Discussion Period Begins: Ballot SC-102: EV Domain Reuse and Validity Alignment

[Dustin Hollenback]

Ballot SC-102: EV Domain Reuse and Validity Alignment

Summary of the Ballot

This ballot aligns Extended Validation domain re-validation and certificate validity with the Baseline Requirements, removing EV-specific values that the Baseline Requirements already supersede. It makes the following changes to the EV Guidelines:

• Removes the WHOIS/RDAP same-registrant re-check from the domain reuse path in Section 3.2.2.14.1(6), so EV domain re-validation relies on Section 3.2.2.7 like any other domain validation.
• Replaces the hardcoded "398 days" Domain Name data reuse period in Section 3.2.2.14.3(1) with a reference to Section 4.2.1 of the Baseline Requirements, and generalizes the related "398-day period" sentence.
• Replaces the EV certificate validity text in Section 6.3.2 with a reference to Section 6.3.2 of the Baseline Requirements.

These changes are not expected to be disruptive. An EV Certificate is already a TLS Subscriber Certificate bound by the Baseline Requirements, so the ballot removes redundant or stale text rather than imposing new obligations. There is not a future effective date as there is not an expected new requirement.

Background of the Ballot

The Baseline Requirements have moved away from relying on WHOIS/RDAP registration data for domain validation (SC-080 sunset the WHOIS/RDAP-dependent Domain Contact methods) and they now carry a published schedule (SC-081) that reduces both certificate validity and data reuse periods over time. The EV Guidelines, however, still hardcode "398 days" for both the Domain Name data reuse period and EV certificate validity. Those figures are already incorrect: the Baseline Requirements cap Domain Name reuse at 200 days today and decline further on the published schedule, and they cap validity on the same trajectory. Because an EV Certificate is a TLS Subscriber Certificate, it is already bound by those limits, so the separate EV-specific values are at best redundant and at worst misleading. The same-registrant re-check in Section 3.2.2.14.1(6) depends on that same WHOIS/RDAP registration data which the Forum has been moving away from for validation and it is redundant with the domain control re-verification already required under Section 3.2.2.7. This ballot removes these EV-specific provisions so EV domain re-validation and validity track the Baseline Requirements directly.

This ballot is proposed by Dustin Hollenback (Apple) and endorsed by Martijn Katerbarg (Sectigo) and Scott Rea (eMudhra).

--- Motion Begins ---

Modify the "Guidelines for the Issuance and Management of Extended Validation Certificates", based on Version 2.0.2, per the following redline:

https://github.com/cabforum/servercert/compare/cabforum:1bcb34993331313c92ac7d6af778e81ca3d5faff...dustinhollenback-apple:28777f520309c2ae5561b81e223b34cc9aed93ef

--- Motion Ends ---

This ballot proposes a Final Maintenance Guideline and will be subject to a 30-day IPR Review Period following a successful vote.

Discussion Period (at least 7 calendar days):

• Start time: Thursday, 2026-06-18 16:00 UTC
• End time: Monday, 2026-07-06 12:00 UTC or later

Vote for approval (exactly 7 calendar days): 

• Start time: TBD (estimated Monday, 2026-07-06 17:00 UTC)
• End time: TBD (estimated Monday, 2026-07-13 17:00 UTC)