[cabfpub] Domain Control Validation
Ryan Sleevi
sleevi at google.com
Sun Aug 24 17:43:23 UTC 2014
On Aug 24, 2014 9:17 AM, "Ben Wilson" <ben.wilson at digicert.com> wrote:
>
> Does anyone recall whether we have ever discussed domain control
validation by having the Applicant demonstrate practical control over the
FQDN by making a change to information in the DNS zone file?
>
>
Right, this was discussed when we talked about demonstrations of control
via file on disk, and this falls into subsection 7, any other equivalent.
>
> The EV Guidelines cross-reference Section 11.1 of the Baseline
Requirements for this, but it seems that this method is not in subsections
1 through 6 (the closest is subsection 6, from which I drew some of the
language for my question), and the EV Guidelines exclude reliance on
subsection 7. Could this be an item that the EV Guidelines working group
should add to its list of items to review, if it isn’t already on the list?
>
If they do, I would prefer it be extremely precise and narrowly scoped,
such as email.
A site operator MUST be able to take reasonable mitigations against a lax
CA.
>
>
> Thanks
>
>
>
> Ben
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140824/bfa529ad/attachment-0003.html>
More information about the Public
mailing list