[cabfpub] Domain validation
Eddy Nigg
eddy_nigg at startcom.org
Thu Apr 16 15:07:54 UTC 2015
On 04/16/2015 05:48 PM, Anoosh Saboori wrote:
>
> Sorry for late chime in, since I was out for few weeks and thanks
> Jeremy for sending this out. I have two questions:
>
> 1.Regarding #5 below, it is not clear to me what constitutes as
> "Domain Authorization Document"? Can a lawyer send this document?
>
> 2.#6 does not seems to be at par with the rest of items which require
> checking CName record, DNS record changes, control over IP, ...
> Anybody with a temporary control a web site can pass this test. Can we
> make this requirement stronger, maybe by combing it with one of the
> other bullets?
>
I'm not sure, but number #9 seems to be a bit risky too - why should
somebody controlling an IP address to which I point a host name of mine
get a certificate for said domain? Example, if I point some host name to
a service provider (Cloud, Akamai) they shouldn't be able to obtain
certificates for that.
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150416/300126ab/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150416/300126ab/attachment-0001.p7s>
More information about the Public
mailing list