[cabf_validation] [EXTERNAL]Re: Error in EVG 11.6.2

Kirk Hall Kirk.Hall at entrustdatacard.com
Mon Oct 16 10:24:13 MST 2017


I agree with Jeremy – usually a requirement like “You must do the following: a, b, c, OR d” means you only have to do ONE of the things listed.  That’s how I read this section of the EVGL.  But no objection if you want to do a ballot.

From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Adriano Santoni via Validation
Sent: Sunday, October 15, 2017 11:18 PM
To: validation at cabforum.org
Subject: [EXTERNAL]Re: [cabf_validation] Error in EVG 11.6.2


+1

Il 13/10/2017 21:19, Rich Smith via Validation ha scritto:
I agree that that’s the way it should be read, and I believe that’s the way it was previously written, BUT because the wording is not clear, an auditor or root program representative could take it the other way.  Some of those who might read it the other way may not be particularly subject to reason or common sense, so we should fix it.

From: Jeremy Rowley [mailto:jeremy.rowley at digicert.com]
Sent: Friday, October 13, 2017 2:10 PM
To: Rich Smith <richard.smith at comodo.com><mailto:richard.smith at comodo.com>; CA/Browser Forum Validation WG List <validation at cabforum.org><mailto:validation at cabforum.org>
Subject: Re: [cabf_validation] Error in EVG 11.6.2

I read it as an or in each case. There's no "and" between 1-3.

On Oct 13, 2017, at 10:06 AM, Rich Smith via Validation <validation at cabforum.org<mailto:validation at cabforum.org>> wrote:
The text, as currently written requires either a bank letter or professional letter in ALL cases.  I know this was not the intent, and was not how this used to be written, so we apparently loused it up in an edit at some point.  Current text:

11.6.2. Acceptable Methods of Verification

To verify the Applicant’s ability to engage in business, the CA MUST verify the operational existence of the Applicant, or its Affiliate/Parent/Subsidiary Company, by:

(1) Verifying that the Applicant, Affiliate, Parent Company, or Subsidiary Company has been in existence for at least three years, as indicated by the records of an Incorporating Agency or Registration Agency;

(2) Verifying that the Applicant, Affiliate, Parent Company, or Subsidiary Company is listed in either a current QIIS or QTIS;

(3) Verifying that the Applicant, Affiliate, Parent Company, or Subsidiary Company has an active current Demand Deposit Account with a Regulated Financial Institution by receiving authenticated documentation of the Applicant’s, Affiliate’s, Parent Company’s, or Subsidiary Company’s Demand Deposit Account directly from a Regulated Financial Institution; or
(4) Relying on a Verified Professional Letter to the effect that the Applicant has an active current Demand Deposit Account with a Regulated Financial Institution.

You’ll notice that, as currently worded, 1 AND 2 PLUS 3 OR 4 is required.  We can fix either by adding ‘or’ to the ends of 1 and 2, OR removing ‘or’ at the end of 3 AND changing the opening sentence to:

“To verify the Applicant’s ability to engage in business, the CA MUST verify the operational existence of the Applicant, or its Affiliate/Parent/Subsidiary Company, by one of the following:”
I’d like to get a correction ballot out as quickly as possible.  Any preference as to method?  Can I get two endorsers for whichever method we decide on?

Thanks,
Rich Smith
Comodo CA
_______________________________________________
Validation mailing list
Validation at cabforum.org<mailto:Validation at cabforum.org>
https://cabforum.org/mailman/listinfo/validation




_______________________________________________

Validation mailing list

Validation at cabforum.org<mailto:Validation at cabforum.org>

https://cabforum.org/mailman/listinfo/validation

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20171016/2fb01d2c/attachment-0001.html>


More information about the Validation mailing list