[cabfpub] Domain validation

Eddy Nigg eddy_nigg at startcom.org
Thu Apr 16 15:07:54 UTC 2015

On 04/16/2015 05:48 PM, Anoosh Saboori wrote:
> Sorry for late chime in, since I was out for few weeks and thanks 
> Jeremy for sending this out. I have two questions:
> 1.Regarding #5 below, it is not clear to me what constitutes as 
> "Domain Authorization Document"? Can a lawyer send this document?
> 2.#6 does not seems to be at par with the rest of items which require 
> checking CName record, DNS record changes, control over IP, ... 
> Anybody with a temporary control a web site can pass this test. Can we 
> make this requirement stronger, maybe by combing it with one of the 
> other bullets?

I'm not sure, but number #9 seems to be a bit risky too - why should 
somebody controlling an IP address to which I point a host name of mine 
get a certificate for said domain? Example, if I point some host name to 
a service provider (Cloud, Akamai) they shouldn't be able to obtain 
certificates for that.

Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150416/300126ab/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150416/300126ab/attachment-0001.p7s>

More information about the Public mailing list