[Servercert-wg] VOTING BEGINS: Ballot SC30v2: Disclosure of Registration / Incorporating Agency
Wojciech Trapczyński
wtrapczynski at certum.pl
Fri Jul 10 01:51:23 MST 2020
Certum votes YES on SC30v2
On 06.07.2020 16:20, Ryan Sleevi via Servercert-wg wrote:
> This begins the voting period for Ballot SC30v2: Disclosure of
> Registration / Incorporating Agency
>
> *Purpose of Ballot:
> *
> The EV Guidelines aim to ensure a consistent and repeatable level of
> validation for certificates, regardless of the CA performing the
> validation, providing Relying Parties consistency for all certificates
> complying with these Guidelines. Although the Guidelines attempt to
> specify objective requirements, areas remain that rely on a subjective
> determination by the CA. One such area is determining whether a given
> Incorporating Agency or Registration Agency fulfills these Requirements.
>
> As currently specified, it's possible for one CA to make a
> determination that a given Registration Agency or Incorporating Agency
> does meet the requirements of the EV Guidelines, while a different CA
> determines that same Agency does not. As the reliability of the
> information validated within the Certificate is tied to the
> reliability of the data source used to verify this information, this
> inconsistency undermines the assurance that EV Certificates are meant
> to provide.
>
> While there is utility in being able to identify precisely what
> datasource(s) were used with a given Certificate, this ballot does not
> involve such work. It merely seeks to ensure that, for any given
> Organization, it can be validated consistently and to the same degree,
> regardless of the CA, by working to achieve consistency among all CAs
> in their selection of data sources.
>
> Much like the work to remove “Any other method” from the validation of
> domain names, ensuring consistency, transparency, and objectivity in
> validating domain names, this ballot is the first step to doing the
> same for organization information.
>
> A potential roadmap of ballots to to address these issues involves:
>
> * CAs publish the list of Registration Agencies / Incorporating
> Agencies they use (this ballot)
> * Create an allowed list of Registration Agencies / Incorporating
> Agencies and associated values, along with a process for updating
> and adding new ones, and requiring issuance exclusively use
> Agencies on this list.
> * If useful and relevant to Relying Parties, ensure each Certificate
> can be tied back to their Registration Agency / Incorporating
> Agency, such as disclosure within the Certificate itself, so they
> can unambiguously and uniquely determine the organization that has
> been validated.
>
>
> A similar process may then be repeated for other forms of verification
> data sources, such as the QIIS, QTIS, and QGIS within the EV
> Guidelines, or the Reliable Data Sources within the Baseline Requirements.
>
> This was originally drafted in
> https://github.com/sleevi/cabforum-docs/pull/11
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsleevi%2Fcabforum-docs%2Fpull%2F11&data=02%7C01%7Cwojciech.trapczynski%40assecods.pl%7Cde36848bbc4140720cf708d821b7de1d%7C598be90934974762a128e8e82e732db1%7C0%7C0%7C637296420878054969&sdata=WQ0pofTLuft1GbKVlomK7OgQ%2F5D%2BoIbdLEGBJeoIcdM%3D&reserved=0> ,
> and as a pull request is available at
> https://github.com/cabforum/documents/pull/194
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fpull%2F194&data=02%7C01%7Cwojciech.trapczynski%40assecods.pl%7Cde36848bbc4140720cf708d821b7de1d%7C598be90934974762a128e8e82e732db1%7C0%7C0%7C637296420878054969&sdata=dsEZ9ZTtn9GZmg0PKqBwi34GXI3U2cJ2p3NJz2lBCI8%3D&reserved=0>
>
> The difference between v1 of this ballot and v2 has been to modify the
> language to be clearer for those where English is not the
> first/primary language. The redline between v1 and v2 is available at
> https://github.com/cabforum/documents/pull/194/commits/4e8f16f16bf7ec92d9509976e843099091e4b5b7
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fpull%2F194%2Fcommits%2F4e8f16f16bf7ec92d9509976e843099091e4b5b7&data=02%7C01%7Cwojciech.trapczynski%40assecods.pl%7Cde36848bbc4140720cf708d821b7de1d%7C598be90934974762a128e8e82e732db1%7C0%7C0%7C637296420878064961&sdata=pWBuPaYo1hlV7T0x5cJSG1LB1Xgb1qEFltHJtA4sAio%3D&reserved=0>
>
> The following motion has been proposed by Ryan Sleevi of Google and
> endorsed by Ben Wilson of Mozilla and Dimitris Zacharopoulos of HARICA.
>
> *— MOTION BEGINS —*
>
> This ballot modifies the “Guidelines for the Issuance and Management
> of Extended Validation Certificates” (“EV Guidelines”) as follows,
> based on version 1.7.2:
>
> ADD a paragraph to Section 9.2.4 of the EV Guidelines as defined in
> the following redline:
> https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09..4e8f16f16bf7ec92d9509976e843099091e4b5b7
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fcompare%2Fd5067bbbfb46906c65e476ef3d55dd3b2c505a09..4e8f16f16bf7ec92d9509976e843099091e4b5b7&data=02%7C01%7Cwojciech.trapczynski%40assecods.pl%7Cde36848bbc4140720cf708d821b7de1d%7C598be90934974762a128e8e82e732db1%7C0%7C0%7C637296420878064961&sdata=3H0ZET1z5edXntP0rS%2FKvvop1Hr9MCdHAtmJVPv5wY4%3D&reserved=0>
>
> ADD a paragraph to Section 9.2.5 of the EV Guidelines as defined in
> the following redline:
> https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09..4e8f16f16bf7ec92d9509976e843099091e4b5b7
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fcompare%2Fd5067bbbfb46906c65e476ef3d55dd3b2c505a09..4e8f16f16bf7ec92d9509976e843099091e4b5b7&data=02%7C01%7Cwojciech.trapczynski%40assecods.pl%7Cde36848bbc4140720cf708d821b7de1d%7C598be90934974762a128e8e82e732db1%7C0%7C0%7C637296420878074958&sdata=gXvybH7aZA9hgnSH%2FDwz16gq%2FbKqvK4o2fBDLdpfyKg%3D&reserved=0>
>
> ADD a Section 11.1.3 to the EV Guidelines as defined in the following
> redline:
> https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09..4e8f16f16bf7ec92d9509976e843099091e4b5b7
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fcompare%2Fd5067bbbfb46906c65e476ef3d55dd3b2c505a09..4e8f16f16bf7ec92d9509976e843099091e4b5b7&data=02%7C01%7Cwojciech.trapczynski%40assecods.pl%7Cde36848bbc4140720cf708d821b7de1d%7C598be90934974762a128e8e82e732db1%7C0%7C0%7C637296420878074958&sdata=gXvybH7aZA9hgnSH%2FDwz16gq%2FbKqvK4o2fBDLdpfyKg%3D&reserved=0>
>
> The Chair or Vice-Chair is permitted to update the Relevant Dates of
> the EV Guidelines as appropriate, such as in the following redline:
> https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09..4e8f16f16bf7ec92d9509976e843099091e4b5b7
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fcompare%2Fd5067bbbfb46906c65e476ef3d55dd3b2c505a09..4e8f16f16bf7ec92d9509976e843099091e4b5b7&data=02%7C01%7Cwojciech.trapczynski%40assecods.pl%7Cde36848bbc4140720cf708d821b7de1d%7C598be90934974762a128e8e82e732db1%7C0%7C0%7C637296420878084950&sdata=6KJ8ESSx%2BGFcwVuliSJA3u5OjuHf%2FaVzVFgA7%2FCMiEs%3D&reserved=0>
>
> *— MOTION ENDS —*
>
> This ballot proposes a Final Maintenance Guideline.
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7+ days)
> Start Time: 26-June 2020 19:00 UTC
> End Time: after 4-July 2020 00:00 UTC
>
> Vote for approval (7 days)
> Start Time: 6-July 2020 14:20 UTC
> End Time: 13-July 2020 20:00 UTC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200710/300a4294/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3765 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200710/300a4294/attachment-0001.p7s>
More information about the Servercert-wg
mailing list