| ACTION 5: Discontinue use of BR Validation Methods 3.2.2.4.1 and 3.2.2.4.5 CA/Browser Forum ballot 218 set a deadline of 1-August 2018 for CAs to discontinue use of BR domain validation methods 3.2.2.4.1 “Validating the Applicant as a Domain Contact” and 3.2.2.4.5 “Domain Authorization Document” |
|---|
| ACTION 5 COMMENTS |
| CA Owner | Response | Response |
|---|---|---|
| AC Camerfirma, S.A. | We never used either of these methods | |
| Actalis | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Amazon Trust Services | We never used either of these methods | |
| Asseco Data Systems S.A. (previously Unizeto Certum) | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Atos | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | Will be included in the next CP/CPS Version. Version will be available until 31.10.2018 |
| Autoridad de Certificacion Firmaprofesional | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | Firmaprofesional plans to update the CP/CPS for reflecting this change before 31/12/2018. |
| Buypass | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Certinomis / Docapost | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | January 2019 |
| China Financial Certification Authority (CFCA) | We never used either of these methods | |
| Chunghwa Telecom | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| ComSign | We never used either of these methods | |
| Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Cybertrust Japan / JCSI | We never used either of these methods | |
| D-TRUST | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Deutsche Telekom Security GmbH | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Dhimyotis / Certigna | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | The Update of our CP/CPS is planned on october 31st; |
| DigiCert | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Disig, a.s. | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| DocuSign (OpenTrust/Keynectis) | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| E-Tugra | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| EDICOM | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Entrust | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| GlobalSign | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | Method 5 is not in our CPS and we stopped using Method 1 prior to August 1st, 2018. We're not reusing any domain validations that used methods 1 or 5. We have updated our CPS to remove Method 1, the changes have been already made and are planned to be released by end of Oct 2018. |
| GoDaddy | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Google Trust Services LLC (GTS) | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Government of Hong Kong (SAR), Hongkong Post, Certizen | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | We estimate CP/CPS will be updated by end of Nov-2018 |
| Government of Taiwan, Government Root Certification Authority (GRCA) | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | We will update our CPS before 2019/1/31. |
| Government of The Netherlands, PKIoverheid (Logius) | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) | Other (please describe below) | Kamu SM is a government CA and issues certificates for only public institutions and organizations in Turkey. For validation of domain authorization and control, Kamu SM uses the method defined in Section 3.2.2.4.6 in Baseline Requirements v1.5.6. In addition, full domain name indicated in application form is verified through “nic.tr”. “nic.tr” is the government entity and a reliable data source that keeps “.tr” top level domain in Turkey. It is checked whether the domain name stated ownership in the application form is same with the information provided by nic.tr. |
| HARICA | We have discontinued use of these methods and updated our CP/CPS to reflect this change | Our CP/CPS has been updated to satisfy this requirement and is in the final stage of review. It will be published by October 5th 2018. |
| IdenTrust Services, LLC | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Internet Security Research Group (ISRG) | We never used either of these methods | |
| Izenpe S.A. | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Krajowa Izba Rozliczeniowa S.A. (KIR) | We never used either of these methods | |
| LuxTrust | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | 31-10-2018 Currently we do not issue any SSL/EV SSL certificate and we are not planning to issue such certificates in the near future since we are not recognized yet by Apple. |
| Microsec Ltd. | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| NetLock Ltd. | We have discontinued use of these methods and updated our CP/CPS to reflect this change | Our CP/CPS were changed to include this change, these validations are not enough to issue certs. However, because the Hungarian law CCXXII (year 2015) article 82 section (1) we steel need to check domain records, but they are only additional checks to the domain registries to comply this law. Section 82 (1) [...] For this purpose, the trust provider must verify the data to be included in the certificate, and in particular verify [...] the right to dispose of the certificate domain [...] to be included in the certificate, in the case of profession, the right to exercise it. |
| OISTE | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| QuoVadis | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| SECOM Trust Systems CO., LTD. | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| SK ID Solutions AS | Does not apply, because our root certificates are not enabled with the Websites trust bit | |
| SSL.com | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | Our current CP/CPS is version 1.4. We intend to approve and publish version 1.5, incorporating the above changes, no later than November 15 2018. |
| Sectigo | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| SecureTrust | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | Our CP/CPS will be updated on October 1, 2018. |
| SwissSign AG | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Swisscom (Switzerland) Ltd | Does not apply, because our root certificates are not enabled with the Websites trust bit | |
| Taiwan-CA Inc. (TWCA) | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | We have stopped to use of these methods and use BR allowed method. The CP/CPS will be update before 2018/12/31. |
| Telia Company (formerly TeliaSonera) | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| TrustCor Systems | We have discontinued use of these methods and updated our CP/CPS to reflect this change | While versions of our CPS prior to the current did allow those validation methods, no certificate was ever issued which made use of those methods. The current CPS specifically excludes those methods as valid. |
| Trustis | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (specify date below) | We have discontinued use of these methods and will update our CP/CPS to reflect this change in the near future (01-30-2019) Comment: Certificate issuance has been discontinued and the service only provides revocation information for certificates that have not yet expired. |
| TurkTrust | We have discontinued use of these methods and updated our CP/CPS to reflect this change | |
| Web.com | Does not apply, because our root certificates are not enabled with the Websites trust bit | |
| certSIGN | We have discontinued use of these methods and updated our CP/CPS to reflect this change |