[cabfpub] For discussion: Restricting the use of file-based demonstrations of control
Rob Stradling
rob.stradling at comodo.com
Mon Jun 2 02:13:29 MST 2014
On 30/05/14 02:09, Ryan Sleevi wrote:
<snip>
> Proposal 1: Remove 11.1.1 (6)
> Alternate: Provide a single, explicit path and set of steps that must be
> done, so that there is consistency between the CAs that employ this
> method. One path that might suffice would be one based upon RFC 5785.
>
> For example, /.well-known/certificate-request . Within that file, we
> could either establish a structure (seems complex), or simply require
> that the applicant place a random string that is generated by the CA
> (eg: it is not influenced by the applicant, such as a value of their
> choosing, hash of their CSR, etc).
Ryan, why is "hash of their CSR" insufficient, in your opinion?
Thanks.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list