CA/Browser Forum posts
Posts by tag Ballot
Ballot 124 – Business Entity Clarification (passed)
June 5, 2014 by Ben WilsonBallot 124 – Business Entity Clarification Voting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 124 passed. The EV Guidelines Working Group identified an erroneous cross-reference in the first sentence of Section 11.2.2(3) (Business Entity Subjects). Joanna Fox of GoDaddy made the following motion, and Cecilia Kam of Symantec and Ben Wilson from DigiCert have endorsed it.
June 5, 2014 by Ben WilsonBallot 124 – Business Entity Clarification Voting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 124 passed. The EV Guidelines Working Group identified an erroneous cross-reference in the first sentence of Section 11.2.2(3) (Business Entity Subjects). Joanna Fox of GoDaddy made the following motion, and Cecilia Kam of Symantec and Ben Wilson from DigiCert have endorsed it.
Ballot 120 – Affiliate Authority to Verify Domain (passed)
June 5, 2014 by Ben WilsonVoting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 120 passed. Kirk Hall of TrendMicro made the following motion and Jeremy Rowley of DigiCert and Cecilia Kam of Symantec have endorsed it: Ballot 120 – Affiliate Authority to Verify Domain Reasons for proposed ballot Ballot 72 in May 2012 reorganized the EV Guidelines by moving certain definitions and common provisions to the Baseline Requirements and replacing them with cross references to the Baseline Requirements. In July 2013, Ballot 104 was a similar replacement with a cross reference to avoid unnecessary duplication between the two sets of guidelines , but it inadvertently removed domain verification through a parent or subsidiary from EV Guidelines Sec. 11.6.2 (now renumbered as EVGL 11.6.1), which had listed it as part of the allowed verification process. Ballot 104 essentially deleted the separately listed EVGL 11.6.2 methods for verifying domain ownership, and instead inserted a cross-reference to the methods of verifying domain ownership in BR 11.1.1 (except for subsection (7) – “any other method of confirmation” – which was not deemed reliable enough for EV).
June 5, 2014 by Ben WilsonVoting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 120 passed. Kirk Hall of TrendMicro made the following motion and Jeremy Rowley of DigiCert and Cecilia Kam of Symantec have endorsed it: Ballot 120 – Affiliate Authority to Verify Domain Reasons for proposed ballot Ballot 72 in May 2012 reorganized the EV Guidelines by moving certain definitions and common provisions to the Baseline Requirements and replacing them with cross references to the Baseline Requirements. In July 2013, Ballot 104 was a similar replacement with a cross reference to avoid unnecessary duplication between the two sets of guidelines , but it inadvertently removed domain verification through a parent or subsidiary from EV Guidelines Sec. 11.6.2 (now renumbered as EVGL 11.6.1), which had listed it as part of the allowed verification process. Ballot 104 essentially deleted the separately listed EVGL 11.6.2 methods for verifying domain ownership, and instead inserted a cross-reference to the methods of verifying domain ownership in BR 11.1.1 (except for subsection (7) – “any other method of confirmation” – which was not deemed reliable enough for EV).
Ballot 122 – Verified Method of Communication (failed)
May 8, 2014 by Ben WilsonBallot 122 – Verified Method of Communication Voting on Ballot 122 closed. We received “yes” votes from Actalis, Buypass, Comodo, DigiCert, GlobalSign, GoDaddy, Izenpe, Logius PKIoverheid, QuoVadis, SECOM, Symantec, Trend Micro, Trustis, TURKTRUST, Visa, and WoSign OpenTrust and SSC abstained. Mozilla and Microsoft voted “no.” Therefore, Ballot 122 did not pass. The EV Guidelines Working Group has completed its review of Section 11.4.2 of the EV Guidelines (Telephone Number for Applicant’s Place of Business). The purpose of the review was to “develop a more international process for verifying contact information,” especially to transition away from a landline-centric focus. The purpose of Section 11.4.2 has been to ensure a means for communicating with an organization (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request) and to provide additional evidence of an organization’s existence. This is maintained by the proposed replacement language.
May 8, 2014 by Ben WilsonBallot 122 – Verified Method of Communication Voting on Ballot 122 closed. We received “yes” votes from Actalis, Buypass, Comodo, DigiCert, GlobalSign, GoDaddy, Izenpe, Logius PKIoverheid, QuoVadis, SECOM, Symantec, Trend Micro, Trustis, TURKTRUST, Visa, and WoSign OpenTrust and SSC abstained. Mozilla and Microsoft voted “no.” Therefore, Ballot 122 did not pass. The EV Guidelines Working Group has completed its review of Section 11.4.2 of the EV Guidelines (Telephone Number for Applicant’s Place of Business). The purpose of the review was to “develop a more international process for verifying contact information,” especially to transition away from a landline-centric focus. The purpose of Section 11.4.2 has been to ensure a means for communicating with an organization (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request) and to provide additional evidence of an organization’s existence. This is maintained by the proposed replacement language.
Ballot 121 – EV Guidelines Insurance Requirements(failed)
May 7, 2014 by Ben WilsonBallot 121 – EV Guidelines Insurance Requirements Voting has closed on Ballot 121. “Yes” votes were cast by Buypass, Disig, Firmaprofesional, GlobalSign, GoDaddy, Izenpe, OpenTrust, SSC, Trend Micro, Turktrust, and WoSign. “No” votes were cast by Actalis, DigiCert, QuoVadis, Symantec, and Mozilla. Abstentions were submitted by StartCom, Visa, and Google. Therefore, Ballot 121 failed.
May 7, 2014 by Ben WilsonBallot 121 – EV Guidelines Insurance Requirements Voting has closed on Ballot 121. “Yes” votes were cast by Buypass, Disig, Firmaprofesional, GlobalSign, GoDaddy, Izenpe, OpenTrust, SSC, Trend Micro, Turktrust, and WoSign. “No” votes were cast by Actalis, DigiCert, QuoVadis, Symantec, and Mozilla. Abstentions were submitted by StartCom, Visa, and Google. Therefore, Ballot 121 failed.
Ballot 112 – Replace Definition of “Internal Server Name” with “Internal Name”(passed)
April 3, 2014 by Ben WilsonBallot 112 – Replace Definition of “Internal Server Name” with “Internal Name” Votes in Favor: ANF, Buypass, Comodo, DigiCert, Disig, FirmaProfesional, GlobalSign, GoDaddy, Logius PKIoverheid, QuoVadis, Sertifitseerimiskeskus, SSC, StartCom, SwissSign, Symantec,Trend Micro, Trustis, TURKTRUST, TAIWAN-CA, WoSign, Mozilla and Google No abstentions or nay votes. Ballot passed. The current definition of Internal Server Name is ambiguous. It reads, “A Server Name (which may or may not include an Unregistered Domain Name) that is not resolvable using the public DNS.”
April 3, 2014 by Ben WilsonBallot 112 – Replace Definition of “Internal Server Name” with “Internal Name” Votes in Favor: ANF, Buypass, Comodo, DigiCert, Disig, FirmaProfesional, GlobalSign, GoDaddy, Logius PKIoverheid, QuoVadis, Sertifitseerimiskeskus, SSC, StartCom, SwissSign, Symantec,Trend Micro, Trustis, TURKTRUST, TAIWAN-CA, WoSign, Mozilla and Google No abstentions or nay votes. Ballot passed. The current definition of Internal Server Name is ambiguous. It reads, “A Server Name (which may or may not include an Unregistered Domain Name) that is not resolvable using the public DNS.”
Ballot 119 – Remove “OfIncorporation” from OID descriptions in EVG 9.2.5(passed)
March 24, 2014 by Ben WilsonBallot 119 – Remove “OfIncorporation” from OID descriptions in EVG 9.2.5 Yea: ANF, Certinomis, Comodo, DigiCert, GlobalSign, Izenpe, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustis, WoSign, Google, Microsoft, and Mozilla. Nay: None Abstain: None Result: Ballot passed Rob Stradling of Comodo made the following motion, and Ben Wilson from DigiCert and Chema López González from AC Firmaprofesional S.A. have endorsed it. The EV Guidelines require certificates to include the jurisdiction where the Subject has registered or incorporated. Subsection 9.2.5 of the EV Guidelines is titled, “Subject Jurisdiction of Incorporation or Registration Field”. However, the OID names provided in that section use the string “OfIncorporation”, which is overly specific and might be considered misleading, because not all business entities with EV certificates are corporations. Therefore, the string “OfIncorporation” should be deleted from these OID names.
March 24, 2014 by Ben WilsonBallot 119 – Remove “OfIncorporation” from OID descriptions in EVG 9.2.5 Yea: ANF, Certinomis, Comodo, DigiCert, GlobalSign, Izenpe, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustis, WoSign, Google, Microsoft, and Mozilla. Nay: None Abstain: None Result: Ballot passed Rob Stradling of Comodo made the following motion, and Ben Wilson from DigiCert and Chema López González from AC Firmaprofesional S.A. have endorsed it. The EV Guidelines require certificates to include the jurisdiction where the Subject has registered or incorporated. Subsection 9.2.5 of the EV Guidelines is titled, “Subject Jurisdiction of Incorporation or Registration Field”. However, the OID names provided in that section use the string “OfIncorporation”, which is overly specific and might be considered misleading, because not all business entities with EV certificates are corporations. Therefore, the string “OfIncorporation” should be deleted from these OID names.
Ballot 117 – EV Code Signing Guidelines Corrections(passed)
March 24, 2014 by Ben WilsonBallot 117 – EV Code Signing Guidelines Corrections Yea: ANF, Certinomis, DigiCert, GlobalSign, Izenpe, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustis, WoSign, Microsoft, and Mozilla. Nay: Comodo, Network Solutions, and Google. Abstain: Buypass Results: Ballot passed Updated version is posted here on the EV Code Signing page. Jeremy Rowley of DigiCert made the following motion, and Iñigo Barreira of Izenpe and Rick Andrews of Symantec endorsed it.
March 24, 2014 by Ben WilsonBallot 117 – EV Code Signing Guidelines Corrections Yea: ANF, Certinomis, DigiCert, GlobalSign, Izenpe, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustis, WoSign, Microsoft, and Mozilla. Nay: Comodo, Network Solutions, and Google. Abstain: Buypass Results: Ballot passed Updated version is posted here on the EV Code Signing page. Jeremy Rowley of DigiCert made the following motion, and Iñigo Barreira of Izenpe and Rick Andrews of Symantec endorsed it.
Ballot 116 – Bylaw Amendment for Associate Member Category(passed)
March 24, 2014 by Ben WilsonBallot 116 – Associate Member Category Yea: ANF, Certinomis, DigiCert, GlobalSign, Izenpe, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustis, WoSign, Microsoft, and Mozilla Nay: None Abstain: None Results: Ballot passed Ben Wilson of DigiCert made the following motion, and Dean Coclin from Symantec and Ryan Sleevi from Google endorsed it: Motion Begins In order to reconcile the CA/Browser Forum’s Bylaws with its current operational practices, including the recognition of Associate Members and the use of a single IPR Agreement with Interested Parties and the absence of a Participation Agreement, the following amendments should be made to the Bylaws:
March 24, 2014 by Ben WilsonBallot 116 – Associate Member Category Yea: ANF, Certinomis, DigiCert, GlobalSign, Izenpe, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustis, WoSign, Microsoft, and Mozilla Nay: None Abstain: None Results: Ballot passed Ben Wilson of DigiCert made the following motion, and Dean Coclin from Symantec and Ryan Sleevi from Google endorsed it: Motion Begins In order to reconcile the CA/Browser Forum’s Bylaws with its current operational practices, including the recognition of Associate Members and the use of a single IPR Agreement with Interested Parties and the absence of a Participation Agreement, the following amendments should be made to the Bylaws:
Ballot 110 – Motion to Adopt Version 1.1 of the Bylaws(failed)
February 6, 2014 by Ben WilsonWith 6 “yes” votes from CAs (Digicert, Symantec, TrendMicro, Disig, GlobalSign, and SECOM) and 2 “no” votes from Browsers (Mozilla and Google), Ballot 110 made quorum but did not pass. On 22 January 2014, Ben Wilson of DigiCert made the following motion, endorsed by Robin Alden of Comodo and Dean Coclin of Symantec: –Motion Begins– Be it resolved that the CA / Browser Forum adopts the attached CA-Browser Forum Bylaws v. 1.1- Draft3 for Ballot 110 as its Bylaws, effective as of 6 February 2014.
February 6, 2014 by Ben WilsonWith 6 “yes” votes from CAs (Digicert, Symantec, TrendMicro, Disig, GlobalSign, and SECOM) and 2 “no” votes from Browsers (Mozilla and Google), Ballot 110 made quorum but did not pass. On 22 January 2014, Ben Wilson of DigiCert made the following motion, endorsed by Robin Alden of Comodo and Dean Coclin of Symantec: –Motion Begins– Be it resolved that the CA / Browser Forum adopts the attached CA-Browser Forum Bylaws v. 1.1- Draft3 for Ballot 110 as its Bylaws, effective as of 6 February 2014.
Ballot 114 – Improvements to the EV Definitions(passed)
January 28, 2014 by Ben WilsonVoting on Ballot 114 closed on 28 January 2014 with votes cast as follows: Yes: ANF, Buypass, CERTUM, Comodo, DigiCert, GlobalSign, Logius PKIoverheid, QuoVadis, Symantec, Trend Micro, Trustis, TURKTRUST and Mozilla. No: None. Abstain: None. Result: Ballot passes Cecilia Kam from Symantec made the following motion, and Jeremy Rowley from DigiCert and Kirk Hall from Trend Micro endorsed it. This proposal clarifies the definition of Business Entities, Private Organizations, and Incorporating Agencies. The change to Business Entity fixes the omission of non-commercial entities and clarifies that the examples are not all-encompassing. The Private Organization change helps promote EV in countries where they don’t generally use the term “Incorporating Agency”. The change in Incorporating Agency gives the guidelines a more international focus by using the term formation over incorporation and by acknowledging that businesses are generally registered, not established, with a filing.
January 28, 2014 by Ben WilsonVoting on Ballot 114 closed on 28 January 2014 with votes cast as follows: Yes: ANF, Buypass, CERTUM, Comodo, DigiCert, GlobalSign, Logius PKIoverheid, QuoVadis, Symantec, Trend Micro, Trustis, TURKTRUST and Mozilla. No: None. Abstain: None. Result: Ballot passes Cecilia Kam from Symantec made the following motion, and Jeremy Rowley from DigiCert and Kirk Hall from Trend Micro endorsed it. This proposal clarifies the definition of Business Entities, Private Organizations, and Incorporating Agencies. The change to Business Entity fixes the omission of non-commercial entities and clarifies that the examples are not all-encompassing. The Private Organization change helps promote EV in countries where they don’t generally use the term “Incorporating Agency”. The change in Incorporating Agency gives the guidelines a more international focus by using the term formation over incorporation and by acknowledging that businesses are generally registered, not established, with a filing.