← CABF Ballot Browser
SC-018 failed

Ballot SC018: Phone Contact with DNS CAA Phone Contact

Server Certificate Working Group

Key dates

Voting opened
23 Apr 2019 7 years ago
Voting closed
30 Apr 2019 7 years ago
Discussion opened
16 Apr 2019 7 years ago

Resources

GitHub diff https://github.com/dougbeattie/documents/compare/master...dougbeattie:SC18-v1-CAA-Phone-Validation https://github.com/dougbeattie/documents/compare/master...dougbeattie:SC18-v1-CAA-Phone-Validation

AI Summary

Generated 2026-06-23 21:24 UTC

Ballot outcome

  • Ballot SC018: Phone Contact with DNS CAA Phone Contact ended in failure.
  • The page states the voting period had ended and the ballot had failed.
  • Voting results shown on the page:
    • Certificate Issuers: 1 yes vote, 9 no votes, 0 abstain
    • Certificate Consumers: 0 yes votes, 1 no vote, 0 abstain
  • The page says the approval thresholds in Bylaw 2.3(f) were met for both Certificate Issuers and Certificate Consumers, and that at least one Certificate Issuer and one Certificate Consumer voted in favor.
  • The page also says quorum was not met under Bylaw 2.3(g), because half of currently active Members as of the start of voting was 12, so quorum was 13 votes.

What the ballot proposed

  • Add a DNS CAA Phone Contact definition to the Baseline Requirements.
  • Add the ADN acronym, meaning Authorization Doman Name.
  • Add a new domain validation method, Phone Contact with DNS CAA Phone Contact, allowing a CA to confirm control of an FQDN by calling the phone number listed in the DNS CAA record and obtaining a confirming response.
  • Allow one phone call to confirm multiple ADNs when the same DNS CAA Phone Contact number is listed for each ADN and each ADN receives a confirming response.
  • Require the relevant CAA Resource Record Set to be found using the RFC 6844 search algorithm as amended by Errata 5065.
  • Prohibit transfer of the CA or request to be transferred for this phone number because it is specifically listed for domain validation.
  • Allow voicemail handling by leaving the Random Value and the ADN(s) being validated, with the Random Value returned to the CA to approve the request.
  • Limit the Random Value validity period to no more than 30 days from creation, while allowing the CPS to specify a shorter period.
  • State that once an FQDN is validated this way, the CA may also issue certificates for other FQDNs ending with all labels of the validated FQDN, making the method suitable for wildcard domain names.
  • Add appendix section B.1.2 for the CAA contactphone property, requiring a valid RFC 3966 Global Number with a preceding + and country code, and allowing visual separators.

Dates in the ballot procedure

  • Discussion start: 2019-04-16 16:00 Eastern
  • Discussion end: Not before 2018-04-23 16:00 Eastern
  • Vote for approval start: 2019-04-23 17:15 Eastern
  • Vote for approval end: 2019-04-30 17:15 Eastern

Linked artifact

  • The GitHub diff shows the same proposed changes in BR.md, including the new DNS CAA Phone Contact definition, the ADN acronym, the new validation section 3.2.2.4.17, and appendix B.1.2 for contactphone.
Model: gpt-5.4-mini Confidence: 0.99 Result: failed
Voting opened
2019-04-23
Voting closed
2019-04-30
Discussion opened
2019-04-16

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Vote result

0 Yes
0 No
0 Abstain

Proposers

Doug Beattie of GlobalSign and endorsed Tim Hollebeek of DigiCert and Bruce Morton from Entrust.

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot SC018: Phone Contact with DNS CAA Phone ContactBallot SC018: Phone Contact with DNS CAA Phone ContactThe voting period for Ballot SC18 has ended and the Ballot has Failed. Here are the results: Voting by Certificate Issuers – 10 votes total including abstentions

View on cabforum.org → Last fetched 15 hours ago

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action