CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot 122 – Verified Method of Communication (failed)

Ballot 122 – Verified Method of Communication (failed)

Ballot 122 – Verified Method of Communication

Voting on Ballot 122 closed.

We received “yes” votes from Actalis, Buypass, Comodo, DigiCert, GlobalSign, GoDaddy, Izenpe, Logius PKIoverheid, QuoVadis, SECOM, Symantec, Trend Micro, Trustis, TURKTRUST, Visa, and WoSign

OpenTrust and SSC abstained.

Mozilla and Microsoft voted “no.”

Therefore, Ballot 122 did not pass.

The EV Guidelines Working Group has completed its review of Section 11.4.2 of the EV Guidelines (Telephone Number for Applicant’s Place of Business). The purpose of the review was to “develop a more international process for verifying contact information,” especially to transition away from a landline-centric focus. The purpose of Section 11.4.2 has been to ensure a means for communicating with an organization (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request) and to provide additional evidence of an organization’s existence. This is maintained by the proposed replacement language.

Cecilia Kam of Symantec made the following motion, and Rich Smith from Comodo and Jeremy Rowley from DigiCert have endorsed it.

Motion Begins

  1. Create a new definition for a “Verified Method of Communication” in the EV Guidelines:

” Verified Method of Communication: The use of a public telecommunication routing number (ITU-T E.164-compliant fixed, mobile, fax, or SMS), an email address, or a postal delivery address, confirmed by the CA in accordance with Section 11.4.2 of the Guidelines as a reliable way of communicating with the Applicant.”

  1. DELETE Section 11.4.2 (Telephone Number for Applicant’s Place of Business) and INSERT the following:

“11.4.2 Verified Method of Communication

(1) Verification Requirements: To assist in communicating with the Applicant and confirming that the Applicant is aware of and approves issuance, the CA MUST establish at least one Verified Method of Communication with the Applicant.

(2) Acceptable Methods of Verification: To verify a Verified Method of Communication with the Applicant, the CA MUST:

(A) Verify that the number or address belongs to the Applicant, or a Parent or Affiliate of the Applicant, by matching it with one of the Applicant’s Places of Business in: (i) records provided by the applicable phone company; (ii) a QGIS, QTIS, or QIIS; or (iii) a Verified Legal Opinion or Verified Accountant Letter; and

(B) Confirm the Verified Method of Communication by using it to obtain an affirmative response sufficient to enable a reasonable person to conclude that the Applicant, or a Parent or Affiliate of Applicant, can be contacted reliably by using the Verified Method of Communication.

  1. In subsection 11.13.1(1)(D), REPLACE “Telephone number for Place of Business” with “Verified Method of Communication.”

  2. REPLACE subsection 11.13.3(1)(C) with “The Verified Method of Communication required by Section 11.4.2, but still MUST perform the verification required by Section 11.4.2(2)(B);”

Motion Ends

The review period for this ballot shall commence at 2200 UTC on Tuesday, 15 April 2014, and will close at 2200 UTC on Tuesday, 22 April 2014. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on Tuesday, 29 April 2014. Votes must be cast by posting an on-list reply to this thread.

A vote in favor of the motion must indicate a clear ‘yes’ in the response. A vote against must indicate a clear ‘no’ in the response. A vote to abstain must indicate a clear ‘abstain’ in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here:

In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Also, at least six members must participate in the ballot, either by voting in favor, voting against, or abstaining.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).