
> Thanks,
>
> Ben
>
> *From:*public-bounces at cabforum.org
> <mailto:public-bounces at cabforum.org>
> [mailto:public-bounces at cabforum.org] *On Behalf Of *Jeremy Rowley
> *Sent:* Friday, August 22, 2014 10:51 AM
> *To:* 'public at cabforum.org'
> *Subject:* [cabfpub] Ballot 131 - Update to Verified Method of
> Communication
>
> Hi everyone,
>
> The following is a revised ballot for verifying a method of
> communication from the EV working group. The changes in this ballot
> incorporate the comments provide during the face-to-face and on the
> mailing list.
>
> Jeremy
>
> ------------------
>
> Ballot 131 - Update to Verified Method of Communication
>
> The EV Guidelines Working Group has revisited Section 11.4 of the EV
> Guidelines (Applicant's Physical Existence) and has decided that it is
> best to split it into two separate sections. Section 11.4.1 would
> remain as is for "Address of Applicant's Place of Business." Section
> 11.4.2 would be moved to its own section--a new 11.5, and all
> subsequent section numbers in 11 would be renumbered accordingly. The
> new Section 11.5 will focus on a verified means for communicating with
> the organization to be named as the subject in the certificate (to
> verify the authority of EV roles and ensure that it was appropriately
> aware of the certificate request).
>
> Cecilia Kam of Symantec made the following motion, and Rich Smith from
> Comodo and Jeremy Rowley from DigiCert have endorsed it.
>
> Motion Begins
>
> In the Guidelines for the Issuance and Management of Extended
> Validation Certificates:
>
> 1. DELETE Section 11.4.2 (Telephone Number for Applicant's Place of
> Business)
>
> 2. INSERT a new definition - "Verified Method of Communication" - in
> Section 4 as follows:
>
> Verified Method of Communication: The use of a telephone number, a fax
> number, an email address, or a postal delivery address, confirmed by
> the CA in accordance with Section 11.5 of the Guidelines as a reliable
> way of communicating with the Applicant.
>
> 3. In Section 11.11.1, renumber the existing subsection (3) as
> subsection (4) and INSERT a new subsection (3) as follows:
>
> "(3) Verify a reliable means of communication with the entity to be
> named as the Subject in the Certificate;"
>
> 4. RENUMBER sections 11.5 through 11.13 by increasing them each by .1
> and UPDATE all cross-references in the EV Guidelines.
>
> 5. INSERT a new Section 11.5 titled, "Verified Method of
> Communication" as follows:
>
> 11.5 Verified Method of Communication
>
> 11.5.1 Verification Requirements
>
> To assist in communicating with the Applicant and confirming that the
> Applicant is aware of and approves issuance, the CA MUST verify a
> telephone number, fax number, email address, or postal delivery
> address as a Verified Method of Communication with the Applicant.
>
> 11.5.2 Acceptable Methods of Verification
>
> To verify a Verified Method of Communication with the Applicant, the
> CA MUST:
>
> (A) Verify that the Verified Method of Communication belongs to the
> Applicant, or a Parent/Subsidiary or Affiliate of the Applicant, by
> matching it with one of the Applicant's Parent/Subsidiary or
> Affiliate's Places of Business in: (i) records provided by the
> applicable phone company; (ii) a QGIS, QTIS, or QIIS; or (iii) a
> Verified Legal Opinion or Verified Accountant Letter; and
>
> (B) Confirm the Verified Method of Communication by using it to obtain
> an affirmative response sufficient to enable a reasonable person to
> conclude that the Applicant, or a Parent/Subsidiary or Affiliate of
> Applicant, can be contacted reliably by using the Verified Method of
> Communication.
>
> 6. Amend newly renumbered subsection 11.11.4(1)(A)(i) as follows: "A
> position within the Applicant's organization that qualifies as a
> Confirming Person (e.g., Secretary, President, CEO, CFO, COO, CIO,
> CSO, Director, etc.) and is identified by name and title in a current
> QGIS, QIIS, QTIS, Verified Legal Opinion, Verified Accountant Letter,
> or by contacting the Applicant's using a Verified Method of
> Communication; or"
>
> 7. REPLACE newly renumbered subsection 11.14.1(1) (D) with "(D)
> Verified Method of Communication -- thirteen months "
>
> 8. REPLACE newly renumbered subsection 11.14.3(1)(C) with "The
> Verified Method of Communication required by Section 11.4.2 but still
> MUST perform the verification required by Section 11.4.2(2)(B);"
>
> 9. REPLACE newly renumbered subsection 11.8.2(2)(A) with "The Verified
> Method of Communication"
>
> 10. REPLACE newly renumbered subsection 11.9.2(1) with "The Verified
> Method of Communication"
>
> 11. REPLACE newly renumbered subsection 11.10.2 (1) with "The Verified
> Method of Communication"
>
> Motion Ends
>
> The review period for this ballot shall commence at 2200 UTC on
> Friday, 22 August 2014, and will close at 2200 UTC on Friday, 29
> August 2014. Unless the motion is withdrawn during the review period,
> the voting period will start immediately thereafter and will close at
> 2200 UTC on Friday, 5 September 2014. Votes must be cast by posting an
> on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the
> response. A vote against must indicate a clear 'no' in the response. A
> vote to abstain must indicate a clear 'abstain' in the response.
> Unclear responses will not be counted. The latest vote received from
> any representative of a voting member before the close of the voting
> period will be counted. Voting members are listed here:
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and greater than 50% of the votes
> cast by members in the browser category must be in favor. Also, at
> least seven members must participate in the ballot, either by voting
> in favor, voting against, or abstaining.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140904/edd2ebef/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3663 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140904/edd2ebef/attachment-0001.p7s>
More information about the Public
mailing list