<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
On 05/15/2013 10:44 PM, From Jeremy Rowley:
<blockquote cite="mid:015701ce51a4$91c0ef70$b542ce50$@digicert.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In
preparation of tomorrow’s call, here’s our proposal on how
the domain validation section should change. At the very
least, this should get everyone on the same discussion and
help clearly identity where there are open issues.<o:p></o:p></span></p>
</div>
</blockquote>
<br>
In continuation of our call today and the domain control validation
proposal for EV certificates I would like to highlight the following
items from the BR:<br>
<br>
Under section 11.1.1 Authorization by Domain Name Registrant:<br>
<br>
<blockquote>For each Fully-Qualified Domain Name listed in a
Certificate, the CA SHALL confirm that, as of the date the
Certificate was issued, the Applicant either is the Domain Name
Registrant or has control over the FQDN by:<br>
<br>
.......<br>
3. Communicating directly with the Domain Name Registrant using
the contact information listed in the WHOIS record’s “registrant”,
“technical”, or “administrative” field;<br>
<br>
4. Communicating with the Domain’s administrator using an email
address created by pre-pending ‘admin’, ‘administrator’,
‘webmaster’, ‘hostmaster’, or ‘postmaster’ in the local part,
followed by the at-sign (“@”), followed by the Domain Name, which
may be formed by pruning zero or more components from the
requested FQDN;<br>
....<br>
<br>
Note: For purposes of determining the appropriate domain name
level or Domain Namespace, the registerable Domain Name is the
second-level domain for generic top-level domains (gTLD) such as
.com, .net, or .org, or, if the Fully Qualified Domain Name
contains a 2 letter Country Code Top-Level Domain (ccTLD), then
the domain level is whatever is allowed for registration according
to the rules of that ccTLD.<br>
<br>
</blockquote>
This means that the domain name as indicated above must be
validated, e.g. if a subscriber requests sub.domain.co.uk the CA
must use <a class="moz-txt-link-abbreviated" href="mailto:webmaster@domain.co.uk">webmaster@domain.co.uk</a> or one of the other administrative
addresses. The "pruning zero or more components" is a means to get
to the registered domain name, but maybe the "may" preceding is
misunderstood either by me or some others and it would warrant some
clarifications (which reminds me that Tim made some attempt but then
left the forum).<br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</body>
</html>