CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot 56 – QGIS Contact Information

Ballot 56 – QGIS Contact Information

Ballot 56 – QGIS Contact Information (Passed Unanimously)

Motion

Ryan Koski made the following motion, and Moudrick Dadashov and Ben Wilson endorsed it:

Motion begins

Based on the current EV Guidelines, in order to verify the legal existence and identity of the Applicant in the cases of Private Organizations (10.2.2.(1)) and Business Entities (10.2.2.(3)), the contact information for the QGIS (or QTIS in the case of Business Entities) must be verified via a QIIS. In certain jurisdictions, locating a correct and authoritative answer from a QIIS is proving difficult. This proposal permits the QGIS to be contacted based on information provided directly by the QGIS (such as via the QGIS’s own web site). Note that using contact information obtained directly from the QGIS is already permitted when verifying legal existence and identity of an Assumed Name (10.3.2).

It is difficult to see how contact information for a QGIS that is provided by a QIIS would be considered more authoritative than contact information found directly on the QGIS’s own web site.

Effective immediately,

Erratum begins

In Section 10.2.2 (1), delete:

“(1) Private Organization Subjects: All items listed in Section 10.2.1(1) MUST be verified directly with, or obtained directly from, the Incorporating or Registration Agency in the Applicant’s Jurisdiction of Incorporation or Registration. Such verification MAY be through use of a Qualified Government Information Source operated by, or on behalf of, the Incorporating or Registration Agency, or by direct contact with the Incorporating or Registration Agency in person or via mail, e-mail, Web address, or telephone, using an address or phone number obtained from a Qualified Independent Information Source.”

Insert:

“(1) Private Organization Subjects: All items listed in Section 10.2.1(1) MUST be verified directly with, or obtained directly from, the Incorporating or Registration Agency in the Applicant’s Jurisdiction of Incorporation or Registration. Such verification MAY be through use of a Qualified Government Information Source operated by, or on behalf of, the Incorporating or Registration Agency, or by direct contact with the Incorporating or Registration Agency in person or via mail, e-mail, Web address, or telephone, using an address or phone number obtained directly from the Qualified Government Information Source, Incorporating or Registration Agency, or from a Qualified Independent Information Source.”

In Section 10.2.2 (3), delete:

“(3) Business Entity Subjects: All items listed in Section 10.2.1(3) above, MUST be verified directly with, or obtained directly from, the Registration Agency in the Applicant’s Jurisdiction of Registration. Such verification MAY be performed by means of a Qualified Government Information Source, a Qualified Governmental Tax Information Source, or by direct contact with the Registration Agency in person or via mail, e-mail, Web address, or telephone, using an address or phone number obtained from a Qualified Independent Information Source. In addition, the CA MUST validate a Principal Individual associated with the Business Entity pursuant to the requirements in subsection (4), below.”

Insert:

“(3) Business Entity Subjects: All items listed in Section 10.2.1(3) above, MUST be verified directly with, or obtained directly from, the Registration Agency in the Applicant’s Jurisdiction of Registration. Such verification MAY be performed by means of a Qualified Government Information Source, a Qualified Governmental Tax Information Source, or by direct contact with the Registration Agency in person or via mail, e-mail, Web address, or telephone, using an address or phone number obtained directly from the Qualified Government Information Source, Qualified Governmental Tax Information Source or Registration Agency, or from a Qualified Independent Information Source. In addition, the CA MUST validate a Principal Individual associated with the Business Entity pursuant to the requirements in subsection (4), below.”

Erratum ends

The ballot review period comes into effect at 2100 UTC on 7 Feb ’11 and will close at 2100 UTC on 14 Feb ’11. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2100 UTC on 21 Feb ’11.

Votes must be cast by “reply all” to this email.

A vote in favour of the motion must indicate a clear ‘yes’ in the response. A vote against must indicate a clear ‘no’ in the response. A vote to abstain must indicate a clear ‘abstain’ in the response. Unclear responses will not be counted.

The latest vote received from any representative of a voting member before the close of the voting period will be counted.

Motion ends

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).