[cabfpub] CAA (was RE: Domain Control Validation)

Chris Palmer palmer at google.com
Mon Aug 25 13:25:21 MST 2014

On Mon, Aug 25, 2014 at 1:19 PM, Ben Wilson <ben.wilson at digicert.com> wrote:

> Ben W. said, “if the CA gives the applicant a code that they need to put in
> the TXT record, and that happens,” and
> Ryan S. replied, “I think a CA-generated code with the DNS admin placing it
> is equivalent to mechanisms 1-6 for control demonstration purposes”.
> I think we ought to allow this as another method of confirming domain
> control for purposes of EV.

You'd want to also specify time-limits, one-time-use, and
non-replayability for the token.

More information about the Public mailing list