[cabfpub] Ballot 147

Dean Coclin Dean_Coclin at symantec.com
Tue Jun 23 16:08:53 UTC 2015


Symantec votes YES.

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Jeremy Rowley
Sent: Wednesday, June 10, 2015 8:42 PM
To: public at cabforum.org
Subject: [cabfpub] Ballot 147

 

Ballot 147 - Attorney-Accountant Letter Changes

  _____  

This is a validation working group final product that will amend the EV
Guidelines to permit verification of legal existence through an
attorney/accountant opinion letter. This change is based on the rationale
that attorneys are the most skilled at verifying legal existence, yet are
currently not permitted to do so. To ensure that a single legal letter is
not the sole source of validation, language was included to require
corroboration with a QIIS.

Kirk Hall of TrendMicro made the following motion, Cecilia Kam from Symantec
and Jeremy Rowley from DigiCert have endorsed it.

  _____  

Motion Begins

  _____  

1. Add the following definition:

Verified Professional Letter: A Verified Accountant Letter or Verified Legal
Opinion.

2. Amend the guidelines as follows:

11.2. Verification of Applicant's Legal Existence and Identity

11.2.2. Acceptable Method of Verification

To verify the Applicant's legal existence and identity, the CA MUST do the
following.

(1) Private Organization Subjects: Unless verified under subsection (6), all
items listed in Section 11.2.1(1) MUST be verified directly with, or
obtained directly from, the Incorporating or Registration Agency in the
Applicant's Jurisdiction of Incorporation or Registration. Such verification
MAY be through use of a Qualified Government Information Source operated by,
or on behalf of, the Incorporating or Registration Agency, or by direct
contact with the Incorporating or Registration Agency in person or via mail,
e-mail, Web address, or telephone, using an address or phone number obtained
directly from the Qualified Government Information Source, Incorporating or
Registration Agency, or from a Qualified Independent Information Source.

(2) Government Entity Subjects: Unless verified under subsection (6), all
items listed in Section 11.2.1(2) MUST either be verified directly with, or
obtained directly from, one of the following: (i) a Qualified Government
Information Source in the political subdivision in which such Government
Entity operates; (ii) a superior governing Government Entity in the same
political subdivision as the Applicant (e.g. a Secretary of State may verify
the legal existence of a specific State Department), or (iii) from a judge
that is an active member of the federal, state or local judiciary within
that political subdivision, or (iv) an attorney representing the Government
Entity.

Any communication from a judge SHALL be verified in the same manner as is
used for verifying factual assertions that are asserted by an Attorney as
set forth in Section 11.11.1.

Such verification MAY be by direct contact with the appropriate Government
Entity in person or via mail, e-mail, Web address, or telephone, using an
address or phone number obtained from a Qualified Independent Information
Source.

(3) Business Entity Subjects: Unless verified under subsection (6), items
listed in Section 11.2.1(3) (A) through (C) above, MUST be verified directly
with, or obtained directly from, the Registration Agency in the Applicant's
Jurisdiction of Registration. Such verification MAY be performed by means of
a Qualified Government Information Source, a Qualified Governmental Tax
Information Source, or by direct contact with the Registration Agency in
person or via mail, email, Web address, or telephone, using an address or
phone number obtained directly from the Qualified Government Information
Source, Qualified Governmental Tax Information Source or Registration
Agency, or from a Qualified Independent Information Source. In addition, the
CA MUST validate a Principal Individual associated with the Business Entity
pursuant to the requirements in subsection (4), below.

***

(5) Non-Commercial Entity Subjects (International Organization): Unless
verified under subsection (6), all items listed in Section 11.2.1(4) MUST be
verified either:

(A) With reference to the constituent document under which the International
Organization was formed; or

(B) Directly with a signatory country's government in which the CA is
permitted to do business. Such verification may be obtained from an
appropriate government agency or from the laws of that country, or by
verifying that the country's government has a mission to represent it at the
International Organization; or

(C) Directly against any current list of qualified entities that the
CA/Browser Forum may maintain at www.cabforum.org.

(D) In cases where the International Organization applying for the EV
Certificate is an organ or agency - including a non-governmental
organization of a verified International Organization, then the CA may
verify the International Organization Applicant directly with the verified
umbrella International Organization of which the Applicant is an organ or
agency.

(6) The CA may rely on a Verified Professional Letter to establish the
Applicant's information listed in (1)-(5) above if (i) the Verified
Professional Letter includes a copy of supporting documentation used to
establish the Applicant's legal existence, such as a certificate of
registration, articles of incorporation, operating agreement, statute, or
regulatory act, and (ii) the CA confirms the Applicant's organization name
specified in the Verified Professional Letter with a QIIS or QGIS.

***

11.3. Verification of Applicant's Legal Existence and Identity - Assumed
Name

11.3.2. Acceptable Method of Verification To verify any assumed name under
which the Applicant conducts business:

(1) The CA MAY verify the assumed name through use of a Qualified Government
Information Source operated by, or on behalf of, an appropriate government
agency in the jurisdiction of the Applicant's Place of Business, or by
direct contact with such government agency in person or via mail, e-mail,
Web address, or telephone; or

(2) The CA MAY verify the assumed name through use of a Qualified
Independent Information Source provided that the QIIS has verified the
assumed name with the appropriate government agency.

(3) The CA MAY rely on a Verified Professional Letter Verified Legal
Opinion, or a Verified Accountant Letter that indicates the assumed name
under which the Applicant conducts business, the government agency with
which the assumed name is registered, and that such filing continues to be
valid.

11.4. Verification of Applicant's Physical Existence

11.4.1. Address of Applicant's Place of Business

***

(2) Acceptable Methods of Verification

(A) Place of Business in the Country of Incorporation or Registration

***

(2) For all Applicants, the CA MAY alternatively rely on a Verified
Professional Letter Verified Legal Opinion or a Verified Accountant Letter
that indicates the address of the Applicant's or a Parent/Subsidiary
Company's Place of Business and that business operations are conducted
there.

***

(B) Place of Business not in the Country of Incorporation or Registration:
The CA MUST rely on a Verified Professional LetterVerified Legal Opinion or
Verified Accountant's Letter that indicates the address of the Applicant's
Place of Business and that business operations are conducted there.

11.4.2. Telephone Number for Applicant's Place of Business

(2) Acceptable Methods of Verification: To verify the Applicant's telephone
number, the CA MUST perform items A and either B or C as listed below:

***

(C) Rely on a Verified Professional Letter Verified Legal Opinion or a
Verified Accountant Letter to the effect that the Applicant's telephone
number, as provided, is a main phone number for the Applicant's Place of
Business.

11.5. Verification of Applicant's Operational Existence

11.5.2. Acceptable Methods of Verification

To verify the Applicant's ability to engage in business, the CA MUST verify
the operational existence of the Applicant, or its
Affiliate/Parent/Subsidiary Company, by:

(4) Relying on a Verified Professional Letter Verified Legal Opinion or a
Verified Accountant Letter to the effect that the Applicant has an active
current Demand Deposit Account with a Regulated Financial Institution.

11.7. Verification of Name, Title, and Authority of Contract Signer and
Certificate Approver

11.7.2. Acceptable Methods of Verification - Name, Title and Agency

Acceptable methods of verification of the name, title, and agency status of
the Contract Signer and the Certificate Approver include the following.

(1) Name and Title: The CA MAY verify the name and title of the Contract
Signer and the Certificate Approver by any appropriate method designed to
provide reasonable assurance that a person claiming to act in such a role is
in fact the named person designated to act in such role.

(2) Agency: The CA MAY verify the agency of the Contract Signer and the
Certificate Approver by:

(A) Contacting the Applicant by phone or mail, at the phone number or
address for the Applicant, obtained and verified in accordance with Section
11.4.1 or 11.4.2, and obtaining confirmation that the Contract Signer and/or
the Certificate Approver, as applicable, is an employee; or

(B) Obtaining an Independent Confirmation From the Applicant (as described
in Section 11.10.4), or a Verified Professional Letter Verified Legal
Opinion (as described in Section 11.10.1), or a Verified Accountant Letter
(as described in Section 11.10.2)verifying that the Contract Signer and/or
the Certificate Approver, as applicable, is either an employee or has
otherwise been appointed as an agent of the Applicant.

11.7.3. Acceptable Methods of Verification - Authority

Acceptable methods of verification of the Signing Authority of the Contract
Signer, and the EV Authority of the Certificate Approver, as applicable,
include:

(1) Verified Professional Letter Legal Opinion: The Signing Authority of the
Contract Signer, and/or the EV Authority of the Certificate Approver, MAY be
verified by reliance on a Verified Professional Letter --Verified Legal
Opinion (as described in Section 11.10.1)--;

***

(2) Accountant Letter: The Signing Authority of the Contract Signer, and/or
the EV Authority of the Certificate Approver, MAY be verified by reliance on
a Verified Accountant Letter (as described in Section 11.10.2);

11.11. Other Verification Requirements

11.11.3. Parent/Subsidiary/Affiliate Relationship

A CA verifying an Applicant using information of the Applicant's Parent,
Subsidiary, or Affiliate, when allowed under section 11.4.1, 11.4.2, 11.5.1,
or 11.6.1, MUST verify the Applicant's relationship to the Parent,
Subsidiary, or Affiliate. Acceptable methods of verifying the Applicant's
relationship to the Parent, Subsidiary, or Affiliate include the following:

***

(4) Verified Professional Letter Legal Opinion: A CA MAY verify the
relationship between an Applicant and a Parent, Subsidiary, or Affiliate by
relying on a Verified Professional Letter Verified Legal Opinion (as
described in Section 11.10.1);

(5) Accountant Letter: A CA MAY verify the relationship between an Applicant
and a Parent, Subsidiary, or Affiliate by relying on a Verified Accountant
Letter (as described in Section 11.10.2);

  _____  

Motion Ends

  _____  

The review period for this ballot shall commence at 2200 UTC on Thursday, 11
June 2015, and will close at 2200 UTC on Thursday, 18 June 2015. Unless the
motion is withdrawn during the review period, the voting period will start
immediately thereafter and will close at 2200 UTC on Thursday, 25 June 2015.
Votes must be cast by posting an on-list reply to this thread.

A vote in favor of the motion must indicate a clear 'yes' in the response. A
vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted. Voting members
are listed here:  <https://cabforum.org/members/>
https://cabforum.org/members/

In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and greater than 50% of the votes cast by
members in the browser category must be in favor. Also, at least seven
members must participate in the ballot, either by voting in favor, voting
against, or abstaining.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150623/176ef4cd/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150623/176ef4cd/attachment-0001.p7s>


More information about the Public mailing list