[cabfpub] Ballot 174 - Reform of Requirements Relating to Conflicts with Local Law
ben.wilson at digicert.com
Tue Aug 23 18:13:13 UTC 2016
DigiCert votes “yes”
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Monday, August 15, 2016 3:03 AM
To: CABFPub <public at cabforum.org>
Subject: [cabfpub] Ballot 174 - Reform of Requirements Relating to Conflicts with Local Law
Ballot 174 - Reform of Requirements Relating to Conflicts with Local Law
The following motion has been proposed by Gervase Markham of Mozilla and endorsed by Kirk Hall of Entrust and Moudrick Dadashov of SSC:
Statement of Intent: The purpose of this change is to reform section 9.16.3 of the BRs, titled "Severability", which deals with what a CA must do when it encounters a conflict between the requirements of a jurisdiction under which it operates and the requirements of the BRs. At the moment, this clause is triggered only by a court determination rather than by the CA encountering a conflict, which makes it unlikely to ever be triggered, and it requires notification to the CAB Forum but not documentation of the outcome. The current clause is:
If a court or government body with jurisdiction over the activities covered by these Requirements determines that the performance of any mandatory requirement is illegal, then such requirement is considered reformed to the minimum extent necessary to make the requirement valid and legal. This applies only to operations or certificate issuances that are subject to the laws of that jurisdiction. The parties involved SHALL notify the CA / Browser Forum of the facts, circumstances, and law(s) involved, so that the CA/Browser Forum may revise these Requirements accordingly.
Delete section 9.16.3 from the Baseline Requirements in its entirety and replace it with the following:
In the event of a conflict between these Requirements and a law, regulation or government order (hereinafter 'Law') of any jurisdiction in which a CA operates or issues certificates, a CA MAY modify any conflicting requirement to the minimum extent necessary to make the requirement valid and legal in the jurisdiction. This applies only to operations or certificate issuances that are subject to that Law. In such event, the CA SHALL immediately (and prior to issuing a certificate under the modified requirement) include in Section 9.16.3 of the CA’s CPS a detailed reference to the Law requiring a modification of these Requirements under this section, and the specific modification to these Requirements implemented by the CA.
The CA MUST also (prior to issuing a certificate under the modified requirements) notify the CA/Browser Forum of the relevant information newly added to its CPS by sending a message to questions at cabforum.org <mailto:questions at cabforum.org> and receiving confirmation that it has been posted to the Public Mailing List and is indexed in the Public Mail Archives available at https://cabforum.org/pipermail/public/ (or such other email addresses and links as the Forum may designate), so that the CA/Browser Forum may consider possible revisions to these Requirements accordingly.
Any modification to CA practice enabled under this section MUST be discontinued if and when the Law no longer applies, or these Requirements are modified to make it possible to comply with both them and the Law simultaneously. An appropriate change in practice, modification to the CA’s CPS and a notice to the CA/Browser Forum, as outlined above, MUST be made within 90 days.
CAs are required to make this change to their processes by a date 90 days from the date this ballot passes.
The review period for this ballot shall commence immediately and close at 2200 UTC on Monday 22nd August. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on Monday 29th August. Votes must be cast by posting an on-list reply to this thread.
A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: https://cabforum.org/members/
In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is currently ten (10) members – at least ten members must participate in the ballot, either by voting in favor, voting against, or abstaining.
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4974 bytes
Desc: not available
More information about the Public