CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot 56 – QGIS Contact Information

Ballot 56 – QGIS Contact Information

Ballot 56 – QGIS Contact Information (Passed Unanimously)

Motion

Ryan Koski made the following motion, and Moudrick Dadashov and Ben Wilson endorsed it:

Motion begins

Based on the current EV Guidelines, in order to verify the legal existence and identity of the Applicant in the cases of Private Organizations (10.2.2.(1)) and Business Entities (10.2.2.(3)), the contact information for the QGIS (or QTIS in the case of Business Entities) must be verified via a QIIS. In certain jurisdictions, locating a correct and authoritative answer from a QIIS is proving difficult. This proposal permits the QGIS to be contacted based on information provided directly by the QGIS (such as via the QGIS’s own web site). Note that using contact information obtained directly from the QGIS is already permitted when verifying legal existence and identity of an Assumed Name (10.3.2).

It is difficult to see how contact information for a QGIS that is provided by a QIIS would be considered more authoritative than contact information found directly on the QGIS’s own web site.

Effective immediately,

Erratum begins

In Section 10.2.2 (1), delete:

“(1) Private Organization Subjects: All items listed in Section 10.2.1(1) MUST be verified directly with, or obtained directly from, the Incorporating or Registration Agency in the Applicant’s Jurisdiction of Incorporation or Registration. Such verification MAY be through use of a Qualified Government Information Source operated by, or on behalf of, the Incorporating or Registration Agency, or by direct contact with the Incorporating or Registration Agency in person or via mail, e-mail, Web address, or telephone, using an address or phone number obtained from a Qualified Independent Information Source.”

Insert:

“(1) Private Organization Subjects: All items listed in Section 10.2.1(1) MUST be verified directly with, or obtained directly from, the Incorporating or Registration Agency in the Applicant’s Jurisdiction of Incorporation or Registration. Such verification MAY be through use of a Qualified Government Information Source operated by, or on behalf of, the Incorporating or Registration Agency, or by direct contact with the Incorporating or Registration Agency in person or via mail, e-mail, Web address, or telephone, using an address or phone number obtained directly from the Qualified Government Information Source, Incorporating or Registration Agency, or from a Qualified Independent Information Source.”

In Section 10.2.2 (3), delete:

“(3) Business Entity Subjects: All items listed in Section 10.2.1(3) above, MUST be verified directly with, or obtained directly from, the Registration Agency in the Applicant’s Jurisdiction of Registration. Such verification MAY be performed by means of a Qualified Government Information Source, a Qualified Governmental Tax Information Source, or by direct contact with the Registration Agency in person or via mail, e-mail, Web address, or telephone, using an address or phone number obtained from a Qualified Independent Information Source. In addition, the CA MUST validate a Principal Individual associated with the Business Entity pursuant to the requirements in subsection (4), below.”

Insert:

“(3) Business Entity Subjects: All items listed in Section 10.2.1(3) above, MUST be verified directly with, or obtained directly from, the Registration Agency in the Applicant’s Jurisdiction of Registration. Such verification MAY be performed by means of a Qualified Government Information Source, a Qualified Governmental Tax Information Source, or by direct contact with the Registration Agency in person or via mail, e-mail, Web address, or telephone, using an address or phone number obtained directly from the Qualified Government Information Source, Qualified Governmental Tax Information Source or Registration Agency, or from a Qualified Independent Information Source. In addition, the CA MUST validate a Principal Individual associated with the Business Entity pursuant to the requirements in subsection (4), below.”

Erratum ends

The ballot review period comes into effect at 2100 UTC on 7 Feb ’11 and will close at 2100 UTC on 14 Feb ’11. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2100 UTC on 21 Feb ’11.

Votes must be cast by “reply all” to this email.

A vote in favour of the motion must indicate a clear ‘yes’ in the response. A vote against must indicate a clear ‘no’ in the response. A vote to abstain must indicate a clear ‘abstain’ in the response. Unclear responses will not be counted.

The latest vote received from any representative of a voting member before the close of the voting period will be counted.

Motion ends

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).