[cabfpub] [cabfman] Ballot 92 - Subject Alternative Names

Steve Roylance steve.roylance at globalsign.com
Sun Nov 18 17:50:54 UTC 2012

Hi Eddy,

Indeed, as a compromise on the previous text then if WHOIS all aligns you
can choose to include it or not.  (See my reply to Brian on this).

Domains STILL must be verified so although you can indeed create a domain in
the name of Digicert you would not be able to answer a suitable challenge
response on the 'real' digicert domain meaning it would never be included.

Ie no change to anything that can be done today with a single DV.


From:  Eddy Nigg <eddy_nigg at startcom.org>
Organization:  StartCom Ltd.
Date:  Friday, 16 November 2012 23:19
To:  <public at cabforum.org>
Cc:  CABForum Management <management at cabforum.org>
Subject:  Re: [cabfman] [cabfpub]   Ballot 92 - Subject Alternative Names

 On 11/17/2012 01:06 AM, From Jeremy Rowley:
> The language in Section 9.2.1 permits MDCs containing separate registered
> domains if the owner of the registered domains are the same.  In that case,
> the owner of the domain doesn¹t need to be listed in the certificate.
> For example, if digicert.com and example.com are both owned by DigiCert, then
> subject information is not required because relying parties can readily
> identify a single entity as controlling the private keys for all of the listed
> domains.
 But how do you know that? By looking at the WHOIS records? How should the
relying party do that?
 Shouldn't that owner be verified first in order to rely on it? I mean, I
can buy some domain in the name of Digicert, shouldn't be too difficult I
 Signer:  Eddy Nigg, COO/CTO
   StartCom Ltd. <http://www.startcom.org>
 XMPP:  startcom at startcom.org <xmpp:startcom at startcom.org>
 Blog:  Join the Revolution! <http://blog.startcom.org>
 Twitter:  Follow Me <http://twitter.com/eddy_nigg>
_______________________________________________ Management mailing list
Management at cabforum.org https://cabforum.org/mailman/listinfo/management

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121118/c532da2a/attachment-0004.html>

More information about the Public mailing list