Ballot 218 – Remove validation methods 1 and 5
Server Certificate Working Group
Key dates
- Effective date
- 01 Aug 2018 7 years ago
- Voting opened
- 29 Jan 2017 9 years ago
- Voting closed
- 05 Feb 2017 9 years ago
- Discussion opened
- 22 Jan 2017 9 years ago
- Discussion closed
- 29 Jan 2017 9 years ago
AI Summary
Ballot overview
- Ballot 218, Remove validation methods 1 and 5, was a Server Certificate Working Group ballot.
- The ballot page states that the voting period ended and the ballot passed.
- Voting results were 14 yes, 4 no, and 4 abstain among CAs, and 5 yes, 0 no, and 0 abstain among browsers.
- The page states quorum was met and the approval thresholds were met for both CAs and browsers.
What the ballot changed
- The ballot modified the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, based on Version 1.5.4.
- It added a new definition of Domain Contact to include direct contact with the Domain Name Registrar.
- It added text to Section 3.2.2.4.1 and Section 3.2.2.4.5 stating that, for certificates issued on or after August 1, 2018, those methods SHALL NOT be used for validation and completed validations using those methods SHALL NOT be used for issuance.
- It added two new subsections:
- 3.2.2.4.11 Any Other Method, stating the method has been retired and MUST NOT be used.
- 3.2.2.4.12 Validating Applicant as a Domain Contact, allowing use only if the CA is also the Domain Name Registrar, or an Affiliate of the Registrar, of the Base Domain Name.
- It added text to Section 4.2.1 stating that validations completed using methods in Sections 3.2.2.4.1 or 3.2.2.4.5 SHALL NOT be re-used on or after August 1, 2018.
Timing stated on the ballot page
- Discussion: 2017-01-22 21:30:00 UTC to 2017-01-29 21:50:00 UTC
- Vote for approval: 2017-01-29 21:50:00 UTC to 2017-02-05 21:50 UTC
Compliance impact
- The ballot imposes an August 1, 2018 compliance date for the affected validation methods.
- For certificates issued on or after that date, methods in Sections 3.2.2.4.1 and 3.2.2.4.5 must not be used for validation, and completed validations using those methods must not be used for issuance.
- Validations completed using those methods must not be re-used on or after that date.
- The new Domain Contact method in Section 3.2.2.4.12 is limited to CAs that are also the Domain Name Registrar, or an Affiliate of the Registrar, of the Base Domain Name.
- Effective date
- 2018-08-01
- Voting opened
- 2017-01-29
- Voting closed
- 2017-02-05
- Discussion opened
- 2017-01-22
- Discussion closed
- 2017-01-29
2018-08-01 — Methods in Sections 3.2.2.4.1 and 3.2.2.4.5 must not be used for validation, and completed validations using those methods must not be used for issuance Certificates issued on or after this date
2018-08-01 — Those validations must not be re-used on or after this date Validations completed using methods in Sections 3.2.2.4.1 or 3.2.2.4.5
AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.
Proposers
Tim Hollebeek of DigiCert and endorsed by Ryan Sleevi of Google and Rich Smith of Comodo.
Excerpt
SearchHome » All CA/Browser Forum Posts » Ballot 218 – Remove validation methods 1 and 5Ballot 218 – Remove validation methods 1 and 5The voting period for Ballot 218 has ended and the ballot has passed. Here are the results.