[cabfpub] Ballot 131 - Update to Verified Method of Communication
Rémi Pifaut
remi.pifaut at opentrust.com
Fri Sep 5 17:00:13 UTC 2014
OpenTrust votes Yes.
Kind regards.
Remi.
De : public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] De
la part de Ben Wilson
Envoyé : jeudi 4 septembre 2014 19:50
À : 'public at cabforum.org'
Objet : Re: [cabfpub] Ballot 131 - Update to Verified Method of
Communication
All,
Mads Henriksveen of Buypass has identified a mistake in the language of
Ballot 131. Apparently the drafters only intended to replace references
to telephone number/mailing address in sections 11.8.2, 11.9.2 and 11.10.2
(and not those entire sections). The believe that everyone who voted in
favor thus far had that same understanding about this ballot, so they have
asked me to update the ballot based on this correction and to republish
the redlined version.
Id like everyone to re-vote on Ballot 131 with the following three
changes in mind, and Ill hold Ballot 131 open for an additional few days.
Sections 9, 10, and 11 should have read:
9. REPLACE newly renumbered subsection 11.8.2(2)(A) with " (A) Contacting
the Applicant using a Verified Method of Communication for the Applicant,
and obtaining confirmation that the Contract Signer and/or the Certificate
Approver, as applicable, is an employee; or
10. REPLACE newly renumbered subsection 11.9.2(1) with "A letter mailed to
the Applicants or Agents address, as verified through independent means
in accordance with these Guidelines, for the attention of the Certificate
Requester or Contract Signer, as applicable, followed by a response
through a Verified Method of Communication from someone who identifies
themselves as such person confirming that he/she did sign the applicable
document on behalf of the Applicant
11. REPLACE newly renumbered subsection 11.10.2 (1) with "Contacting the
Certificate Approver using a Verified Method of Communication for the
Applicant and obtaining oral or written confirmation that the Certificate
Approver has reviewed and approved the EV Certificate Request;
The previous redlined version also didnt include changes under paragraph
6 of the ballot for section 11.11.4(1)(A)(i). See the attached redlined
version which should have all of those changes marked as intended, along
with the punctuation consistency for sections 11.8.2, 11.9.2, and 11.10.2,
as recommended by Wayne.
Thanks,
Ben
From: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>
[mailto:public-bounces at cabforum.org] On Behalf Of Jeremy Rowley
Sent: Friday, August 22, 2014 10:51 AM
To: 'public at cabforum.org'
Subject: [cabfpub] Ballot 131 - Update to Verified Method of Communication
Hi everyone,
The following is a revised ballot for verifying a method of communication
from the EV working group. The changes in this ballot incorporate the
comments provide during the face-to-face and on the mailing list.
Jeremy
------------------
Ballot 131 - Update to Verified Method of Communication
The EV Guidelines Working Group has revisited Section 11.4 of the EV
Guidelines (Applicants Physical Existence) and has decided that it is
best to split it into two separate sections. Section 11.4.1 would remain
as is for "Address of Applicants Place of Business." Section 11.4.2
would be moved to its own section--a new 11.5, and all subsequent section
numbers in 11 would be renumbered accordingly. The new Section 11.5 will
focus on a verified means for communicating with the organization to be
named as the subject in the certificate (to verify the authority of EV
roles and ensure that it was appropriately aware of the certificate
request).
Cecilia Kam of Symantec made the following motion, and Rich Smith from
Comodo and Jeremy Rowley from DigiCert have endorsed it.
Motion Begins
In the Guidelines for the Issuance and Management of Extended Validation
Certificates:
1. DELETE Section 11.4.2 (Telephone Number for Applicant's Place of
Business)
2. INSERT a new definition - "Verified Method of Communication" - in
Section 4 as follows:
Verified Method of Communication: The use of a telephone number, a fax
number, an email address, or a postal delivery address, confirmed by the
CA in accordance with Section 11.5 of the Guidelines as a reliable way of
communicating with the Applicant.
3. In Section 11.11.1, renumber the existing subsection (3) as subsection
(4) and INSERT a new subsection (3) as follows:
"(3) Verify a reliable means of communication with the entity to be named
as the Subject in the Certificate;"
4. RENUMBER sections 11.5 through 11.13 by increasing them each by .1 and
UPDATE all cross-references in the EV Guidelines.
5. INSERT a new Section 11.5 titled, "Verified Method of Communication"
as follows:
11.5 Verified Method of Communication
11.5.1 Verification Requirements
To assist in communicating with the Applicant and confirming that the
Applicant is aware of and approves issuance, the CA MUST verify a
telephone number, fax number, email address, or postal delivery address as
a Verified Method of Communication with the Applicant.
11.5.2 Acceptable Methods of Verification
To verify a Verified Method of Communication with the Applicant, the CA
MUST:
(A) Verify that the Verified Method of Communication belongs to the
Applicant, or a Parent/Subsidiary or Affiliate of the Applicant, by
matching it with one of the Applicants Parent/Subsidiary or Affiliates
Places of Business in: (i) records provided by the applicable phone
company; (ii) a QGIS, QTIS, or QIIS; or (iii) a Verified Legal Opinion or
Verified Accountant Letter; and
(B) Confirm the Verified Method of Communication by using it to obtain an
affirmative response sufficient to enable a reasonable person to conclude
that the Applicant, or a Parent/Subsidiary or Affiliate of Applicant, can
be contacted reliably by using the Verified Method of Communication.
6. Amend newly renumbered subsection 11.11.4(1)(A)(i) as follows: "A
position within the Applicants organization that qualifies as a
Confirming Person (e.g., Secretary, President, CEO, CFO, COO, CIO, CSO,
Director, etc.) and is identified by name and title in a current QGIS,
QIIS, QTIS, Verified Legal Opinion, Verified Accountant Letter, or by
contacting the Applicants using a Verified Method of Communication; or"
7. REPLACE newly renumbered subsection 11.14.1(1) (D) with "(D) Verified
Method of Communication thirteen months "
8. REPLACE newly renumbered subsection 11.14.3(1)(C) with "The Verified
Method of Communication required by Section 11.4.2 but still MUST perform
the verification required by Section 11.4.2(2)(B);"
9. REPLACE newly renumbered subsection 11.8.2(2)(A) with "The Verified
Method of Communication"
10. REPLACE newly renumbered subsection 11.9.2(1) with "The Verified
Method of Communication"
11. REPLACE newly renumbered subsection 11.10.2 (1) with "The Verified
Method of Communication"
Motion Ends
The review period for this ballot shall commence at 2200 UTC on Friday, 22
August 2014, and will close at 2200 UTC on Friday, 29 August 2014. Unless
the motion is withdrawn during the review period, the voting period will
start immediately thereafter and will close at 2200 UTC on Friday, 5
September 2014. Votes must be cast by posting an on-list reply to this
thread.
A vote in favor of the motion must indicate a clear 'yes' in the response.
A vote against must indicate a clear 'no' in the response. A vote to
abstain must indicate a clear 'abstain' in the response. Unclear responses
will not be counted. The latest vote received from any representative of a
voting member before the close of the voting period will be counted.
Voting members are listed here: https://cabforum.org/members/
In order for the motion to be adopted, two thirds or more of the votes
cast by members in the CA category and greater than 50% of the votes cast
by members in the browser category must be in favor. Also, at least seven
members must participate in the ballot, either by voting in favor, voting
against, or abstaining.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140905/918800cb/attachment-0003.html>
More information about the Public
mailing list