[cabfpub] Notice of Review Period - Ballot 194 - Effective Date of Ballot 193 Provisions

Kirk Hall Kirk.Hall at entrustdatacard.com
Sun Apr 16 16:00:03 MST 2017


NOTICE OF REVIEW PERIOD - BALLOT 194

This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.2).  This Review Period is for Final Maintenance Guidelines (30 day Review Period).  A complete draft of the Draft Guideline that is the subject of this Review Notice is attached.

Date Review Notice Sent:        April 16, 2017

Ballot for Review:                    Ballot 194 - Effective Date of Ballot 193 Provisions

Start of Review Period:           April 16, 2017 at 23:00 UTC

End of Review Period:             May 16, 2017 at 23:00 UTC

Please forward any Exclusion Notice relating to Essential Claims to the Chair by email to kirk.hall at entrustdatacard.com<mailto:kirk.hall at entrustdatacard.com> before the end of the Review Period.  See current version of CA/Browser Forum Intellectual Property Rights Policy for details.

(Optional form of Exclusion Notice is attached)

Ballot 194 - Effective Date of Ballot 193 Provisions
-- MOTION BEGINS --

Ballot Section 1

BR 4.2.1 is amended to read as follows:

[Ballot amendments shown against BR 4.2.1 as it currently exists without the changes adopted in Ballot 193]

BR 4.2.1. Performing Identification and Authentication Functions

The certificate request MAY include all factual information about the Applicant to be included in the Certificate, and such additional information as is necessary for the CA to obtain from the Applicant in order to comply with these Requirements and the CA’s Certificate Policy and/or Certification Practice Statement. In cases where the certificate request does not contain all the necessary information about the Applicant, the CA SHALL obtain the remaining information from the Applicant or, having obtained it from a reliable, independent, third‐party data source, confirm it with the Applicant. The CA SHALL establish and follow a documented procedure for verifying all data requested for inclusion in the Certificate by the Applicant.

Applicant information MUST include, but not be limited to, at least one Fully‐Qualified Domain Name or IP address to be included in the Certificate’s SubjectAltName extension.

Section 6.3.2 limits the validity period of Subscriber Certificates. The CA MAY use the documents and data provided in Section 3.2 to verify certificate information, provided that: the CA obtained the data or document from a source specified under Section 3.2 no more than thirty‐nine (39) months prior to issuing the Certificate.

(1) Prior to March 1, 2018, the CA obtained the data or document from a source specified under Section 3.2 no more than 39 months prior to issuing the Certificate; and

(2) On or after March 1, 2018, the CA obtained the data or document from a source specified under Section 3.2 no more than 825 days prior to issuing the Certificate.

The CA SHALL develop, maintain, and implement documented procedures that identify and require additional verification activity for High Risk Certificate Requests prior to the Certificate’s approval, as reasonably necessary to ensure that such requests are properly verified under these Requirements.

If a Delegated Third Party fulfills any of the CA’s obligations under this section, the CA SHALL verify that the process used by the Delegated Third Party to identify and further verify High Risk Certificate Requests provides at least the same level of assurance as the CA’s own processes.


[Ballot amendments shown against BR 4.2.1 as it existed after Ballot 193 was approved]

BR 4.2.1. Performing Identification and Authentication Functions

The certificate request MAY include all factual information about the Applicant to be included in the Certificate, and such additional information as is necessary for the CA to obtain from the Applicant in order to comply with these Requirements and the CA’s Certificate Policy and/or Certification Practice Statement. In cases where the certificate request does not contain all the necessary information about the Applicant, the CA SHALL obtain the remaining information from the Applicant or, having obtained it from a reliable, independent, third‐party data source, confirm it with the Applicant. The CA SHALL establish and follow a documented procedure for verifying all data requested for inclusion in the Certificate by the Applicant.

Applicant information MUST include, but not be limited to, at least one Fully‐Qualified Domain Name or IP address to be included in the Certificate’s SubjectAltName extension.

Section 6.3.2 limits the validity period of Subscriber Certificates. The CA MAY use the documents and data provided in Section 3.2 to verify certificate information, provided that: the CA obtained the data or document from a source specified under Section 3.2 no more than 825 days prior to issuing the Certificate.

(1) Prior to March 1, 2018, the CA obtained the data or document from a source specified under Section 3.2 no more than 39 months prior to issuing the Certificate; and

(2) On or after March 1, 2018, the CA obtained the data or document from a source specified under Section 3.2 no more than 825 days prior to issuing the Certificate.

The CA SHALL develop, maintain, and implement documented procedures that identify and require additional verification activity for High Risk Certificate Requests prior to the Certificate’s approval, as reasonably necessary to ensure that such requests are properly verified under these Requirements.

If a Delegated Third Party fulfills any of the CA’s obligations under this section, the CA SHALL verify that the process used by the Delegated Third Party to identify and further verify High Risk Certificate Requests provides at least the same level of assurance as the CA’s own processes.

Ballot Section 2

The provisions of Ballot Section 1 will be effective retroactive to the effective date of Ballot 193.

--Motion Ends--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170416/30876f31/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ballot 194 - Review Notice and Exclusion Notice Template (4-16-2017).pdf
Type: application/pdf
Size: 607931 bytes
Desc: Ballot 194 - Review Notice and Exclusion Notice Template (4-16-2017).pdf
URL: <http://cabforum.org/pipermail/public/attachments/20170416/30876f31/attachment-0001.pdf>


More information about the Public mailing list