[cabfpub] CAA (was RE: Domain Control Validation)

Ben Wilson ben.wilson at digicert.com
Mon Aug 25 13:29:02 MST 2014

Good points.  Thanks.

-----Original Message-----
From: Chris Palmer [mailto:palmer at google.com] 
Sent: Monday, August 25, 2014 2:25 PM
To: Ben Wilson
Subject: Re: [cabfpub] CAA (was RE: Domain Control Validation)

On Mon, Aug 25, 2014 at 1:19 PM, Ben Wilson <ben.wilson at digicert.com> wrote:

> Ben W. said, “if the CA gives the applicant a code that they need to 
> put in the TXT record, and that happens,” and
> Ryan S. replied, “I think a CA-generated code with the DNS admin 
> placing it is equivalent to mechanisms 1-6 for control demonstration purposes”.
> I think we ought to allow this as another method of confirming domain 
> control for purposes of EV.

You'd want to also specify time-limits, one-time-use, and non-replayability for the token.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4998 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20140825/0b33ca03/attachment.bin 

More information about the Public mailing list