[cabfpub] Ballot 161 - Notification of incorrect issuance

Sigbjørn Vik sigbjorn at opera.com
Fri Jan 29 08:31:42 UTC 2016

Ballot 161 - Notification of incorrect issuance

Based on extensive discussions in the forum, Sigbjørn Vik from Opera
proposes the following ballot, endorsed by Ryan Sleevi from Google and
Gervase Markham from Mozilla.


The following text is added as a sub-section to section 2.2 of the
Baseline Requirements:

2.2.1 Notification of incorrect issuance

In the event that a CA issues a certificate in violation of these
requirements, the CA SHALL publicly disclose a report within one week of
becoming aware of the violation. A link to the report SHALL
simultaneously be sent to incidents at cabforum.org.

Effective 01-Jul-16, the CA SHALL in its Certificate Policy and/or
Certification Practice Statement announce where such reports will be
found. The location SHALL be as accessible as the CP/CPS.

The report SHALL publicize details about what the error was, what caused
the error, time of issuance and discovery, and public certificates for
all issuer certificates in the trust chain.

The report SHALL publicize the full public certificate, with the
following exception: For certificates issued prior to 01-Mar-16 the
report MAY truncate Subject Distinguished Name fields and subjectAltName
extension values to the registerable domain name.

The report SHALL be made available to the CAs Qualified Auditor for the
next Audit Report.


The review period for this ballot shall commence at 2300 UTC on 29
January 2016, and will close at 2300 UTC on 5 February 2016. Unless the
motion is withdrawn during the review period, the voting period will
start immediately thereafter and will close at 2300 UTC on 12 February
2016. Votes must be cast by posting an on-list reply to this thread.

A vote in favor of the motion must indicate a clear 'yes' in the
response. A vote against must indicate a clear 'no' in the response. A
vote to abstain must indicate a clear 'abstain' in the response. Unclear
responses will not be counted. The latest vote received from any
representative of a voting member before the close of the voting period
will be counted. Voting members are listed here:

In order for the motion to be adopted, two thirds or more of the votes
cast by members in the CA category and greater than 50% of the votes
cast by members in the browser category must be in favor. Quorum is
currently nine (9) members– at least nine members must participate in
the ballot, either by voting in favor, voting against, or abstaining.

Sigbjørn Vik
Opera Software

More information about the Public mailing list