[cabf_validation] Minutes for January 26th

Doug Beattie doug.beattie at globalsign.com
Thu Feb 9 07:04:44 MST 2017 

Jeremy,

Someone on our vetting team provided me this info.  Is this something others have encountered?

We have a specific problem with Notaries in Belarus (can you imagine?) that relates to a wider problem: There's this line in the EV Guidelines that require that a notary is a "member of the International Union of Latin Notaries, and is licensed to practice in the country of the Applicant's Jurisdiction of Incorporation or Registration or any jurisdiction where the Applicant maintains an office or physical facility". (See 11.11.1)

Long story short: being a member of the IULN means you are a Latin Notary. Not being a member doesn't mean you're not a Latin Notary. Latin Notary should be defined by what you can do: "authenticate the execution of a signature on a document" and are responsible "for the correctness and content of the document.", not by membership of IULN, which is sufficient but not required. IULN is just an organization that brings together governing bodies. At the moment, this means we can't accept letters from proper Latin Notaries (individuals) that aren't members of the IULN (which is silly and goes against the reasons for the rules in the first place). Proposed change in wording below.

Can the wording be updated as follows:

11.11.1. Verified Legal Opinion
(1) Verification Requirements: Before relying on a legal opinion submitted to the CA, the CA MUST verify that such legal opinion meets the following requirements:
(A) Status of Author: The CA MUST verify that the legal opinion is authored by an independent legal practitioner retained by and representing the Applicant (or an in-house legal practitioner employed by the Applicant) (Legal
Practitioner) who is either:
(i) A lawyer (or solicitor, barrister, advocate, or equivalent) licensed to practice law in the country of the Applicant's Jurisdiction of Incorporation or Registration or any jurisdiction where the Applicant maintains an
office or physical facility, or
(ii) A notary that is licensed to practice in the country of the Applicant's Jurisdiction of Incorporation or Registration or any jurisdiction where the Applicant maintains an office or physical facility (and that such jurisdiction recognizes the role of the Latin Notary);

Then, for the definition of Latin Notary:

Latin Notary: A person with legal training whose commission under applicable law not only includes authority to authenticate the execution of a signature on a document but also responsibility for the correctness and content of the document. A Latin Notary is sometimes referred to as a Civil Law Notary. A Notary that is licenced by a licencing body that is a member of the International Union of Latin Notaries is a Latin Notary.

This would mean we can accept letters of attestation from proper Latin Notaries that aren't a member of the IULN without being going against EV guidelines the letter (but following the spirit)

What do you think?


From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Jeremy Rowley via Validation
Sent: Wednesday, February 8, 2017 7:55 PM
To: CA/Browser Forum Validation WG List <validation at cabforum.org>
Cc: Jeremy Rowley <jeremy.rowley at digicert.com>
Subject: [cabf_validation] Minutes for January 26th


1)      Section 7.1.4.2.2 - Bruce sent out a proposal that changes the text for required/optional. Jurisdictional state information is already optional so the change only points to the place of business. The working group will move forward with Bruce's ballot to address place of business. We won't deal with jurisdiction as it's already covered.

2)      CNAME - Delayed until the DNS validation ballot moves forward.

3)      Verification Databases - The goal is to standardize the validation process for OV. However, what is driving this change? So far there isn't a driving factor to further standardize over the existing guidelines. Right now we don't have a list of verification databases for EV so this doesn't need to be done for OV. This adds complexity on how the CAB Forum approves and maintains databases.

4)      Well-known registration - Ben followed up with Mark. We think this is complete. Wayne had a couple of issues with the language:

a.      Implication in language that there has to be more than the random value or request token. Confusion is introduced by "Required website content". This is a comma error. This should be a random value OR a request token with information specified by the CA. You want to prevent people from trolling around looking for request tokens. The easy fix is to change the definition to random value or request token with information that identifies the subscriber.

b.      Request Value is listed. Should be Random Value.

c.      There are a couple of sections that refer to 3.3.1 of BRs dealing with data reuse. Should point to a different section.

These are all minor errors. We should add them to a ballot to clean this up. We should add this to the ballot that re-adds the two methods dropped that didn't have exclusion notices. We shouldn't add this to the reuse ballot. Wayne will reach out to Gerv to see if he will include these in the same ballot.

5)      IP Validation - Jeremy still needs to do an update.

6)      SRV/Other Name/822Name - Peter and Jeremy will sync up to work on it. We will create a procedure for otherNames.

7)      ANS.1 Ballot - Completed. Just waiting for ballots to resume


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170209/58ce2a93/attachment.html>

More information about the Validation mailing list