[cabfpub] [Corrected] Voting has started on Ballot 180 - ends January 7

Kirk Hall Kirk.Hall at entrustdatacard.com
Mon Jan 2 11:29:35 MST 2017


The voting period for Ballot 180 has started, and will continue until January 7, 2017 at 22:00 UTC.  The ballot is shown below.  Voting will occur on the Public list.




Ballot 180 - Readopting the BRs, EVGL, EV Code Signing, and NCSSR Guidelines with Amendments



The following motion has been proposed by Kirk Hall of Entrust and endorsed by Peter Bowen of Amazon and Virginia Fournier of Apple as a Final Guideline:



-- MOTION BEGINS -



In accordance with the Bylaws and Intellectual Property Rights (IPR) Policy of the CA/Browser Forum (the "Forum"), the following Guidelines:



*       Baseline Requirements Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates (BRs)

*       Guidelines for the Issuance and Management of Extended Validation Certificates (EVGL)

*       Guidelines for the Issuance and Management of Extended Validation Code Signing Certificates, and

*       Network and Certificate System Security Requirements,



all as previously approved by all ballots up to and including Ballot 175, are hereby readopted by this Ballot, with the following amendments.



1.  BR 3.2.2.4 is amended to read in its entirety as follows:

3.2.2.4 Validation of Domain Authorization or Control

This section defines the permitted processes and procedures for validating the Applicant's ownership or control of the domain.

The CA SHALL confirm that, as of the date the Certificate issues, either the CA or a Delegated Third Party has validated each Fully-Qualified Domain Name (FQDN) listed in the Certificate by using any method of confirmation, provided that the CA maintains documented evidence that the method of confirmation establishes that the Applicant is the Domain Name Registrant or has control over the Fully Qualified Domain Name (FQDN).

Completed confirmations of Applicant authority may be valid for the issuance of multiple certificates over time. In all cases, the confirmation must have been initiated within the time period specified in the relevant requirement (such as Section 3.3.1 of this document) prior to certificate issuance. For purposes of domain validation, the term Applicant includes the Applicant's Parent Company, Subsidiary Company, or Affiliate.



2.  EVGL 11.7 is amended to read in its entirety as follows:


11.7.1. Verification Requirements

(1) For each Fully-Qualified Domain Name listed in a Certificate, other than a Domain Name with .onion in the rightmost label of the Domain Name, the CA SHALL confirm that, as of the date the Certificate was issued, the Applicant (or the Applicant's Parent Company, Subsidiary Company, or Affiliate, collectively referred to as "Applicant" for the purposes of this section) either is the Domain Name Registrant or has control over the FQDN using a procedure specified in Section 3.2.2.4 of the Baseline Requirements. For a Certificate issued to a Domain Name with .onion in the right-most label of the Domain Name, the CA SHALL confirm, as of the date the Certificate was issued, the Applicant's control over the .onion Domain Name in accordance with Appendix F.

(2) Mixed Character Set Domain Names: EV Certificates MAY include Domain Names containing mixed character sets only in compliance with the rules set forth by the domain registrar. The CA MUST visually compare any Domain Names with mixed character sets with known high risk domains. If a similarity is found, then the EV Certificate Request MUST be flagged as High Risk. The CA must perform reasonably appropriate additional authentication and verification to be certain beyond reasonable doubt that the Applicant and the target in question are the same organization.



The proposer and endorsers of this Ballot may withdraw this Ballot at any time prior to completion of the final vote for approval, in which case the Ballot will not proceed further.



-- MOTION ENDS -



The procedure for this Maintenance Guideline ballot is as follows (exact start and end times may be adjusted to comply with applicable Bylaws and IPR Agreement):



BALLOT 180

Status: Final Guideline


Start time (22:00 UTC)


End time (22:00 UTC)


Discussion (7 days)


Oct. 25, 2016


Nov. 1, 2016


Review Period (Chair to send Review Notice) (60 days).

If Exclusion Notice(s) filed, PAG to be created and no further action until PAG recommendations received.

If no Exclusion Notice(s) filed, proceed to:


Nov. 1, 2016


Dec. 31, 2016


Vote for approval (7 days)


Dec. 31, 2016


Jan. 7, 2017




Votes must be cast by posting an on-list reply to this thread on the Public list.



A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: https://cabforum.org/members/


In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor.  Quorum is currently ten (10) members - at least ten members must participate in the ballot, either by voting in favor, voting against, or abstaining.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170102/da8ad8cb/attachment-0001.html>


More information about the Public mailing list