[cabfpub] Ballot 161 - Notification of incorrect issuance

Rick Andrews Rick_Andrews at symantec.com
Mon Feb 8 18:24:22 UTC 2016


Symantec votes NO on Ballot 161 for the reasons provided during the comment
period.

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Sigbjørn Vik
Sent: Friday, January 29, 2016 2:32 AM
To: public at cabforum.org
Subject: [cabfpub] Ballot 161 - Notification of incorrect issuance

Ballot 161 - Notification of incorrect issuance

Based on extensive discussions in the forum, Sigbjørn Vik from Opera
proposes the following ballot, endorsed by Ryan Sleevi from Google and
Gervase Markham from Mozilla.

-- MOTION BEGINS --

The following text is added as a sub-section to section 2.2 of the Baseline
Requirements:

2.2.1 Notification of incorrect issuance

In the event that a CA issues a certificate in violation of these
requirements, the CA SHALL publicly disclose a report within one week of
becoming aware of the violation. A link to the report SHALL simultaneously
be sent to incidents at cabforum.org.

Effective 01-Jul-16, the CA SHALL in its Certificate Policy and/or
Certification Practice Statement announce where such reports will be found.
The location SHALL be as accessible as the CP/CPS.

The report SHALL publicize details about what the error was, what caused the
error, time of issuance and discovery, and public certificates for all
issuer certificates in the trust chain.

The report SHALL publicize the full public certificate, with the following
exception: For certificates issued prior to 01-Mar-16 the report MAY
truncate Subject Distinguished Name fields and subjectAltName extension
values to the registerable domain name.

The report SHALL be made available to the CAs Qualified Auditor for the next
Audit Report.

-- MOTION ENDS --

The review period for this ballot shall commence at 2300 UTC on 29 January
2016, and will close at 2300 UTC on 5 February 2016. Unless the motion is
withdrawn during the review period, the voting period will start immediately
thereafter and will close at 2300 UTC on 12 February 2016. Votes must be
cast by posting an on-list reply to this thread.

A vote in favor of the motion must indicate a clear 'yes' in the response. A
vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted. Voting members
are listed here:
http://scanmail.trustwave.com/?c=4062&d=iqOr1sTeCQWL_yk_oiQDsKAi9Ef9zT4-ZXWR
H8etcQ&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmembers%2f

In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and greater than 50% of the votes cast by
members in the browser category must be in favor. Quorum is currently nine
(9) members– at least nine members must participate in the ballot, either by
voting in favor, voting against, or abstaining.

--
Sigbjørn Vik
Opera Software
_______________________________________________
Public mailing list
Public at cabforum.org
http://scanmail.trustwave.com/?c=4062&d=i6Or1uOCgbPYWa-HlvVxWjR8SGmyKPjoIzO6
bb9XYw&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpublic

________________________________

This transmission may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is strictly prohibited. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format.
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5749 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160208/bc03e03b/attachment-0001.p7s>


More information about the Public mailing list