Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

[Ryan Dickson]

Purpose of Ballot SC-080 V3:

This ballot proposes updates to the Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates (TLS BRs) to address concerns regarding the use of WHOIS and HTTPS websites for identifying Domain Contacts.

Background:

This ballot intends to accomplish two objectives, originally described in [1], but have since been updated in response to community feedback.

Objective 1: Enhance WHOIS/RDAP validation of gTLDs with comparable security properties to DNS-based validation.

Justification:

- A recent disclosure [2] demonstrated how threat actors could exploit deficiencies in the WHOIS protocol and WHOIS tools served via HTTPS websites to obtain fraudulent TLS certificates.

- Discussions within the Mozilla Dev Security Policy (MDSP) community [3] further expressed corresponding risks related to WHOIS, while also noting that ccTLDs may not maintain accurate or up-to-date WHOIS server records. Several examples of inoperative WHOIS servers for ccTLDs were identified.

- Solutions to strengthen existing WHOIS lookup methods were proposed in [5] and some are considered in this ballot.

Objective 2: Sunset Methods 3.2.2.4.2 (“Email, Fax, SMS, or Postal Mail to Domain Contact”) and 3.2.2.4.15 (“Phone Contact with Domain Contact”).

Justification:

- While solutions to strengthen WHOIS-relying DCV methods are considered in this ballot (see above), there is limited public evidence of significant reliance on these methods, including in response to [3] and [6]. 

- Instead, discussion has identified at least one CA Owner has already sunset reliance on WHOIS [7], and another that has changed its approach [8] for relying on WHOIS since disclosure of [2].

- More modern and heavily relied-upon DCV methods offer advantages over the existing WHOIS-based methods, including greater opportunity for seamless certificate lifecycle management automation (e.g., [9] and [10]), while also benefiting from recently improved security practices [11]. These methods can also more effectively align subscriber capabilities with agility and resilience expectations necessary to respond to the revocation timelines described in the TLS BRs [12]. 

- Beyond the above, previous discussions within the CA/Browser Forum have raised concerns about the perceived value (e.g., [13]) and security (e.g., [14]) of the DCV methods relying on WHOIS, further supporting the rationale for their gradual sunset.

Benefits of adoption:

- Enhanced Security: Eliminates reliance on outdated and vulnerable DCV methods that cannot consistently provide the security required by the TLS BRs, or benefit from recent DCV security enhancements (i.e., Multi-Perspective Issuance Corroboration [11]).   

- Increased Agility: Encourages site owners to transition to modern DCV methods, creating opportunities for faster, more efficient, and less error-prone certificate lifecycle management.   

- Opportunity for Innovation: Promotes the development of new and/or improved DCV methods, fostering innovation that may enhance the overall security and agility of the ecosystem.

 

Proposed Key Dates:

The effective dates considered in this update are intended to 1) address the immediate concerns identified by [2], and 2) offer near-term and longer-term transition periods for subscribers and CA Owners relying on existing implementations of these methods.

January 15, 2025: For Methods 3.2.2.4.2, 3.2.2.4.12, and 3.2.2.4.15…

- CAs MUST NOT rely on Domain Contact information obtained using an HTTPS website, regardless of whether previously obtained information is within the allowed reuse period.

- When obtaining Domain Contact information for a requested Domain Name using the WHOIS protocol (RFC 3912) or the Registry Data Access Protocol (RFC 7482), the CA must follow specific practices (described in the ballot).

- CAs MUST NOT rely on cached 1) WHOIS server information that is more than 48 hours old, or 2) RDAP bootstrap data from IANA that is more than 48 hours old, to ensure that it relies upon up-to-date and accurate information.

July 15, 2025: 

- CAs MUST NOT issue Subscriber Certificates relying on Methods 3.2.2.4.2 ("Email, Fax, SMS, or Postal Mail to Domain Contact") or 3.2.2.4.15 ("Phone Contact with Domain Contact").

- Prior validations using these methods and validation data gathered therein MUST NOT be used to issue new Subscriber Certificates.

Proposal Revision History:

- Pre-Ballot Version #1 [4]

- Version #1 Ballot and discussion [15]

- Version #2 Pre-Release [17] and discussion [18]

- Version #2 Ballot [19] and discussion [20]

- Version #3 Pre-Release [21] 

- Version #3 (this version, introduced in [23])

The following motion has been proposed by Ryan Dickson and Chris Clements of Google (Chrome Root Program) and endorsed by Arvid Vermote (GlobalSign) and Pedro Fuentes (OISTE).

— Motion Begins —

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates” (“Baseline Requirements”), based on Version 2.0.8.

MODIFY the Baseline Requirements as specified in the following Redline:

https://github.com/cabforum/servercert/compare/d820f37f9e1550805c210dcaf5162b7f86ccfb69..d356eb8c4bca3f12f5036b45c76ca963aa102ee4 

— Motion Ends —

This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:

Discussion

- Start: 2024-10-23 20:00:00 UTC

- End: 2024-10-31 13:59:00 UTC

Vote for approval (7 days)

- Start: 2024-10-31 14:00:00 UTC

- End: 2024-11-07 14:00:00 UTC

Thanks,

Ryan

References:

[1] https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004900.html 

[2] https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ 

[3] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/FuOi_uhQB6U/m/hKJOz3XzAAAJ 

[4] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/mAl9XjieSkA/m/oDNWxtPwAQAJ 

[5] https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004839.html 

[6] https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004844.html 

[7] https://aws.amazon.com/blogs/security/aws-certificate-manager-will-discontinue-whois-lookup-for-email-validated-certificates/ 

[8] https://bugzilla.mozilla.org/show_bug.cgi?id=1917896 

[9] https://cabforum.org/working-groups/server/baseline-requirements/requirements/#32247-dns-change 

[10] https://cabforum.org/working-groups/server/baseline-requirements/requirements/#322419-agreed-upon-change-to-website---acme 

[11] https://cabforum.org/working-groups/server/baseline-requirements/requirements/#3229-multi-perspective-issuance-corroboration 

[12] https://cabforum.org/working-groups/server/baseline-requirements/requirements/#491-circumstances-for-revocation 

[13] https://archive.cabforum.org/pipermail/servercert-wg/2018-August/000113.html 

[14] https://lists.cabforum.org/pipermail/validation/2024-July/001995.html 

[15] https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004825.html 

[16] https://github.com/ryancdickson/staging/compare/356799f0dcfe11deb0a375a11233403236ab72c9..7a2ea7b33611bebf006a99a9a82729f183143eac 

[17] https://github.com/ryancdickson/staging/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5..7a2ea7b33611bebf006a99a9a82729f183143eac 

[18] https://github.com/ryancdickson/staging/pull/9 

[19] https://github.com/cabforum/servercert/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5..7f2b54cfa5b89f41458a88211566ce508c464804 

[20] https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/AyTKMqwbCzc/m/MZ1CwW5nAQAJ

[21] https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/AyTKMqwbCzc/m/hjUhnaJsAgAJ

[22] https://github.com/cabforum/servercert/pull/555 

[23] https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/A6VokJVT8rw/m/srjtP5mKAAAJ 

[Ben Wilson]

Mozilla votes "yes" on Ballot SC-030 v.3.

--
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/CADEW5O-Pe5X-K427jeMbFWqFf4wEAMLEY7eg9OE28eTKA8Z5PQ%40mail.gmail.com.

[Dimitris Zacharopoulos (HARICA)]

HARICA votes "yes" to ballot SC-080 v3.

[Ben Wilson]

Oops - Mozilla votes "yes" on Ballot SC-080 v.3.

[Pedro FUENTES]

OISTE votes YES to ballot SC-080 v3

--
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/CADEW5O-Pe5X-K427jeMbFWqFf4wEAMLEY7eg9OE28eTKA8Z5PQ%40mail.gmail.com.

WISeKey SA

Pedro Fuentes
CSO - Trust Services Manager
Office: + 41 (0) 22 594 30 00
Mobile: + 41 (0) 791 274 790

Address: Avenue Louis-Casaï 58 | 1216 Cointrin | Switzerland

Stay connected with WISeKey

THIS IS A TRUSTED MAIL: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks

CONFIDENTIALITY: This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender

DISCLAIMER: WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.

[Doug Beattie]

GlobalSign votes YES to ballot SC-080 v3

 

Doug

--

[Bruce Morton]

Entrust votes Yes to ballot SC-080 V3.

 

 

Bruce.

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>

Sent: Thursday, October 31, 2024 9:59 AM
To: server...@groups.cabforum.org

--

You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/CADEW5O-Pe5X-K427jeMbFWqFf4wEAMLEY7eg9OE28eTKA8Z5PQ%40mail.gmail.com.

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

[Ponds-White, Trev]

Amazon Trust Services votes yes.

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Thursday, October 31, 2024 06:59
To: server...@groups.cabforum.org
Subject: [EXTERNAL] [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

 

--

[CHASSERY Francois]

Certinomis votes YES on Ballot SC-080 V3

 

De : 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Envoyé : jeudi 31 octobre 2024 14:59
À : server...@groups.cabforum.org
Objet : [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

--

[Rollin.Yu]

TrustAsia votes YES on ballot SC-080 V3.

[Marco Schambach]

IdenTrust votes “Yes” on Ballot SC-080 V3

 

Marco S.

TrustID Program Manager

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>

Sent: Thursday, October 31, 2024 9:59 AM
To: server...@groups.cabforum.org

--

[Scott Rea]

eMudhra Votes YES in SC-080 V3

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Date: Thursday, 31 October 2024 at 8:00 AM
To: server...@groups.cabforum.org <server...@groups.cabforum.org>
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

CAUTION: This email is originated from outside of the organization. Do not open the links or the attachments unless you recognize the sender and know the content is safe.

 

--

You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/CADEW5O-Pe5X-K427jeMbFWqFf4wEAMLEY7eg9OE28eTKA8Z5PQ%40mail.gmail.com.

Disclaimer: The email and its contents hold confidential information and are intended for the person or entity to which it is addressed. If you are not the intended recipient, please note that any distribution or copying of this email is strictly prohibited as per Company Policy, you are requested to notify the sender and delete the email and associated attachments with it from your system.

[郭宗閔]

Chunghwa Telecom votes Yes to ballot SC-080 V3.

 

 

Best regards,

Chunghwa Telecom Co., Ltd.,

Tsung-Min Kuo, Ph.D.

--

You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/CADEW5O-Pe5X-K427jeMbFWqFf4wEAMLEY7eg9OE28eTKA8Z5PQ%40mail.gmail.com.

 

本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任.
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.

[Martijn Katerbarg]

Sectigo votes YES.

 

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Date: Thursday, 31 October 2024 at 15:00
To: server...@groups.cabforum.org <server...@groups.cabforum.org>
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 

--

[Backman, Antti]

Telia votes ’Yes’ on Ballot SC-080 v3.

 

//Antti

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Date: Thursday, 31. October 2024 at 16.01
To: server...@groups.cabforum.org <server...@groups.cabforum.org>
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

--

[Tom Zermeno]

SSL.com votes “Yes” on Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

 

 

Regards,

 

Tom

SSL.com

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Thursday, October 31, 2024 8:59 AM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

 

Purpose of Ballot SC-080 V3:

--

[Chris Clements]

Google votes YES on Ballot SC-080 V3.

[성지은]

MOIS votes YES on Ballot SC-080 V3.

---

Date: 2024/10/31 23:02:42
From: "'Ryan Dickson' via Server Certificate WG (CA/B Forum)"

To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

--
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/CADEW5O-Pe5X-K427jeMbFWqFf4wEAMLEY7eg9OE28eTKA8Z5PQ%40mail.gmail.com.

[어수영(Eo Sooyoung)]

NAVER Cloud Trust Services votes YES on ballot SC-080 v3.

-----Original Message-----
From: "'Ryan Dickson' via Server Certificate WG (CA/B Forum)"<server...@groups.cabforum.org>
To: <server...@groups.cabforum.org>;
Cc:
Sent: 2024. 10. 31. (목) 22:59 (GMT+09:00)
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

--
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/CADEW5O-Pe5X-K427jeMbFWqFf4wEAMLEY7eg9OE28eTKA8Z5PQ%40mail.gmail.com.

[仇大伟]

CFCA votes "yes" on Ballot SC-030 V3.

-----原始邮件-----
发件人: "'Ryan Dickson' via Server Certificate WG (CA/B Forum)" <server...@groups.cabforum.org>
发送时间: 2024-10-31 21:59:00 (星期四)
收件人: server...@groups.cabforum.org
主题: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

[Michael Guenther]

[sde...@godaddy.com]

GoDaddy votes "yes" on Ballot SC-030 v.3

 

Cheers,

Steven

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Date: Thursday, October 31, 2024 at 10:00 AM
To: server...@groups.cabforum.org <server...@groups.cabforum.org>
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad@.

 

--

[sde...@godaddy.com]

Apologies for the typo in my previous vote email.  For clarity, GoDaddy votes “yes” on Ballot SC-080 V3.

 

Cheers,

Steven

 

To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/CH2PR02MB6774192FCE61EE9406011225BF522%40CH2PR02MB6774.namprd02.prod.outlook.com.

[蔡家宏(chtsai)]

TWCA votes Yes on Ballot SC-080 V3.

 

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Thursday, October 31, 2024 9:59 PM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

 

Purpose of Ballot SC-080 V3:

--

[Jeun, Inkyung (Lynn)]

VISA votes YES to “Ballot SC-080 v3”.

 

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Thursday, October 31, 2024 9:59 AM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

 

Purpose of Ballot SC-080 V3:

--

[Clint Wilson]

Apple votes YES on Ballot SC-080 V3.

[Wayne Thayer]

Fastly votes Yes on ballot SC-080 V3.

- Wayne

[大野 文彰]

SECOM Trust Systems votes YES on Ballot SC-080 V3.

 

Best Regards,

 

ONO, Fumiaki

SECOM Trust Systems Co., Ltd.

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Thursday, October 31, 2024 10:59 PM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

 

Purpose of Ballot SC-080 V3:

[So, Nicol]

CommScope votes “YES” on Ballot SC-080 V3.

To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/DS0PR11MB7851211222C79DE6F72DF45482552%40DS0PR11MB7851.namprd11.prod.outlook.com.

[Mads Egil Henriksveen]

Buypass votes YES on ballot SC-080 V3.

Regards

Mads

 

From: 'Ryan Dickson' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: torsdag 31. oktober 2024 14:59
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

 

Purpose of Ballot SC-080 V3:

This ballot proposes updates to the Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates (TLS BRs) to address concerns regarding the use of WHOIS and HTTPS websites for identifying Domain Contacts.

[Yoshihiko Matsuo]

JPRS abstains on Ballot SC-080 V3.

Yoshihiko Matsuo

> https://github.com/cabforum/servercert/compare/d820f37f9e1550805c210dcaf5162b7f86ccfb69..d356eb8c4bca3f12f5036b45c76ca963aa102ee4 <https://github.com/cabforum/servercert/compare/d820f37f9e1550805c210dcaf5162b7f86ccfb69..d356eb8c4bca3f12f5036b45c76ca963aa102ee4>

>
>
> — Motion Ends —
>
>
> This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:
>
>
> Discussion
>
> - Start: 2024-10-23 20:00:00 UTC
>
> - End: 2024-10-31 13:59:00 UTC
>
>
> Vote for approval (7 days)
>
> - Start: 2024-10-31 14:00:00 UTC
>
> - End: 2024-11-07 14:00:00 UTC
>
>
> Thanks,
>
> Ryan
>
>
>
> References:
>

> [1] https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004900.html <https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004900.html>
>
> [2] https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ <https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/>
>
> [3] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/FuOi_uhQB6U/m/hKJOz3XzAAAJ <https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/FuOi_uhQB6U/m/hKJOz3XzAAAJ>
>
> [4] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/mAl9XjieSkA/m/oDNWxtPwAQAJ <https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/mAl9XjieSkA/m/oDNWxtPwAQAJ>
>
> [5] https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004839.html <https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004839.html>
>
> [6] https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004844.html <https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004844.html>
>
> [7] https://aws.amazon.com/blogs/security/aws-certificate-manager-will-discontinue-whois-lookup-for-email-validated-certificates/ <https://aws.amazon.com/blogs/security/aws-certificate-manager-will-discontinue-whois-lookup-for-email-validated-certificates/>
>
> [8] https://bugzilla.mozilla.org/show_bug.cgi?id=1917896 <https://bugzilla.mozilla.org/show_bug.cgi?id=1917896>
>
> [9] https://cabforum.org/working-groups/server/baseline-requirements/requirements/#32247-dns-change <https://cabforum.org/working-groups/server/baseline-requirements/requirements/#32247-dns-change>
>
> [10] https://cabforum.org/working-groups/server/baseline-requirements/requirements/#322419-agreed-upon-change-to-website---acme <https://cabforum.org/working-groups/server/baseline-requirements/requirements/#322419-agreed-upon-change-to-website---acme>
>
> [11] https://cabforum.org/working-groups/server/baseline-requirements/requirements/#3229-multi-perspective-issuance-corroboration <https://cabforum.org/working-groups/server/baseline-requirements/requirements/#3229-multi-perspective-issuance-corroboration>
>
> [12] https://cabforum.org/working-groups/server/baseline-requirements/requirements/#491-circumstances-for-revocation <https://cabforum.org/working-groups/server/baseline-requirements/requirements/#491-circumstances-for-revocation>
>
> [13] https://archive.cabforum.org/pipermail/servercert-wg/2018-August/000113.html <https://archive.cabforum.org/pipermail/servercert-wg/2018-August/000113.html>
>
> [14] https://lists.cabforum.org/pipermail/validation/2024-July/001995.html <https://lists.cabforum.org/pipermail/validation/2024-July/001995.html>
>
> [15] https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004825.html <https://archive.cabforum.org/pipermail/servercert-wg/2024-September/004825.html>
>
> [16] https://github.com/ryancdickson/staging/compare/356799f0dcfe11deb0a375a11233403236ab72c9..7a2ea7b33611bebf006a99a9a82729f183143eac <https://github.com/ryancdickson/staging/compare/356799f0dcfe11deb0a375a11233403236ab72c9..7a2ea7b33611bebf006a99a9a82729f183143eac>
>
> [17] https://github.com/ryancdickson/staging/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5..7a2ea7b33611bebf006a99a9a82729f183143eac <https://github.com/ryancdickson/staging/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5..7a2ea7b33611bebf006a99a9a82729f183143eac>
>
> [18] https://github.com/ryancdickson/staging/pull/9 <https://github.com/ryancdickson/staging/pull/9>
>
> [19] https://github.com/cabforum/servercert/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5..7f2b54cfa5b89f41458a88211566ce508c464804 <https://github.com/cabforum/servercert/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5..7f2b54cfa5b89f41458a88211566ce508c464804>
>
> [20] https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/AyTKMqwbCzc/m/MZ1CwW5nAQAJ <https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/AyTKMqwbCzc/m/MZ1CwW5nAQAJ>
>
> [21] https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/AyTKMqwbCzc/m/hjUhnaJsAgAJ <https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/AyTKMqwbCzc/m/hjUhnaJsAgAJ>
>
> [22] https://github.com/cabforum/servercert/pull/555 <https://github.com/cabforum/servercert/pull/555>
>
> [23] https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/A6VokJVT8rw/m/srjtP5mKAAAJ <https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/A6VokJVT8rw/m/srjtP5mKAAAJ>

>
>
> --
> You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.

> To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org <mailto:servercert-w...@groups.cabforum.org>.
> To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/CADEW5O-Pe5X-K427jeMbFWqFf4wEAMLEY7eg9OE28eTKA8Z5PQ%40mail.gmail.com <https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/CADEW5O-Pe5X-K427jeMbFWqFf4wEAMLEY7eg9OE28eTKA8Z5PQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.

[Inigo Barreira]

Sorry, but this vote can´t be counted because this person is not assigned as representative for the server cert WG.

Alos, there´s a typo in the ballot number, but this is not the reason.

 

De: 仇大伟 <qiud...@cfca.com.cn>
Enviado el: martes, 5 de noviembre de 2024 6:54
Para: server...@groups.cabforum.org
Asunto: Re: [Servercert-wg] Voting Period Begins - Ballot SC-080 V3: "Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods"

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 

To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/256c5cd1.3dfc.192fae2fdba.Coremail.qiudawei%40cfca.com.cn.