[cabfpub] Domain validation
jeremy.rowley at digicert.com
Thu Apr 16 14:09:42 UTC 2015
Domain authorization letters are still permitted, I just dropped the opinion letter addition (ie, they are the same as the previous version of the BRs). I included the note for completeness. After I get Robin's edits, I'll circulate a redlined version.
Gervase Markham <gerv at mozilla.org> wrote:
If there is another round of edits, can we do:
On 16/04/15 00:28, Jeremy Rowley wrote:
> Base Domain: The portion of an applied-for FQDN that is the first
> domain name node left of a registry-controlled or public suffix plus
> the registry-controlled or public suffix (e.g. “domain.co.uk” or
We should use example.co.uk and example.com for examples, as (at least
in the case of .com) they are reserved for this.
> 6. Having the Applicant demonstrate control over the FQDN or Base
> Domain by adding a file containing a Random Value to the
-> "...adding a file whose name or contents include a Random Value to
No reason to be overly-specific.
> 7. Having the Applicant demonstrate control over the FQDN or Base
> Domain by the Applicant making a change to information in a DNS
> record for the FQDN or Base Domain where the change is a Random
> Value; or
-> "where the change is to insert a Random Value..."
> Note: For purposes of determining the appropriate domain name level
> or Domain Namespace, the registerable Domain Name is the
> second-level domain for generic top-level domains (gTLD) such as
> .com, .net, or .org, or, if the Fully Qualified Domain Name contains
> a 2 letter Country Code Top-Level Domain (ccTLD), then the domain
> level is whatever is allowed for registration according to the rules
> of that ccTLD.
Shouldn't this just refer to the definition of Base Domain? Or have I
> If the CA relies upon a Domain Authorization Document
> to confirm the Applicant’s control over a FQDN, then the Domain
> Authorization Document MUST substantiate that the communication came
> from either the Domain Name Registrant (including any private,
> anonymous, or proxy registration service) or the Domain Name
> Registrar listed in the WHOIS. The CA MUST verify that the Domain
> Authorization Document was either (i) dated on or after the
> certificate request date or (ii) used by the CA to verify a
> previously issued certificate and that the Domain Name’s WHOIS record
> has not been modified since the previous certificate’s issuance.
Doesn't this bit refer to the opinion letters which are now removed?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public