[cabfpub] Ballot 151
Dimitris Zacharopoulos
jimmy at it.auth.gr
Wed Sep 23 09:36:29 UTC 2015
HARICA votes YES.
Dimitris Zacharopoulos.
On 14/9/2015 10:11 μμ, Dean Coclin wrote:
>
> Due to the confusion as to the voting period on ballot 150, it failed
> for lack of quorum. We are therefore submitting this as a new ballot.
> The discussion period begins today followed by voting per the schedule
> below. We believe we have captured all the comments but if you have
> others, please feel free to remark.
>
> **
>
> *Ballot 151- Revised Addition of Optional OIDs for Indicating Level of
> Validation*
>
> The following motion has been proposed by Dean Coclin of Symantec and
> endorsed by Jeremy Rowley of Digicert and Kirk Hall of Trend Micro.
>
> -- MOTION BEGINS –
>
> 1)Modify section 1.2 of Baseline Requirements as follows:
>
> *1.2 Document Name and Identification*
>
> This certificate policy (CP) contains the requirements for the
> issuance and management of publicly‐trusted SSL certificates, as
> adopted by the CA/Browser Forum.
>
> The following Certificate Policy identifiers are reserved for use by
> CAs as an optional means of asserting compliance with this CP (OID arc
> 2.23.140.1.2) as follows:
>
> {joint‐iso‐itu‐t(2) international‐organizations(23)
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐
> requirements(2) domain‐validated(1)} (2.23.140.1.2.1);
>
> {joint‐iso‐itu‐t(2) international‐organizations(23)
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐
> requirements(2) organization-validated(2)} (2.23.140.1.2.2) and
>
> _{joint‐iso‐itu‐t(2) international‐organizations(23)
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐
> requirements(2) individual-validated(3)} (2.23.140.1.2.3)._
>
> 2)Modify section 7.1.6.1 of the Baseline Requirements as follows:
>
> **
>
> *7.1.6.1. Reserved Certificate Policy Identifiers *
>
> This section describes the content requirements for the Root CA,
> Subordinate CA, and Subscriber Certificates, as they relate to the
> identification of Certificate Policy.
>
> The following Certificate Policy identifiers are reserved for use by
> CAs as an optional means of asserting compliance with these
> Requirements as follows:
>
> {joint‐iso‐itu‐t(2) international‐organizations(23)
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐requirements(2)
> domain‐validated(1)} (2.23.140.1.2.1), if the Certificate complies
> with these Requirements but lacks Subject Identity Information that is
> verified in accordance with either Section 3.2.2.1 _or Section 3.2.3_.
>
> If the Certificate asserts the policy identifier of 2.23.140.1.2.1,
> then it MUST NOT include organizationName, givenName, surname,
> streetAddress, localityName, stateOrProvinceName, or postalCode in the
> Subject field.
>
> {joint‐iso‐itu‐t(2) international‐organizations(23)
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐requirements(2)
> organization-validated(2)} (2.23.140.1.2.2), if the Certificate
> complies with these Requirements and includes Subject Identity
> Information that is verified in accordance with Section 3.2.2.1.
>
> _{joint‐iso‐itu‐t(2) international‐organizations(23)
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐requirements(2)
> individual-validated(3)} (2.23.140.1.2.3), if the Certificate complies
> with these Requirements and includes Subject Identity Information that
> is verified in accordance with Section 3.2.3._
>
> __
>
> If the Certificate asserts the policy identifier of 2.23.140.1.2.2,
> then it MUST also include organizationName, localityName _(to the
> extent such field is required under Section 7.1.4.2.2)_,
> stateOrProvinceName _(to the extent such field is required under
> Section 7.1.4.2.2_), and countryName in the Subject field. _If the
> Certificate asserts the policy identifier of 2.23.140.1.2.3, then it
> MUST also include (i) either organizationName or givenName and
> surname, (ii) localityName (to the extent such field is required under
> Section 7.1.4.2.2), (iii) stateOrProvinceName (to the extent required
> under Section 7.1.4.2.2), and (iv) countryName in the Subject field._
>
> 3)Modify the definition of “EV OID” in the EV Guidelines as follows:
>
> *EV OID*: An identifying number, in the form of an “object
> identifier,” that is included in the certificatePolicies field of a
> certificate that: (i) indicates which CA policy statement relates to
> that certificate, and (ii) _is either the CA/Browser Forum EV policy
> identifier or a policy identifier that_, by pre-agreement with one or
> more Application Software Supplier, marks the certificate as being an
> EV Certificate.
>
> 4)Modify Section 9.3.2 of the EV Guidelines as follows:
>
> Each EV Certificate issued by the CA to a Subscriber MUST contain a
> policy identifier _that is either_ defined by _these Guidelines or
> _the CA in the certificate’s certificatePolicies extension that: (i)
> indicates which CA policy statement relates to that Certificate, (ii)
> asserts the CA’s adherence to and compliance with these Guidelines,
> and (iii), _is either the CA/Browser Forum’s EV policy identifier or a
> policy identifier that, _by pre-agreement with the Application
> Software Supplier, marks the Certificate as being an EV Certificate.
>
> _The following Certificate Policy identifier is the CA/Browser Forum’s
> EV policy identifier: _
>
> _{joint‐iso‐itu‐t(2) international‐organizations(23)
> ca‐browser‐forum(140) certificate‐policies(1) ev-guidelines (1) }
> (2.23.140.1.1), if the Certificate complies with these Guidelines._
>
> If the ballot passes, the custodian of the Forum OIDs will be
> instructed to obtain the new OID for IV as indicated above.
>
> -- MOTION ENDS –
>
> The review period for this ballot shall commence at 2200 UTC on
> Monday, September 14, 2015, and will close at 2200 UTC on Monday,
> September 21, 2015. Unless the motion is withdrawn during the review
> period, the voting period will start immediately thereafter and will
> close at 2200 UTC on Monday, September 28, 2015. Votes must be cast by
> posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the
> response. A vote against must indicate a clear 'no' in the response. A
> vote to abstain must indicate a clear 'abstain' in the response.
> Unclear responses will not be counted. The latest vote received from
> any representative of a voting member before the close of the voting
> period will be counted. Voting members are listed here:
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and greater than 50% of the votes
> cast by members in the browser category must be in favor. Quorum is
> currently nine (9) members– at least nine members must participate in
> the ballot, either by voting in favor, voting against, or abstaining.
>
> Dean Coclin
>
> Chair CA/B Forum
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
--
/HARICA Public Key Infrastructure
*Dimitris Zacharopoulos*
PKI Manager
t : +30 2310 998483
f : +30 2310 999100
www.harica.gr /
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150923/7d7eaee6/attachment-0003.html>
More information about the Public
mailing list