[cabf_validation] Minutes for March 9, 2017

Jeremy Rowley jeremy.rowley at digicert.com
Wed Mar 15 15:49:09 MST 2017


Attendees: Rick, Peter, Bruce, Wayne, Jeremy, Robin, Li Chun

 

Ballot 190 - Add back in the two methods and clarify well-known. Rick is
endorsing. Robin will check to see if he can endorse.

 

Ballot 191 - Change EV place of business field contents to match BRs.
Changes to jurisdiction issues will be addressed separately. 

 

Ballot 192 - Waiting for Doug to check with the proposer on how to validate
the entity is a Latin notary. Translations in the EV guidelines are done by
Ras. There is a Translator term but it's not defined. Peter suggested we
look at the Latin Notary as a local assistant for the CA. We can then
establish a process for an information collector but the CA will then do the
validation. Jeremy will post about the different meaning of an RA and
suggest we clarify the term RA. 

 

IP Address Validation - We will work on this during the face to face. 

 

HTTP validation - Using HTTPS with a practical demo could cause false
validations. Two proposals are 1) require the cert be valid which means you
can't use the method until you already have a valid cert for the cite or 2)
ban HTTPs. Banning HTTPs is a good local solution but we don't want to put
in the BRs.  The test certificate method could be the solution, but then the
existence of the certificate should be enough for validation. We will
discuss at the face to face.

 

Including CN in Subordinates - We need to exclude existing CAs and CAs
currently going through the Mozilla policy. The Microsoft policy is unclear
on whether they require a CN. The requirement should be that the whole CA
name must be unique. There are good reasons to permit the repeat of the
common name though. We will have Ben update his ballot to be sure it
reflects this.

 

ANS1 ballot - Peter sent a proposal to the mailing list. There were
questions about how much we should specify. He specified ANS.1 for all the
fields but someone thought it was too much. We need to decide what portion
of this to ballot.  Li Chun suggested we only define the portions that are
specific to the CAB Forum (jurisdiction info). Peter will slim it down to
just EV and talk to Jody about naming. 

 

9.2.7 - Open questions:

a) Should we allow other addresses (PO, etc) - We should remove "the" from
the address. We cover this in the requirements because a site visit is
permitted. Plus, you have to register in most locations where you do
business. We use the term "Place of Business" in the language. We can just
bring the definition with the move of the language to the BRs.  It's valid
to have multiple addresses for the same organization as this is the case
where they have multiple locations in the same country 

b) Get rid of Address of Existence in BRs - Discuss in Raleigh 

c) Mandate street address for EV certs - No interest. Address can change
often. The idea is to give people a way to find the entity. This is possible
with the jurisdiction and address info. 

 

Other Items - What do we do about old OV certs? There are still 10 year
certs with info in the O field that isn't actually an org name. The cert
policies of the BRs being required solves this.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170315/264af431/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20170315/264af431/attachment.bin>


More information about the Validation mailing list