[cabfpub] Ballot 151

Enric Castillo enric.castillo at anf.es
Thu Sep 24 03:44:37 UTC 2015


ANF AC abstains.

ANF Autoridad de Certificación

*Enric Castillo*
Director Técnico
+34 626818285
Gran Via de Les Corts Catalanes 996, Barcelona
+593 0 996483798
12 de Octubre y Cordero, World Trade Center, Torre A, 1102, Quito
ANF Autoridad de Certificación
www.anf.es <https://www.anf.es>

*Aviso*

Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial y/o datos de carácter personal, 
cuya difusión está regulada por la Ley Orgánica de Protección de Datos y 
la Ley de Servicios de la Sociedad de la Información. Si usted no es el 
destinatario indicado (o el responsable de la entrega al mismo), no debe 
copiar o entregar este mensaje a terceros bajo ningún concepto. Si ha 
recibido este mensaje por error o lo ha conseguido por otros medios, le 
rogamos que nos lo comunique inmediatamente por esta misma vía y proceda 
a su eliminación irreversible. Las opiniones, conclusiones y demás 
informaciones incluidas en este mensaje que no estén relacionadas con 
asuntos profesionales de ANF Autoridad de Certificación no están 
respaldadas por la empresa.

El 14/09/2015 a las 14:11, Dean Coclin escribió:
>
> Due to the confusion as to the voting period on ballot 150, it failed 
> for lack of quorum. We are therefore submitting this as a new ballot. 
> The discussion period begins today followed by voting per the schedule 
> below.  We believe we have captured all the comments but if you have 
> others, please feel free to remark.
>
> **
>
> *Ballot 151- Revised Addition of Optional OIDs for Indicating Level of 
> Validation*
>
>  The following motion has been proposed by Dean Coclin of Symantec and 
> endorsed by Jeremy Rowley of Digicert and Kirk Hall of Trend Micro.
>
> -- MOTION BEGINS –
>
> 1)Modify section 1.2 of Baseline Requirements as follows:
>
> *1.2 Document Name and Identification*
>
> This certificate policy (CP) contains the requirements for the 
> issuance and management of publicly‐trusted SSL certificates, as 
> adopted by the CA/Browser Forum.
>
> The following Certificate Policy identifiers are reserved for use by 
> CAs as an optional means of asserting compliance with this CP (OID arc 
> 2.23.140.1.2) as follows:
>
> {joint‐iso‐itu‐t(2) international‐organizations(23) 
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐ 
> requirements(2) domain‐validated(1)} (2.23.140.1.2.1);
>
> {joint‐iso‐itu‐t(2) international‐organizations(23) 
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐ 
> requirements(2) organization-validated(2)} (2.23.140.1.2.2) and
>
> _{joint‐iso‐itu‐t(2) international‐organizations(23) 
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐ 
> requirements(2) individual-validated(3)} (2.23.140.1.2.3)._
>
> 2)Modify section 7.1.6.1 of the Baseline Requirements as follows:
>
> **
>
> *7.1.6.1. Reserved Certificate Policy Identifiers *
>
> This section describes the content requirements for the Root CA, 
> Subordinate CA, and Subscriber Certificates, as they relate to the 
> identification of Certificate Policy.
>
> The following Certificate Policy identifiers are reserved for use by 
> CAs as an optional means of asserting compliance with these 
> Requirements as follows:
>
> {joint‐iso‐itu‐t(2) international‐organizations(23) 
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐requirements(2) 
> domain‐validated(1)} (2.23.140.1.2.1), if the Certificate complies 
> with these Requirements but lacks Subject Identity Information that is 
> verified in accordance with either Section 3.2.2.1 _or Section 3.2.3_.
>
> If the Certificate asserts the policy identifier of 2.23.140.1.2.1, 
> then it MUST NOT include organizationName, givenName, surname, 
> streetAddress, localityName, stateOrProvinceName, or postalCode in the 
> Subject field.
>
> {joint‐iso‐itu‐t(2) international‐organizations(23) 
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐requirements(2) 
> organization-validated(2)} (2.23.140.1.2.2), if the Certificate 
> complies with these Requirements and includes Subject Identity 
> Information that is verified in accordance with Section 3.2.2.1.
>
> _{joint‐iso‐itu‐t(2) international‐organizations(23) 
> ca‐browser‐forum(140) certificate‐policies(1) baseline‐requirements(2) 
> individual-validated(3)} (2.23.140.1.2.3), if the Certificate complies 
> with these Requirements and includes Subject Identity Information that 
> is verified in accordance with Section 3.2.3._
>
> __
>
> If the Certificate asserts the policy identifier of 2.23.140.1.2.2, 
> then it MUST also include organizationName, localityName _(to the 
> extent such field is required under Section 7.1.4.2.2)_, 
> stateOrProvinceName _(to the extent such field is required under 
> Section 7.1.4.2.2_), and countryName in the Subject field. _If the 
> Certificate asserts the policy identifier of 2.23.140.1.2.3, then it 
> MUST also include (i) either organizationName or givenName and 
> surname, (ii) localityName (to the extent such field is required under 
> Section 7.1.4.2.2), (iii) stateOrProvinceName (to the extent required 
> under Section 7.1.4.2.2), and (iv) countryName in the Subject field._
>
> 3)Modify the definition of “EV OID” in the EV Guidelines as follows:
>
> *EV OID*: An identifying number, in the form of an “object 
> identifier,” that is included in the certificatePolicies field of a 
> certificate that: (i) indicates which CA policy statement relates to 
> that certificate, and (ii) _is either the CA/Browser Forum EV policy 
> identifier or a  policy identifier that_, by pre-agreement with one or 
> more Application Software Supplier, marks the certificate as being an 
> EV Certificate.
>
> 4)Modify Section 9.3.2 of the EV Guidelines as follows:
>
> Each EV Certificate issued by the CA to a Subscriber MUST contain a 
> policy identifier _that is either_ defined by _these Guidelines or 
> _the CA in the certificate’s certificatePolicies extension that: (i) 
> indicates which CA policy statement relates to that Certificate, (ii) 
> asserts the CA’s adherence to and compliance with these Guidelines, 
> and (iii), _is either the CA/Browser Forum’s EV policy identifier or a 
> policy identifier that, _by pre-agreement with the Application 
> Software Supplier, marks the Certificate as being an EV Certificate.
>
> _The following Certificate Policy identifier is the CA/Browser Forum’s 
> EV policy identifier: _
>
> _{joint‐iso‐itu‐t(2) international‐organizations(23) 
> ca‐browser‐forum(140) certificate‐policies(1) ev-guidelines (1) } 
> (2.23.140.1.1), if the Certificate complies with these Guidelines._
>
> If the ballot passes, the custodian of the Forum OIDs will be 
> instructed to obtain the new OID for IV as indicated above.
>
> -- MOTION ENDS –
>
> The review period for this ballot shall commence at 2200 UTC on 
> Monday, September 14, 2015, and will close at 2200 UTC on Monday, 
> September 21, 2015. Unless the motion is withdrawn during the review 
> period, the voting period will start immediately thereafter and will 
> close at 2200 UTC on Monday, September 28, 2015. Votes must be cast by 
> posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting member before the close of the voting 
> period will be counted. Voting members are listed here: 
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> currently nine (9) members– at least nine members must participate in 
> the ballot, either by voting in favor, voting against, or abstaining.
>
> Dean Coclin
>
> Chair CA/B Forum
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150923/422e530f/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-anf.png
Type: image/png
Size: 4746 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150923/422e530f/attachment-0003.png>


More information about the Public mailing list