Discussion Period Begins: Ballot SC-102: EV Domain Reuse and Validity Alignment

225 views
Skip to first unread message

Dustin Hollenback

unread,
Jun 18, 2026, 11:55:39 AMJun 18
to server...@groups.cabforum.org

Ballot SC-102: EV Domain Reuse and Validity Alignment

Summary of the Ballot
This ballot aligns Extended Validation domain re-validation and certificate validity with the Baseline Requirements, removing EV-specific values that the Baseline Requirements already supersede. It makes the following changes to the EV Guidelines:
  • Removes the WHOIS/RDAP same-registrant re-check from the domain reuse path in Section 3.2.2.14.1(6), so EV domain re-validation relies on Section 3.2.2.7 like any other domain validation.
  • Replaces the hardcoded "398 days" Domain Name data reuse period in Section 3.2.2.14.3(1) with a reference to Section 4.2.1 of the Baseline Requirements, and generalizes the related "398-day period" sentence.
  • Replaces the EV certificate validity text in Section 6.3.2 with a reference to Section 6.3.2 of the Baseline Requirements.

These changes are not expected to be disruptive. An EV Certificate is already a TLS Subscriber Certificate bound by the Baseline Requirements, so the ballot removes redundant or stale text rather than imposing new obligations. There is not a future effective date as there is not an expected new requirement.


Background of the Ballot
The Baseline Requirements have moved away from relying on WHOIS/RDAP registration data for domain validation (SC-080 sunset the WHOIS/RDAP-dependent Domain Contact methods) and they now carry a published schedule (SC-081) that reduces both certificate validity and data reuse periods over time. The EV Guidelines, however, still hardcode "398 days" for both the Domain Name data reuse period and EV certificate validity. Those figures are already incorrect: the Baseline Requirements cap Domain Name reuse at 200 days today and decline further on the published schedule, and they cap validity on the same trajectory. Because an EV Certificate is a TLS Subscriber Certificate, it is already bound by those limits, so the separate EV-specific values are at best redundant and at worst misleading. The same-registrant re-check in Section 3.2.2.14.1(6) depends on that same WHOIS/RDAP registration data which the Forum has been moving away from for validation and it is redundant with the domain control re-verification already required under Section 3.2.2.7. This ballot removes these EV-specific provisions so EV domain re-validation and validity track the Baseline Requirements directly.

This ballot is proposed by Dustin Hollenback (Apple) and endorsed by Martijn Katerbarg (Sectigo) and Scott Rea (eMudhra).


--- Motion Begins ---

Modify the "Guidelines for the Issuance and Management of Extended Validation Certificates", based on Version 2.0.2, per the following redline:


--- Motion Ends ---


This ballot proposes a Final Maintenance Guideline and will be subject to a 30-day IPR Review Period following a successful vote.



Discussion Period (at least 7 calendar days):
  • Start time: Thursday, 2026-06-18 16:00 UTC
  • End time: Monday, 2026-07-06 12:00 UTC or later

Vote for approval (exactly 7 calendar days): 
  • Start time: TBD (estimated Monday, 2026-07-06 17:00 UTC)
  • End time: TBD (estimated Monday, 2026-07-13 17:00 UTC)

Tim Hollebeek

unread,
Jul 9, 2026, 11:12:20 AM (4 days ago) Jul 9
to server...@groups.cabforum.org
DigiCert votes YES on SC-102.

-Tim



From: 'Dustin Hollenback' via Server Certificate WG (CA/B Forum)
Sent: Thursday, June 18, 2026 11:55 AM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Discussion Period Begins: Ballot SC-102: EV Domain Reuse and Validity Alignment

--
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/0A7FD406-95BA-4498-96BF-C8B3B0FFBBF5%40apple.com.

rwh...@godaddy.com

unread,
Jul 10, 2026, 2:47:21 PM (3 days ago) Jul 10
to server...@groups.cabforum.org
GoDaddy votes "Yes" to SC-102.

Thanks,

Rob White


From: 'Tim Hollebeek' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Thursday, July 9, 2026 10:12 AM
To: server...@groups.cabforum.org <server...@groups.cabforum.org>
Subject: Re: [Servercert-wg] Discussion Period Begins: Ballot SC-102: EV Domain Reuse and Validity Alignment

DigiCert votes YES on SC-102. -Tim From: 'Dustin Hollenback' via Server Certificate WG (CA/B Forum) Sent: Thursday, June 18, 2026 11: 55 AM To: servercert-wg@ groups. cabforum. org Subject: [Servercert-wg] Discussion Period Begins: Ballot SC-102: 
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
 
ZjQcmQRYFpfptBannerEnd
Reply all
Reply to author
Forward
0 new messages