[cabfpub] Ballot 166: Membership requirement update

Tim Hollebeek THollebeek at trustwave.com
Mon Mar 21 19:59:18 UTC 2016

I'll note that this also clarifies that a Certificate Authority can't simply point to its own test certificates as evidence that it actively issue certificates.

Someone asserted in Scottsdale that would be ok, an assertion I personally found rather odd and counter to the spirit of the requirement.


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Dean Coclin
Sent: Monday, March 21, 2016 3:53 PM
Subject: [cabfpub] Ballot 166: Membership requirement update

Ballot 166: Clarification of Membership Requirements

The following motion has been proposed by Dean Coclin of Symantec and endorsed by Gerv Markham of Mozilla and Kirk Hall of Trend Micro:

Section 2.1 (a)(1) says that Issuing CAs "actively issue certificates to Web servers..."

Section 2.1(b) of the bylaws lists the items needed in a membership application by CAs.
But that section does not ask the CA applicant to provide a 3rd party website where the CA/B Forum can validate that they are actively issuing certs to web servers.  We do however ask the applicant this question, after they have submitted their application. It would be helpful to have this in the bylaws so we don't have to go back and ask every time.


In CA/B Forum Bylaws, add under 2.1(b):

(7) The URL of at least one third party website that includes a certificate issued by the Applicant in the certificate chain.


The review period for this ballot shall commence at 2200 UTC on 21 March 2016, and will close at 2200 UTC on 28 March 2016. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on 4 April 2016. Votes must be cast by posting an on-list reply to this thread.

A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: https://cabforum.org/members/<http://scanmail.trustwave.com/?c=4062&d=ydHw1rcxSbfv2714LpjlIj_XiazcgzKj_FDtT3GqIg&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmembers%2f>


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160321/1087bcd4/attachment-0003.html>

More information about the Public mailing list