[cabfpub] For discussion: Restricting the use of file-based demonstrations of control

Rob Stradling rob.stradling at comodo.com
Mon Jun 2 09:13:29 UTC 2014


On 30/05/14 02:09, Ryan Sleevi wrote:
<snip>
> Proposal 1: Remove 11.1.1 (6)
> Alternate: Provide a single, explicit path and set of steps that must be
> done, so that there is consistency between the CAs that employ this
> method. One path that might suffice would be one based upon RFC 5785.
>
> For example, /.well-known/certificate-request . Within that file, we
> could either establish a structure (seems complex), or simply require
> that the applicant place a random string that is generated by the CA
> (eg: it is not influenced by the applicant, such as a value of their
> choosing, hash of their CSR, etc).

Ryan, why is "hash of their CSR" insufficient, in your opinion?

Thanks.

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online




More information about the Public mailing list