[cabf_validation] Two alternative drafts of Ballot 225 for discussion at the VWG meeting on Tuesday

Fri Jun 1 15:44:35 MST 2018

So I definitely see a number of problems with "Alternative A" that I'm not
sure it's worth trying to resolve.

In examining Alternative B, it seems to weaken the requirements, when my
understanding was that the desire was to strengthen them, in that it
further favors incumbents by apparently exempting them from certain
operational requirements, while subjecting other organizations to more
onerous requirements. Alternatively, it may be read as organizations that
have been in operation for greater than 36 months that there is no
acceptable way to validate their operational existence - meaning that such
certificates are only intended for newer companies. Certainly, such a
sunset of EV certificates sounds great - it would clear up a lot of
confusion if folks could no longer get them - but I somehow suspect that
wasn't quite the intent.

The removal of QIIS is interesting - if the situation is CAs no longer find
that information reliable, it seems striking that as acceptable for any
information validation purposes in EV may be appropriate. Alternatively,
can those advocating its removal here in 11.6.2 explain why they would feel
it's appropriate for use in other sections? What is the removal designed to
accomplish, and how does the QTIS accomplish this, in plainly stated
language?

Similarly, the motivation for the ballot states a goal, but fails to state
how it meaningfully achieves that goal. For example, it states that QIIS's
cannot be relied upon for determining "that the Applicant has the ability
to engage in business", but I'm not aware of any such example cases where
that objective hasn't been met. Could CAs speak more to examples of where
they feel QIISes haven't met that goal, so it can be understood how the
proposed changes (Alternative A or B) achieve that?

On Fri, Jun 1, 2018 at 6:16 PM, Tim Hollebeek via Validation <
validation at cabforum.org> wrote:

> I saw the language somewhere in the Alternative B draft while reviewing
> it.  Maybe it just hasn’t been scrubbed everywhere yet.  If it’s going
> away, I’m good.
>
>
>
> -Tim
>
>
>
> *From:* Kirk Hall [mailto:Kirk.Hall at entrustdatacard.com]
> *Sent:* Friday, June 1, 2018 5:58 PM
> *To:* Tim Hollebeek <tim.hollebeek at digicert.com>; CA/Browser Forum
> Validation WG List <validation at cabforum.org>
> *Subject:* RE: Two alternative drafts of Ballot 225 for discussion at the
> VWG meeting on Tuesday
>
>
>
> It’s true we suggested multiple proposers and endorsers in an earlier
> draft, but the pre-ballot drafts I sent with the message below (Alt. A and
> Alt. B) only show Chris as proposer, and no endorsers (space for two).  So
> I think these drafts don’t present any problems, do they?
>
>
>
> *From:* Tim Hollebeek [mailto:tim.hollebeek at digicert.com
> <tim.hollebeek at digicert.com>]
> *Sent:* Friday, June 1, 2018 2:46 PM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CA/Browser Forum
> Validation WG List <validation at cabforum.org>
> *Subject:* [EXTERNAL]RE: Two alternative drafts of Ballot 225 for
> discussion at the VWG meeting on Tuesday
>
>
>
> I really like the direction Alternative B is going in, and need more time
> to review it, but I did notice some language that I believe does not comply
> with the Bylaws, and would render these ballot invalid.
>
>
>
> From our Bylaws (parenthetical notes are mine):
>
>
>
> “A representative (singular) of any Member can call for a proposed ballot
> to be published for discussion and comment by the membership. Any proposed
> ballot needs two (2) endorsements by other Members in order to proceed.”
>
>
>
> I’ve objected on previous occasions to the highly non-standard,
> unprecedented multiple proposer model, and I continue to believe it does
> not and cannot be made to comply with our Bylaws.  I’m not sure why this
> ballot can’t follow the normal proposer and two endorser model we always
> use, and our Bylaws require.  I’d suggest the authors fix these ballots to
> be more conventional ballots.
>
>
>
> -Tim
>
>
>
> *From:* Validation [mailto:validation-bounces at cabforum.org
> <validation-bounces at cabforum.org>] *On Behalf Of *Kirk Hall via Validation
> *Sent:* Friday, June 1, 2018 5:34 PM
> *To:* CA/Browser Forum Validation WG List <validation at cabforum.org>
> *Subject:* [cabf_validation] Two alternative drafts of Ballot 225 for
> discussion at the VWG meeting on Tuesday
>
>
>
> Chris sent out a draft Ballot 225 on improving EV validation to the VWG
> for consideration on  May 21 (resubmitted with this email as Alternative
> A).  A number of comments were posted, including some comments that didn’t
> support the idea of any waiting  period before an applicant can get an EV
> cert for a newer company but were open to imposing new operational
> existence validation requirements for newer companies seeking an EV cert.
>
>
>
> Cecelia (GlobalSign) and Joanna (GoDaddy) worked together to create a
> simpler version of Ballot 225 (attached Alternative B) that does the
> following:
>
>
>
> High level changes in Alternative B:
>
> 1.       Added QTIS Definition - as already agreed
>
> 2.       Remove 18 month restriction on getting an EV cert as it seems
> controversial
>
> 3.       Require that companies less than 36 months verify operational
> existence
>
> 4.       Removed QIIS as an option
>
> 5.       Added the requirement to contact the bank if using #2
>
>
>
> We attach both Chris’ original ballot (Alt. A) and Cecelia/Joanna’s
> different proposal (Alt. B) for discussion at the VWG meeting on Tuesday.
> The final ballot could be one or the other, a mix of the two, or something
> else entirely.
>
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://cabforum.org/mailman/listinfo/validation
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180601/947321fd/attachment-0001.html>