← CABF Ballot Browser
SC-082 failed

Ballot SC082: Clarify CA Assisted DNS Validation under 3.2.2.4.7

Server Certificate Working Group

Key dates

Voting opened
20 Nov 2024 1 year ago
Voting closed
27 Nov 2024 1 year ago
Discussion opened
12 Nov 2024 1 year ago
Discussion closed
19 Nov 2024 1 year ago

Resources

GitHub diff https://github.com/cabforum/servercert/compare/911e47e2657de64a7455ba16319b96ffdb5816cd..76f6e1b7a39f44f6e7b5a1bc0c4a0df744457d84 https://github.com/cabforum/servercert/compare/911e47e2657de64a7455ba16319b96ffdb5816cd..76f6e1b7a39f44f6e7b5a1bc0c4a0df744457d84

AI Summary

Generated 2026-06-23 21:15 UTC

Ballot outcome

  • Ballot SC082: Clarify CA Assisted DNS Validation under 3.2.2.4.7
  • Voting results: FAILED

Purpose and scope

  • Clarifies the practice of CA Assisted DNS Validation.
  • Adds constraints under Method 7 (3.2.4.4.7 DNS Change).
  • States that modification of other domain validation methods and introduction of new domain validation methods are not in scope.

Key proposed changes (as described in the ballot page and redline)

  • Adds a new definition: Canonical Authorization Domain Name.
  • Adds Canonical Authorization Domain Names into section 3.2.2.4.7 (DNS Change).
  • Adds constraints around CA usage of Canonical Authorization Names, including:
    • Enforce that CNAMEs are unique to an Applicant and not shared with multiple Applicants.
    • Expire DNS lookup results after 8 hours.
    • Restrict the type of DNS records located in zones used for this purpose.

Voting and bylaws requirements (as reported on the ballot page)

  • Bylaw 2.3(6):
    • Certificate Issuer category: two-thirds (2/3) or more requirement was MET.
    • Certificate Consumer category: 50% plus one (1) requirement was NOT MET.
    • At least one (1) Voting Member in each category voting in favour: NOT MET.
  • Bylaw 2.3(7): quorum requirement was MET.

Motion and artifacts referenced

  • Motion begins and ends are listed on the ballot page.
  • GitHub pull request and a GitHub compare link are provided as the redline basis for the proposed changes.
Model: gpt-5.4-nano Confidence: 0.78 Result: failed
Voting opened
2024-11-20
Voting closed
2024-11-27
Discussion opened
2024-11-12
Discussion closed
2024-11-19

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Vote result

Certificate Issuers 17 yes 0 no 4 abstain
Certificate Consumers 0 yes 1 no 2 abstain

CABF ballot approval depends on both voting classes; CA votes alone are not decisive.

17 Yes
1 No
6 Abstain

71% yes · 4% no · 25% abstain

Proposers

Michael Slaughter (Amazon Trust Services) and endorsed by Martijn Katerbarg (Sectigo) and Wayne Thayer (Fastly).

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot SC082: Clarify CA Assisted DNS Validation under 3.2.2.4.7Ballot SC082: Clarify CA Assisted DNS Validation under 3.2.2.4.7Voting Results The voting period for Ballot SC82: Clarify CA Assisted DNS Validation under 3.2.2.4.7 has completed. The ballot has: FAILED

View on cabforum.org → Last fetched 16 hours ago

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action