[cabfpub] Notice of Review Period for Ballot 201 - .Onion Revisions

Kirk Hall Kirk.Hall at entrustdatacard.com
Thu Jun 8 23:34:34 UTC 2017


This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's Intellectual Property Rights Policy (v1.2).  This Review Period is for Final Maintenance Guidelines (30 day Review Period).  A complete draft of the Draft Guideline that is the subject of this Review Notice is attached.

Date Review Notice Sent:        June 8, 2017

Ballot for Review:                    Ballot 201 - .Onion Revisions

Start of Review Period:           June 8, 2017 at 23:45 UTC

End of Review Period:             July 8, 2017 at 23:45 UTC

Please forward any Exclusion Notice relating to Essential Claims to the Chair by email to kirk.hall at entrustdatacard.com<mailto:kirk.hall at entrustdatacard.com> before the end of the Review Period.  See current version of CA/Browser Forum Intellectual Property Rights Policy for details.

(Optional form of Exclusion Notice is attached)

Ballot 201 - .Onion Revisions


Part 1:

The CA/Browser Forum, recognizing that Ballot 198 did not include a redline version against the current Final Maintenance Guidelines, thereby constitutes an invalid Ballot. As a consequence, the Forum agrees that the changes shall not be made to the appropriate Final Maintenance Guideline, and as such, no IPR Review Notice is in force for Ballot 198:

Part 2:

Revise Appendix F, Section 1, to read as follows:

Appendix F - Issuance of Certificates for .onion Domain Names

A CA may issue an EV Certificate with .onion in the right-most label of the Domain Name provided that issuance complies with the requirements set forth in this Appendix:

1. CAB Forum Tor Service Descriptor Hash extension (

The CA MUST include the CAB Forum Tor Service Descriptor Hash in the TBSCertificate to convey hashes of keys related to .onion addresses. The CA MUST include the Tor Service Descriptor Hash extension using the following format:

cabf-TorServiceDescriptorHash OBJECT IDENTIFIER ::= { }

SEQUENCE ( 1..MAX ) of TorServiceDescriptorHash

TorServiceDescriptorHash:: = SEQUENCE {
onionURI UTF8String

algorithm AlgorithmIdentifier

subjectPublicKeyHash BIT STRING


Where the AlgorithmIdentifier is a hashing algorithm (defined in RFC 6234) performed over the DER-encoding of an ASN.1 SubjectPublicKey of the .onion service and SubjectPublicKeyHash is the hash output.

--Motion Ends--

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170608/78a3ab81/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ballot 201 Review Notice and Exclusion Notice (8 June 2017).pdf
Type: application/pdf
Size: 486665 bytes
Desc: Ballot 201 Review Notice and Exclusion Notice (8 June 2017).pdf
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170608/78a3ab81/attachment-0002.pdf>

More information about the Public mailing list