[cabfpub] Ballot 180 – Readopting the BRs, EVGL, EV Code Signing, and NCSSR Guidelines with Amendments
Kirk.Hall at entrustdatacard.com
Tue Oct 25 16:21:20 MST 2016
Per your request
From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Tuesday, October 25, 2016 2:06 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>
Cc: public at cabforum.org
Subject: Re: [cabfpub] Ballot 180 – Readopting the BRs, EVGL, EV Code Signing, and NCSSR Guidelines with Amendments
Per our past F2F conversation - https://cabforum.org/2016/05/25/2016-05/ - would you mind preparing redline versions of the documents changed?
I'm specifically referencing this part of the conversation, from Ben Wilson:
"Ben: As we’ve said in the past, we should prepare a redlined version to accompany each ballot,"
On Tue, Oct 25, 2016 at 1:38 PM, Kirk Hall via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:
This is the start of the 7 day discussion period for this Ballot. The Review Period under our IPR Policy will start on Nov. 1, and run for 60 days. I will send out a formal Review Notice with Draft Guidelines on Nov. 1 with a template form of Exclusion Notice that Members may use.
Ballot 180 – Readopting the BRs, EVGL, EV Code Signing, and NCSSR Guidelines with Amendments
The following motion has been proposed by Kirk Hall of Entrust and endorsed by Peter Bowen of Amazon and Virginia Fournier of Apple as a Final Guideline:
-- MOTION BEGINS –
In accordance with the Bylaws and Intellectual Property Rights (IPR) Policy of the CA/Browser Forum (the “Forum”), the following Guidelines:
• Baseline Requirements Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates (BRs)
• Guidelines for the Issuance and Management of Extended Validation Certificates (EVGL)
• Guidelines for the Issuance and Management of Extended Validation Code Signing Certificates, and
• Network and Certificate System Security Requirements,
all as previously approved by all ballots up to and including Ballot 175, are hereby readopted by this Ballot, with the following amendments.
1. BR 184.108.40.206 is amended to read in its entirety as follows:
220.127.116.11 Validation of Domain Authorization or Control
This section defines the permitted processes and procedures for validating the Applicant's ownership or control of the domain.
The CA SHALL confirm that, as of the date the Certificate issues, either the CA or a Delegated Third Party has validated each Fully-Qualified Domain Name (FQDN) listed in the Certificate by using any method of confirmation, provided that the CA maintains documented evidence that the method of confirmation establishes that the Applicant is the Domain Name Registrant or has control over the Fully Qualified Domain Name (FQDN).
Completed confirmations of Applicant authority may be valid for the issuance of multiple certificates over time. In all cases, the confirmation must have been initiated within the time period specified in the relevant requirement (such as Section 3.3.1 of this document) prior to certificate issuance. For purposes of domain validation, the term Applicant includes the Applicant's Parent Company, Subsidiary Company, or Affiliate.
2. EVGL 11.7 is amended to read in its entirety as follows:
11.7.1. Verification Requirements
(1) For each Fully-Qualified Domain Name listed in a Certificate, other than a Domain Name with .onion in the rightmost label of the Domain Name, the CA SHALL confirm that, as of the date the Certificate was issued, the Applicant (or the Applicant’s Parent Company, Subsidiary Company, or Affiliate, collectively referred to as “Applicant” for the purposes of this section) either is the Domain Name Registrant or has control over the FQDN using a procedure specified in Section 18.104.22.168 of the Baseline Requirements. For a Certificate issued to a Domain Name with .onion in the right-most label of the Domain Name, the CA SHALL confirm, as of the date the Certificate was issued, the Applicant’s control over the .onion Domain Name in accordance with Appendix F.
(2) Mixed Character Set Domain Names: EV Certificates MAY include Domain Names containing mixed character sets only in compliance with the rules set forth by the domain registrar. The CA MUST visually compare any Domain Names with mixed character sets with known high risk domains. If a similarity is found, then the EV Certificate Request MUST be flagged as High Risk. The CA must perform reasonably appropriate additional authentication and verification to be certain beyond reasonable doubt that the Applicant and the target in question are the same organization.
The proposer and endorsers of this Ballot may withdraw this Ballot at any time prior to completion of the final vote for approval, in which case the Ballot will not proceed further.
-- MOTION ENDS –
The procedure for this Maintenance Guideline ballot is as follows (exact start and end times may be adjusted to comply with applicable Bylaws and IPR Agreement):
Status: Final Guideline
Start time (22:00 UTC)
End time (22:00 UTC)
Discussion (7 days)
Oct. 25, 2016
Nov. 1, 2016
Review Period (Chair to send Review Notice) (60 days).
If Exclusion Notice(s) filed, PAG to be created and no further action until PAG recommendations received.
If no Exclusion Notice(s) filed, proceed to:
Nov. 1, 2016
Dec. 31, 2016
Vote for approval (7 days)
Dec. 31, 2016
Jan. 7, 2017
Votes must be cast by posting an on-list reply to this thread on the Public list.
A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: https://cabforum.org/members/
In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is currently ten (10) members – at least ten members must participate in the ballot, either by voting in favor, voting against, or abstaining.
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ballot 180 (showing changes from Guidelines as of 10-25-2016).pdf
Size: 401255 bytes
Desc: Ballot 180 (showing changes from Guidelines as of 10-25-2016).pdf
More information about the Public