Guidelines Version 1.0 Errata


1. Remove reference to UTF-8 English

Section 6(a)(3) of the Guidelines is amended as follows, effective Sept. 11 2007:

DELETE:
'This field MUST contain one of the following strings in UTF-8 English: 'V1.0, Clause 5.(b)', 'V1.0, Clause 5.(c)' or 'V1.0, Clause 5.(d)', depending whether the Subject qualifies under the terms of Section 5b, 5c, or 5d of the Guidelines, respectively.'

ADD:
'This field MUST contain one of the following strings : 'V1.0, Clause 5.(b)', 'V1.0, Clause 5.(c)' or 'V1.0, Clause 5.(d)', depending whether the Subject qualifies under the terms of Section 5b, 5c, or 5d of the Guidelines, respectively.'

The amended section reads as follows:
'(3) Business Category Certificate Field subject: businessCategory (OID 2.5.4.15) Required/Optional Required Contents This field MUST contain one of the following strings : 'V1.0, Clause 5.(b)', 'V1.0, Clause 5.(c)' or 'V1.0, Clause 5.(d)', depending whether the Subject qualifies under the terms of Section 5b, 5c, or 5d of the Guidelines, respectively.' "

2. Non-commercial entities

The Guidelines are amended as follows, effective 4 Feb 2008:

2.1. Section 5 of the guidelines

Add the following subsection:
"(e) Non-Commercial Entity Subjects The CA MAY issue EV Certificates to Non-Commercial Entities who do not qualify under subsections (b), (c) and (d) but satisfy the following requirements:
(1) International Organization Entity Subjects
The CA MAY issue EV Certificates to International Organization Entities that satisfy the following requirements:
(1) The International Organization Entity is created under a Charter, Treaty, Convention or equivalent instrument that was signed by, or on behalf of, more than one country's government. The CABForum may publish a listing of International Organizations that have been approved for EV eligibility, and
(2) The International Organization Entity MUST NOT be headquartered in any country where the CA is prohibited from doing business or issuing a certificate by the laws of the CA's jurisdiction; and
(3) The International Organization Entity MUST NOT be listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of the CA's jurisdiction.
Subsidiary organizations or agencies of qualified international organizations may also qualify for EV certificates issued in accordance with these Guidelines."

2.2. Section 6(a)(3) of the Guidelines

Delete:
"This field MUST contain one of the following strings : 'V1.0, Clause 5.(b)', 'V1.0, Clause 5.(c)' or 'V1.0, Clause 5.(d)', depending whether the Subject qualifies under the terms of Section 5b, 5c, or 5d of the Guidelines, respectively."
Add:
"This field MUST contain one of the following strings: 'V1.0, Clause 5.(b)', 'V1.0, Clause 5.(c)', 'V1.0, Clause 5.(d)' or 'V1.0, Clause 5.(e)' depending whether the Subject qualifies under the terms of Section 5b, 5c,5d or 5e of the Guidelines, respectively."
The revised section shall read:
"(3) Business Category:
-Certificate Field: subject:businessCategory (OID 2.5.4.15)
-Required/Optional: Required
-Contents: This field MUST contain one of the following strings: "V1.0, Clause 5.(b)', 'V1.0, Clause 5.(c)', 'V1.0, Clause 5.(d)' or 'V1.0, Clause 5.(e)' depending whether the Subject qualifies under the terms of Section 5b, 5c,5d or 5e of the Guidelines, respectively."

2.3. Section 14(a)

Add section 14 (a) (4):
"(4) Non-Commercial Entities:
(1) International Organization Entities
a. Legal Existence: Verify that Applicant is a legally recognized International Organization Entity.
b. Entity Name: Verify that Applicant's formal legal name matches Applicant's name in the EV Certificate Request.
c. Registration Number: The CA SHOULD obtain Applicant's date of formation, or the identifier for the legislative act that created the International Organization Entity. In circumstances where this information is not available, the CA MUST enter appropriate language to indicate that the Subject is an International Organization Entity"

2.4. Section 14(b)

Add section 14(b)(5):
"Non-Commercial Entities
(a) International Organization Entities:
All items listed in subsection 14(a)(4)(1)MUST be verified either:

2.5. Definitions

Add:
"Country": A Country shall mean a Sovereign state as defined in the Guidelines.
"Sovereign State": A Sovereign state is a state, or country, that administers its own government, and is not dependent upon, or subject to, another power.
"International Organization": An International Organization is an organization founded by a constituent document, e.g., charter, treaty, convention, or similar document, signed by, or on behalf of, a minimum of two or more Sovereign State governments.

3. Parent/subsidiary for physical address

The Guidelines are amended as follows, effective 4 Feb 2008:

3.1. Section 16 (a) (1)

Add:
"or a Parent/Subsidiary Company".

The revised section shall read:

"(a) Address of Applicant's Place of Business
(1) Verification Requirements To verify Applicant's physical existence and
business presence, the CA MUST verify that the physical address provided by
Applicant is an address where Applicant or a Parent/Subsidiary Company conducts business operations (e.g., not a mail drop or P.O. box), and is the address of Applicant's Place of Business."

3.2. Section 16 (a) (2) (A) (1)

Add:
"or a Parent/Subsidiary Company".

The revised section shall read:

"(2) Acceptable Methods of Verification To verify the address of Applicant's
Place of Business:
(A) For Applicants whose Place of Business is in the same country as Applicant's Jurisdiction of Incorporation or Registration:
(1) For Applicants listed at the same Place of Business address in the current version of either at least one Qualified Independent Information Source or a Qualified Governmental Tax InformationSource, the CA MUST confirm that Applicant's address as listed in the
EV Certificate Request is a valid business address for Applicant or a Parent/Subsidiary Company by reference to such Qualified Independent Information Sources or a Qualified Governmental Tax Information Source, and MAY rely on Applicant's representation that such address is its Place of Business;"

3.3. Section 16 (a) (2) (A) (2)

Add:
"or a Parent/Subsidiary Company's."

The revised section shall read:

"For Applicants who are not listed at the same Place of Business address in the current version of either at least one Qualified Independent Information Source or a Qualified Governmental Tax Information Source, the CA MUST confirm that the address provided by Applicant in the EV Certificate Request is in fact Applicant's or a Parent/Subsidiary Company's business address, by obtaining documentation of a site visit to the business address, which MUST be performed by a reliable individual or firm. The documentation of the site visit MUST:
(a) Verify that Applicant's business is located at the exact address stated in the EV Certificate Request (e.g., via permanent signage, employee confirmation, etc.);
(b) Identify the type of facility (e.g., office in a commercial building, private residence, storefront, etc.) and whether it appears to be a permanent business location;
(c) Indicate whether there is a permanent sign (that cannot be moved) that identifies Applicant;
(d) Indicate whether there is evidence that Applicant is conducting ongoing business activities at the site (e.g., that it is not just a mail drop, P.O. box, etc.); and
(e) Include one or more photos of (i) the exterior of the site (showing signage indicating Applicant's name, if present, and showing the street address if possible), and (ii) the interior reception area or workspace."

3.4. Section 16 (a) (2) (A) (3)

Add:
"or a Parent/Subsidiary Company".

The revised section shall read:

"(3) For all Applicants, the CA MAY alternatively rely on a Verified Legal
Opinion or a Verified Accountant Letter that indicates the address of Applicant's or a Parent/Subsidiary Company's Place of Business and that business operations are conducted there."
Definitions
Delete:
"wholly owns"
Add:
"owns a majority of"

The new definitions shall read:

"48. Parent Company: A parent company is defined as a company that owns a majority of the Subsidiary Company and this can be verified by referencing a QIIS or from financial statement supplied by a registered Chartered Professional Accountant (CPA) or equivalent outside of the USA.
78. Subsidiary Company: A subsidiary company is defined as a company that is majority owned by Applicant as verified by referencing a QIIS or from financial statement supplied by a registered Chartered Professional Accountant (CPA) or equivalent outside of the USA."

4. Foreign Organization Name

The Guidelines are amended as follows, effective 12 Feb 2008:
Delete:
Appendix F
Add: "
Appendix F
Foreign Organization Name Guidelines

NOTE: This appendix is only relevant to EV applications from countries that do not have Latin character organization name registrations. More specific information for particular countries may be added to this appendix in the future.

Where an EV Applicant's organization name is not registered with a QGIS in Latin characters and the applicant's foreign character organization name and registration have been verified with a QGIS in accordance with these Guidelines, a CA MAY include a Latin character organization name in the EV certificate. In such a case, the CA MUST follow the procedures laid down in this appendix.

Romanized Names
In order to include a transliteration/Romanization of the registered name, the Romanization MUST be verified by the CA using a system officially recognized by the Government in the Applicant's jurisdiction of incorporation.

If the CA can not rely on a transliteration/Romanization of the registered name using a system officially recognized by the Government in the Applicant's jurisdiction of incorporation, then it MUST rely on one of the options below, in order of preference: English Name
In order to include a Latin character name that is not a Romanization of the registered name in the EV certificate, the CA MUST verify that the Latin character name is:
Country Specific Procedures
 F-1. Japan
In addition to the procedures set out above: "

5. Prior Equivalent Authority

The Guidelines are amended as follows, effective 19 Mar 2008:

Add to Section 19(c):

(6) Prior Equivalent Authority The signing authority of the Contract Signer, and/or the EV authority of the Certificate Approver, MAY be verified by relying on a demonstration of Prior Equivalent Authority.
(A) Prior Equivalent Authority of a Contract Signer MAY be relied upon for confirmation or verification of the signing authority of the Contract Signer when the Contract Signer has executed a binding contract between the CA and the Applicant with a legally valid and enforceable seal or handwritten signature and only when the contract was executed more than 90 days prior to the EV certificate application. The CA MUST record sufficient details of the previous agreement to correctly identify it and associate it with the EV application. Such details MAY include any of the following:
  1. Agreement title
  2. Date of Contract Signer's signature
  3. Contract reference number
  4. Filing location
(B) Prior Equivalent Authority of a Certificate Approver MAY be relied upon for confirmation or verification of the EV authority of the Certificate Approver when the Certificate Approver has performed one or more of the following:
(1) Under contract to the CA, has served (or is serving) as an Enterprise RA for the Applicant
(2) Has participated in the approval of one or more SSL certificates issued by the CA, which are currently in use on public servers operated by the Applicant. In this case the CA MUST have contacted the Certificate Approver by phone at a previously validated phone number or have accepted a signed and notarized letter approving the certificate request.