Chunghwa Telecom Co., Ltd. votes “yes” on Ballot 204.
Li-Chun Chen
From: Public [mailto:[email protected]]On Behalf Of Gervase Markham
via Public
Sent: Monday, June 26, 2017 8:18 AM
To: CABFPub <[email protected]>
Subject: [cabfpub] Ballot 204: Forbid DTPs from doing Domain/IP Ownership
Validation
Ballot 204: Forbid DTPs from doing Domain/IP Ownership Validation
Purpose of Ballot: At the moment, CAs are permitted to delegate the process of
domain and IP address validation. However, permitting such delegations is
problematic due to the way audits work - the auditing of such work may or may
not be required and, if it is, those audit documents may not make it back to
root programs for consideration. Although the audit situation also needs
fixing, domain validation is an important enough component of a CA's core
competencies that it seems wiser to remove it from the larger problem and
forbid its delegation. The purpose of this ballot is to ensure that CAs or
their Affiliates are always the ones performing domain/IP address ownership
validation for certificates that CA is responsible for.
The following motion has been proposed by Gervase Markham of Mozilla and
endorsed by Ryan Sleevi of Google and Mike Reilly of Microsoft:
-- MOTION BEGINS --
This motion modifies the Baseline Requirements.
0) In section 1.6.1, augment the definition of "Delegated Third Party" as
follows:
Delegated Third Party: A natural person or Legal Entity that is not the CA, and
whose activities are not within the scope of the appropriate CA audits, but is
authorized by the CA to assist in the Certificate Management Process by
performing or fulfilling one or more of the CA requirements found herein.
1) In section 1.3.2, replace the following sentence:
"The CA MAY delegate the performance of all, or any part, of Section 3.2
requirements to a Delegated Third Party, provided that the process as a whole
fulfills all of the requirements of Section 3.2."
with:
"With the exception of sections 3.2.2.4 and 3.2.2.5, the CA MAY delegate the
performance of all, or any part, of Section 3.2 requirements to a Delegated
Third Party, provided that the process as a whole fulfills all of the
requirements of Section 3.2."
2) In sections 3.2.2.4, replace the paragraph beginning "The CA SHALL confirm
that" with the following:
"The CA SHALL confirm that, as of the date the Certificate issues, the CA has
validated each Fully‐Qualified Domain Name (FQDN) listed in the Certificate
using at least one of the methods listed below, or is within the Domain
Namespace of a Fully-Qualified Domain Name (FQDN) that has been validated using
at least one of the methods listed below (not including the method defined in
section 3.2.2.4.8)."
3) In section 3.2.2.4.6, remove the words "or Delegated Third Party".
4) In section 3.2.2.4.11 (if still present in the text at the time the ballot
passes), replace the following text:
"either the CA or a Delegated Third Party"
with:
"the CA"
5) In section 8.4, remove the paragraph beginning: "If a Delegated Third Party
is not currently audited...".
6) In section 8.4, replace the following text:
"If the CA is not using one of the above procedures and the Delegated Third
Party is not an Enterprise RA, then"
with:
"For Delegated Third Parties which are not Enterprise RAs, ".
-- MOTION ENDS --
The procedure for approval of this Final Maintenance Guideline ballot is as
follows:
BALLOT 204
Status: Final Maintenance Guideline
Start time (23:00 UTC)
End time (23:00 UTC)
Discussion (7 to 14 days)
27 June
4 July
Vote for approval (7 days)
4 July
11 July
If vote approves ballot: Review Period (Chair to send Review Notice) (30 days).
If Exclusion Notice(s) filed, ballot approval is rescinded and PAG to be
created.
If no Exclusion Notices filed, ballot becomes effective at end of Review Period.
Upon filing of Review Notice by Chair
30 days after filing of Review Notice by Chair
From Bylaw 2.3: If the Draft Guideline Ballot is proposing a Final Maintenance
Guideline, such ballot will include a redline or comparison showing the set of
changes from the Final Guideline section(s) intended to become a Final
Maintenance Guideline, and need not include a copy of the full set of
guidelines. Such redline or comparison shall be made against the Final
Guideline section(s) as they exist at the time a ballot is proposed, and need
not take into consideration other ballots that may be proposed subsequently,
except as provided in Bylaw Section 2.3(j).
Votes must be cast by posting an on-list reply to this thread on the Public
list. A vote in favor of the motion must indicate a clear 'yes' in the
response. A vote against must indicate a clear 'no' in the response. A vote to
abstain must indicate a clear 'abstain' in the response. Unclear responses will
not be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted. Voting members
are listed here:https://cabforum.org/members/
In order for the motion to be adopted, two thirds or more of the votes cast by
members in the CA category and greater than 50% of the votes cast by members in
the browser category must be in favor. Quorum is shown on CA/Browser Forum
wiki. Under Bylaw 2.2(g), at least the required quorum number must participate
in the ballot for the ballot to be valid, either by voting in favor, voting
against, or abstaining.
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件.
如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任.
Please be advised that this email message (including any attachments) contains
confidential information and may be legally privileged. If you are not the
intended recipient, please destroy this message and all attachments from your
system and do not further collect, process, or use them. Chunghwa Telecom and
all its subsidiaries and associated companies shall not be liable for the
improper or incomplete transmission of the information contained in this email
nor for any delay in its receipt or damage to your system. If you are the
intended recipient, please protect the confidential and/or personal information
contained in this email with due care. Any unauthorized use, disclosure or
distribution of this message in whole or in part is strictly prohibited. Also,
please self-inspect attachments and hyperlinks contained in this email to
ensure the information security and to protect personal information.
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
