Ballot SC014: Updated Phone Validation Methods
Server Certificate Working Group
Key dates
- Effective date
- 31 May 2019 7 years ago
- Voting opened
- 24 Jan 2019 7 years ago
- Voting closed
- 31 Jan 2019 7 years ago
- Discussion opened
- 16 Jan 2019 7 years ago
- Discussion closed
- 23 Jan 2019 7 years ago
Resources
AI Summary
Ballot overview
- Ballot SC014, Updated Phone Validation Methods, was a Server Certificate Working Group ballot.
- The ballot passed.
- It updates Baseline Requirements phone validation methods by replacing Method 3 and adding new phone validation methods.
- It also adds a DNS TXT Record Phone Contact definition and a new DNS TXT record location for that phone number.
What changes were proposed
- Add DNS TXT Record Phone Contact to the Baseline Requirements definitions.
- Add a new rule that CAs must not perform validations using the existing phone validation method after May 31, 2019.
- Add a new method for validating by calling the Domain Contact’s phone number.
- Add a new method for validating by calling the DNS TXT Record Phone Contact’s phone number.
- Add appendix guidance requiring the DNS TXT record to be placed on the _validation-contactphone subdomain and to contain a valid Global Number.
Approval and voting
- The voting period ended and the ballot passed.
- Certificate Issuers: 19 yes votes, 0 no votes, 0 abstentions.
- Certificate Consumers: 5 yes votes, 0 no votes, 0 abstentions.
- The ballot states the bylaw requirements were met for both Certificate Issuers and Certificate Consumers.
- Quorum was met.
Compliance timing
- New phone based validations using the replaced method must stop after May 31, 2019.
- Completed validations using the replaced method remain valid for later issuance under the applicable certificate data reuse periods.
- The ballot text says new phone based validations must use the new method by the date specified in the ballot below, and the specified date is May 31, 2019.
Scope of the new methods
- The Domain Contact method allows a CA to call the Domain Contact’s phone number and obtain a confirming response.
- The DNS TXT Record Phone Contact method allows a CA to call the phone number published in the DNS TXT record and obtain a confirming response.
- Both methods allow one phone call to confirm multiple ADNs if the same phone number is listed for each ADN and each ADN receives a confirming response.
- For the DNS TXT Record Phone Contact method, the CA may not knowingly be transferred or request transfer.
- For both new methods, voicemail handling and Random Value validity rules are specified.
- The ballot notes that the new methods are suitable for validating Wildcard Domain Names.
- Effective date
- 2019-05-31
- Voting opened
- 2019-01-24
- Voting closed
- 2019-01-31
- Discussion opened
- 2019-01-16
- Discussion closed
- 2019-01-23
2019-05-31 — CAs SHALL NOT perform validations using this method after this date; completed validations remain valid for subsequent issuance per the applicable certificate data reuse periods Applies to the replaced phone validation method used for new phone based validations
AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.
Vote result
Proposers
Doug Beattie of GlobalSign and endorsed by Bruce Morton of Entrust and Tim Hollebeek of DigiCert.
Excerpt
SearchHome » All CA/Browser Forum Posts » Ballot SC014: Updated Phone Validation MethodsBallot SC014: Updated Phone Validation MethodsThe voting period for Ballot SC14 has ended and the Ballot has Passed. Here are the results: Voting by Certificate Issuers – 19 votes total including abstentions