[cabfpub] Domain validation

Eddy Nigg eddy_nigg at startcom.org
Thu Apr 16 15:39:57 UTC 2015


On 04/16/2015 06:22 PM, Tim Hollebeek wrote:
>
> All of the domain validation methods are weak and can generally be 
> subverted by someone who has or can get administrative or technical 
> control of a crucial part of the domain or infrastructure (the 
> hostmaster@ controversy with CERT is the same issue).  Improving the 
> validation of Domain Validated certificates is not the goal of this 
> ballot.
>

There is a difference of somebody that was never authorized to obtain 
certificates and a reasonable domain control validation. Not sure what's 
the goal of this ballot, but there seems to be more than just weak 
points IMO.

Pointing a host name to an IP address doesn't provide administrative or 
technical control at all.

-- 
Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150416/8a6019c9/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150416/8a6019c9/attachment-0001.p7s>


More information about the Public mailing list