Ballot 204 – Forbid DTPs from doing Domain/IP Ownership

Ballot overview

• Ballot 204, Forbid DTPs from doing Domain/IP Ownership, proposed changes to the Baseline Requirements.
• The purpose was to ensure that CAs or their Affiliates, not Delegated Third Parties, perform domain and IP address ownership validation for certificates the CA is responsible for.
• The ballot also removed or narrowed references to Delegated Third Parties in several Baseline Requirements sections.

Proposed rule changes

• Section 1.6.1: expanded the Delegated Third Party definition to clarify that the entity is not the CA and that its activities are not within the scope of the appropriate CA audits.
• Section 1.3.2: allowed delegation of Section 3.2 requirements except for sections 3.2.2.4 and 3.2.2.5.
• Section 3.2.2.4: required the CA to validate each FQDN listed in the certificate as of the date the certificate issues, using approved methods or being within the domain namespace of a validated FQDN.
• Section 3.2.2.4.6: removed the words or Delegated Third Party.
• Section 3.2.2.4.11: if still present when the ballot passes, replaced either the CA or a Delegated Third Party with the CA.
• Section 8.4: removed a paragraph about Delegated Third Parties not being currently audited.
• Section 8.4: revised wording for Delegated Third Parties that are not Enterprise RAs.

Voting and result

• The ballot page states the voting period ended and the ballot passed.
• CA voting: 12 yes, 0 no, 1 abstain, with quorum met.
• Browser voting: 4 yes, 0 no, 0 abstain.
• The page states the ballot passes and that the approval requirements were met for both CAs and browsers.

Timing shown on the ballot page

• Discussion: 27 June to 4 July.
• Vote for approval: 4 July to 11 July.
• If approved, a 30-day review period begins upon the Chair sending the Review Notice.
• If no Exclusion Notices are filed, the ballot becomes effective at the end of the Review Period.
• If Exclusion Notices are filed, ballot approval is rescinded and a PAG is to be created.