CA/Browser Forum posts
Notice of IPR Review Period for Amendment to the EV Code Signing Guidelines by Ballot 117
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the EV Code Signing Guidelines by Ballot 117. Ballot 117 clarified what is allowed in the Common Name and Subject Alternative Name fields, as set forth in sections 9.2.2 and 9.2.3 of the EV Code Signing Guidelines.
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the EV Code Signing Guidelines by Ballot 117. Ballot 117 clarified what is allowed in the Common Name and Subject Alternative Name fields, as set forth in sections 9.2.2 and 9.2.3 of the EV Code Signing Guidelines.
Notice of IPR Review Period for Amendments Made to the EV Guidelines by Ballots 113, 114, 119, 120, and 124
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the EV Guidelines by Ballots 113, 114, 119, 120, and 124. Ballot 113 revised the definition of a Qualified Independent Information Source in Section 11.10.5 of the EV Guidelines. Ballot 114 revised the definition of Business Entity, Private Organization, and Incorporating Agency in the EV Guidelines.
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the EV Guidelines by Ballots 113, 114, 119, 120, and 124. Ballot 113 revised the definition of a Qualified Independent Information Source in Section 11.10.5 of the EV Guidelines. Ballot 114 revised the definition of Business Entity, Private Organization, and Incorporating Agency in the EV Guidelines.
Notice of IPR Review Period for Amendments to Baseline Requirements per Ballots 112 and 120
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the Baseline Requirements by Ballots 112 and 120. Ballot 112 replaced “Internal Server Name” with use of the term “Internal Name” in the Baseline Requirements Ballot 120 made certain changes to the Baseline Requirements concerning the ability of Affiliates to verify domain registration, ownership, or control on behalf of an Applicant.
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the Baseline Requirements by Ballots 112 and 120. Ballot 112 replaced “Internal Server Name” with use of the term “Internal Name” in the Baseline Requirements Ballot 120 made certain changes to the Baseline Requirements concerning the ability of Affiliates to verify domain registration, ownership, or control on behalf of an Applicant.
2014-06-26 Minutes
June 26, 2014 by Ben WilsonAntitrust Statement: Read by Ben. Roll Call: Atsushi Inaba, Ben Wilson, Stephen Davidson, Doug Beattie, Kirk Hall, Eddy Nigg, Mads Henriksveen, Sissel Hoel, Chris Casciano, Wayne Thayer, Gerv Markham, Rick Andrews, Dave Barnet, John Amaral, and Ryan Sleevi Application of OATI: We have reviewed OATI’s application. The OATI root certificate is trusted only in Internet Explorer. Kirk noted that they do not have a Baseline Requirements WebTrust audit. Gerv said that membership requirements are defined by our bylaws, which do not specifically require a WebTrust Baseline Requirements audit. Kirk said that the BRs are almost more important than a regular WebTrust audit now. Ben said that we’ve talked about creating a bugzilla tracking system and that issue could be put in there as a future task. Wayne said he has someone at GoDaddy helping to set up bugzilla. OATI’s application was approved.
June 26, 2014 by Ben WilsonAntitrust Statement: Read by Ben. Roll Call: Atsushi Inaba, Ben Wilson, Stephen Davidson, Doug Beattie, Kirk Hall, Eddy Nigg, Mads Henriksveen, Sissel Hoel, Chris Casciano, Wayne Thayer, Gerv Markham, Rick Andrews, Dave Barnet, John Amaral, and Ryan Sleevi Application of OATI: We have reviewed OATI’s application. The OATI root certificate is trusted only in Internet Explorer. Kirk noted that they do not have a Baseline Requirements WebTrust audit. Gerv said that membership requirements are defined by our bylaws, which do not specifically require a WebTrust Baseline Requirements audit. Kirk said that the BRs are almost more important than a regular WebTrust audit now. Ben said that we’ve talked about creating a bugzilla tracking system and that issue could be put in there as a future task. Wayne said he has someone at GoDaddy helping to set up bugzilla. OATI’s application was approved.
Minutes of the F2F 32 Meeting in Eilat, Israel, 16-18 June 2014
June 17, 2014 by Ben WilsonFace-to-Face Meeting 32 – EilatAntitrust Statement The antitrust statement was read.
June 17, 2014 by Ben WilsonFace-to-Face Meeting 32 – EilatAntitrust Statement The antitrust statement was read.
Ballot 124 – Business Entity Clarification (passed)
June 5, 2014 by Ben WilsonBallot 124 – Business Entity Clarification Voting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 124 passed. The EV Guidelines Working Group identified an erroneous cross-reference in the first sentence of Section 11.2.2(3) (Business Entity Subjects). Joanna Fox of GoDaddy made the following motion, and Cecilia Kam of Symantec and Ben Wilson from DigiCert have endorsed it.
June 5, 2014 by Ben WilsonBallot 124 – Business Entity Clarification Voting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 124 passed. The EV Guidelines Working Group identified an erroneous cross-reference in the first sentence of Section 11.2.2(3) (Business Entity Subjects). Joanna Fox of GoDaddy made the following motion, and Cecilia Kam of Symantec and Ben Wilson from DigiCert have endorsed it.
Ballot 120 – Affiliate Authority to Verify Domain (passed)
June 5, 2014 by Ben WilsonVoting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 120 passed. Kirk Hall of TrendMicro made the following motion and Jeremy Rowley of DigiCert and Cecilia Kam of Symantec have endorsed it: Ballot 120 – Affiliate Authority to Verify Domain Reasons for proposed ballot Ballot 72 in May 2012 reorganized the EV Guidelines by moving certain definitions and common provisions to the Baseline Requirements and replacing them with cross references to the Baseline Requirements. In July 2013, Ballot 104 was a similar replacement with a cross reference to avoid unnecessary duplication between the two sets of guidelines , but it inadvertently removed domain verification through a parent or subsidiary from EV Guidelines Sec. 11.6.2 (now renumbered as EVGL 11.6.1), which had listed it as part of the allowed verification process. Ballot 104 essentially deleted the separately listed EVGL 11.6.2 methods for verifying domain ownership, and instead inserted a cross-reference to the methods of verifying domain ownership in BR 11.1.1 (except for subsection (7) – “any other method of confirmation” – which was not deemed reliable enough for EV).
June 5, 2014 by Ben WilsonVoting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 120 passed. Kirk Hall of TrendMicro made the following motion and Jeremy Rowley of DigiCert and Cecilia Kam of Symantec have endorsed it: Ballot 120 – Affiliate Authority to Verify Domain Reasons for proposed ballot Ballot 72 in May 2012 reorganized the EV Guidelines by moving certain definitions and common provisions to the Baseline Requirements and replacing them with cross references to the Baseline Requirements. In July 2013, Ballot 104 was a similar replacement with a cross reference to avoid unnecessary duplication between the two sets of guidelines , but it inadvertently removed domain verification through a parent or subsidiary from EV Guidelines Sec. 11.6.2 (now renumbered as EVGL 11.6.1), which had listed it as part of the allowed verification process. Ballot 104 essentially deleted the separately listed EVGL 11.6.2 methods for verifying domain ownership, and instead inserted a cross-reference to the methods of verifying domain ownership in BR 11.1.1 (except for subsection (7) – “any other method of confirmation” – which was not deemed reliable enough for EV).
2014-05-29 Minutes
May 29, 2014 by Ben WilsonNotes of Teleconference – CABF – 29 May 2014 1. Antitrust Statement: Read by Ben.
May 29, 2014 by Ben WilsonNotes of Teleconference – CABF – 29 May 2014 1. Antitrust Statement: Read by Ben.
Ballot 122 – Verified Method of Communication (failed)
May 8, 2014 by Ben WilsonBallot 122 – Verified Method of Communication Voting on Ballot 122 closed. We received “yes” votes from Actalis, Buypass, Comodo, DigiCert, GlobalSign, GoDaddy, Izenpe, Logius PKIoverheid, QuoVadis, SECOM, Symantec, Trend Micro, Trustis, TURKTRUST, Visa, and WoSign OpenTrust and SSC abstained. Mozilla and Microsoft voted “no.” Therefore, Ballot 122 did not pass. The EV Guidelines Working Group has completed its review of Section 11.4.2 of the EV Guidelines (Telephone Number for Applicant’s Place of Business). The purpose of the review was to “develop a more international process for verifying contact information,” especially to transition away from a landline-centric focus. The purpose of Section 11.4.2 has been to ensure a means for communicating with an organization (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request) and to provide additional evidence of an organization’s existence. This is maintained by the proposed replacement language.
May 8, 2014 by Ben WilsonBallot 122 – Verified Method of Communication Voting on Ballot 122 closed. We received “yes” votes from Actalis, Buypass, Comodo, DigiCert, GlobalSign, GoDaddy, Izenpe, Logius PKIoverheid, QuoVadis, SECOM, Symantec, Trend Micro, Trustis, TURKTRUST, Visa, and WoSign OpenTrust and SSC abstained. Mozilla and Microsoft voted “no.” Therefore, Ballot 122 did not pass. The EV Guidelines Working Group has completed its review of Section 11.4.2 of the EV Guidelines (Telephone Number for Applicant’s Place of Business). The purpose of the review was to “develop a more international process for verifying contact information,” especially to transition away from a landline-centric focus. The purpose of Section 11.4.2 has been to ensure a means for communicating with an organization (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request) and to provide additional evidence of an organization’s existence. This is maintained by the proposed replacement language.
Ballot 121 – EV Guidelines Insurance Requirements(failed)
May 7, 2014 by Ben WilsonBallot 121 – EV Guidelines Insurance Requirements Voting has closed on Ballot 121. “Yes” votes were cast by Buypass, Disig, Firmaprofesional, GlobalSign, GoDaddy, Izenpe, OpenTrust, SSC, Trend Micro, Turktrust, and WoSign. “No” votes were cast by Actalis, DigiCert, QuoVadis, Symantec, and Mozilla. Abstentions were submitted by StartCom, Visa, and Google. Therefore, Ballot 121 failed.
May 7, 2014 by Ben WilsonBallot 121 – EV Guidelines Insurance Requirements Voting has closed on Ballot 121. “Yes” votes were cast by Buypass, Disig, Firmaprofesional, GlobalSign, GoDaddy, Izenpe, OpenTrust, SSC, Trend Micro, Turktrust, and WoSign. “No” votes were cast by Actalis, DigiCert, QuoVadis, Symantec, and Mozilla. Abstentions were submitted by StartCom, Visa, and Google. Therefore, Ballot 121 failed.