<div dir="ltr">Reposting on behalf of Peter Bowen<div><br></div><div><div style="font-size:12.8px">Kirk,</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Thank you and all the validation working group members for publishing this draft. I think these changes will overall strengthen the validation processes.</div><div style="font-size:12.8px">However, I think two of the new methods might have . <br></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">In Item J, it suggests that the random token is only valid for a FQDN validation. I think DNS validation should be allowed for domain hierarchies in addition to specific FQDNs. A domain registrant should be able to choose to approve all FQDNs under <a href="http://corp.example.com/" target="_blank">corp.example.com</a> by adding a record for <a href="http://corp.example.com/" target="_blank">corp.example.com</a>.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Conversely, in item K, using Authorization Domain seems in appropriate. Just because I control the IP address of <a href="http://corp.example.com/" target="_blank">corp.example.com</a> doesn't mean I have control <a href="http://payments.corp.example.com/" target="_blank">payments.corp.example.com</a>.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">I hope that the VWG considers this feedback for the next draft.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Thanks,</div><div style="font-size:12.8px">Peter</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 10, 2015 at 5:27 PM, <a href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a> <span dir="ltr"><<a href="mailto:kirk_hall@trendmicro.com" target="_blank">kirk_hall@trendmicro.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="#0563C1" vlink="#954F72">
<div>
<p class="MsoNormal">The Validation Working Group (VWG) met this morning to discuss the remaining issues in our final Domain Validation Methods pre-ballot.
<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">The only open issue after the Forum discussed the last draft (dated Sept. 1) on last week’s call was which ports to list as “Authorized Ports” for the practical demonstration methods. While we had some good input from members, in the end
the VWG decided not to change the current definition of Authorized Ports from the last draft, which reads as follows:<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span style="font-family:"Times New Roman",serif">Authorized Port:
</span></b><span style="font-family:"Times New Roman",serif">One of the following ports: 80 (http), 443 (http), 115 (sftp), 25 (smtp), 22 (ssh).<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I also modified the language for revised Method 1 in Line C to make it clearer and correct the references to the EV Guidelines, but otherwise not make any substantive changes.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u>Dean</u> – can you put this revised draft domain validation ballot (dated Sept. 10) on the Agenda for the next CA-Browser Forum call on Sept. 17? Depending on the discussion at that time, the VWG will either bring the draft ballot back
to the working group for further work, or present it as an actual ballot for review and voting by the Forum later this month.<u></u><u></u></p>
</div>
</div>
<table><tbody><tr><td bgcolor="#ffffff"><font color="#000000"><pre><table><tbody><tr><td><pre>TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></tbody></table></pre></font></td></tr></tbody></table>
<br>_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
<br></blockquote></div><br></div>