[cabf_validation] Error in EVG 11.6.2

Rich Smith richard.smith at comodo.com
Fri Oct 13 12:19:01 MST 2017


I agree that that’s the way it should be read, and I believe that’s the way it was previously written, BUT because the wording is not clear, an auditor or root program representative could take it the other way.  Some of those who might read it the other way may not be particularly subject to reason or common sense, so we should fix it.

 

From: Jeremy Rowley [mailto:jeremy.rowley at digicert.com] 
Sent: Friday, October 13, 2017 2:10 PM
To: Rich Smith <richard.smith at comodo.com>; CA/Browser Forum Validation WG List <validation at cabforum.org>
Subject: Re: [cabf_validation] Error in EVG 11.6.2

 

I read it as an or in each case. There's no "and" between 1-3.


On Oct 13, 2017, at 10:06 AM, Rich Smith via Validation <validation at cabforum.org <mailto:validation at cabforum.org> > wrote:

The text, as currently written requires either a bank letter or professional letter in ALL cases.  I know this was not the intent, and was not how this used to be written, so we apparently loused it up in an edit at some point.  Current text:

 


11.6.2. Acceptable Methods of Verification


To verify the Applicant’s ability to engage in business, the CA MUST verify the operational existence of the Applicant, or its Affiliate/Parent/Subsidiary Company, by:

(1) Verifying that the Applicant, Affiliate, Parent Company, or Subsidiary Company has been in existence for at least three years, as indicated by the records of an Incorporating Agency or Registration Agency;

(2) Verifying that the Applicant, Affiliate, Parent Company, or Subsidiary Company is listed in either a current QIIS or QTIS;

(3) Verifying that the Applicant, Affiliate, Parent Company, or Subsidiary Company has an active current Demand Deposit Account with a Regulated Financial Institution by receiving authenticated documentation of the Applicant’s, Affiliate’s, Parent Company’s, or Subsidiary Company’s Demand Deposit Account directly from a Regulated Financial Institution; or

(4) Relying on a Verified Professional Letter to the effect that the Applicant has an active current Demand Deposit Account with a Regulated Financial Institution.

 

You’ll notice that, as currently worded, 1 AND 2 PLUS 3 OR 4 is required.  We can fix either by adding ‘or’ to the ends of 1 and 2, OR removing ‘or’ at the end of 3 AND changing the opening sentence to:

“To verify the Applicant’s ability to engage in business, the CA MUST verify the operational existence of the Applicant, or its Affiliate/Parent/Subsidiary Company, by one of the following:”

I’d like to get a correction ballot out as quickly as possible.  Any preference as to method?  Can I get two endorsers for whichever method we decide on?

 

Thanks,

Rich Smith

Comodo CA

_______________________________________________
Validation mailing list
Validation at cabforum.org <mailto:Validation at cabforum.org> 
https://cabforum.org/mailman/listinfo/validation

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20171013/a9035892/attachment-0001.html>


More information about the Validation mailing list