Gerv, I would prefer to see this fixed concurrently with a clean up of Enterprise RA to make it very clear what we expect an Enterprise RA to be able to independently validate and what requirements they must meet.
Thanks, Peter > On Apr 20, 2017, at 9:39 AM, Gervase Markham via Public <[email protected]> > wrote: > > > Hi everyone, > > This updates the section 8.4 change to use slightly clearer wording. > > Can I get a couple of endorsers? > > Gerv > > Ballot XXX - Forbid DTPs from doing Domain/IP Ownership Validation > Purpose of Ballot: At the moment, CAs are permitted to delegate the process > of domain and IP address validation. However, permitting such delegations is > problematic due to the way audits work - the auditing of such work may or may > not be required and, if it is, those audit documents may not make it back to > root programs for consideration. Although the audit situation also needs > fixing, domain validation is an important enough component of a CA's core > competencies that it seems wiser to remove it from the larger problem and > forbid its delegation. The purpose of this ballot is to ensure that CAs or > their Affiliates are always the ones performing domain/IP address ownership > validation for certificates that CA is responsible for. > The following motion has been proposed by Gervase Markham of Mozilla and > endorsed by XXX of XXX and XXX of XXX: > -- MOTION BEGINS -- > 1) In section 1.3.2 of the Baseline Requirements, replace the following > sentence: > > "The CA MAY delegate the performance of all, or any part, of Section 3.2 > requirements to a Delegated Third Party, provided that the process as a whole > fulfills all of the requirements of Section 3.2." > > with: > > "With the exception of sections 3.2.2.4 and 3.2.2.5, the CA MAY delegate the > performance of all, or any part, of Section 3.2 requirements to a Delegated > Third Party, provided that the process as a whole fulfills all of the > requirements of Section 3.2." > > 2) In sections 3.2.2.4 and 3.2.2.4.11 (if still present in the text at the > time the ballot passes), replace the following text: > > "either the CA or a Delegated Third Party" > > with: > > "the CA" > > 3) In section 3.2.2.4.6, remove the words "or Delegated Third Party". > > 4) In section 8.4, remove the paragraph beginning: "If a Delegated Third > Party is not currently audited...". > > 5) In section 8.4, replace the following text: > > "If the CA is not using one of the above procedures and the Delegated Third > Party is not an Enterprise RA, then" > > with: > > "For Delegated Third Parties which are not Enterprise RAs, ". > > -- MOTION ENDS -- > > The procedure for approval of this Final Maintenance Guideline ballot is as > follows (exact start and end times may be adjusted to comply with applicable > Bylaws and IPR Agreement): > > BALLOT XXX > Status: Final Maintenance Guideline > Start time (23:00 UTC) > End time (23:00 UTC) > Discussion (7 to 14 days) > XXX > XXX > > Vote for approval (7 days) > XXX > > XXX > > If vote approves ballot: Review Period (Chair to send Review Notice) (30 > days). > If Exclusion Notice(s) filed, ballot approval is rescinded and PAG to be > created. > If no Exclusion Notices filed, ballot becomes effective at end of Review > Period. > Upon filing of Review Notice by Chair > > 30 days after filing of Review Notice by Chair > > > From Bylaw 2.3: If the Draft Guideline Ballot is proposing a Final > Maintenance Guideline, such ballot will include a redline or comparison > showing the set of changes from the Final Guideline section(s) intended to > become a Final Maintenance Guideline, and need not include a copy of the full > set of guidelines. Such redline or comparison shall be made against the > Final Guideline section(s) as they exist at the time a ballot is proposed, > and need not take into consideration other ballots that may be proposed > subsequently, except as provided in Bylaw Section 2.3(j). > > Votes must be cast by posting an on-list reply to this thread on the Public > list. A vote in favor of the motion must indicate a clear 'yes' in the > response. A vote against must indicate a clear 'no' in the response. A vote > to abstain must indicate a clear 'abstain' in the response. Unclear responses > will not be counted. The latest vote received from any representative of a > voting member before the close of the voting period will be counted. Voting > members are listed here: https://cabforum.org/members/ > <https://cabforum.org/members/> > In order for the motion to be adopted, two thirds or more of the votes cast > by members in the CA category and greater than 50% of the votes cast by > members in the browser category must be in favor. Quorum is shown on > CA/Browser Forum wiki. Under Bylaw 2.2(g), at least the required quorum > number must participate in the ballot for the ballot to be valid, either by > voting in favor, voting against, or abstaining. > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
