[cabfpub] Domain validation

Anoosh Saboori ansaboor at microsoft.com
Thu Apr 16 16:49:50 UTC 2015


We have concerns about acceptable methods for domain name validation and that they are not equally strong.

Obviously, we cannot require all certs issued to be OV or EV verified. It is just not practical.

From: Jeremy Rowley [mailto:jeremy.rowley at digicert.com]
Sent: Thursday, April 16, 2015 9:38 AM
To: Anoosh Saboori; Eddy Nigg; public at cabforum.org
Subject: RE: [cabfpub] Domain validation

Again, it sounds like you have an issue more with DV. MS should require OV and EV if you really want a higher level of validation.

From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Anoosh Saboori
Sent: Thursday, April 16, 2015 10:07 AM
To: Eddy Nigg; public at cabforum.org<mailto:public at cabforum.org>
Subject: Re: [cabfpub] Domain validation

I agree. It takes me back to my original comment: #6 (storing a random value under a well-known folder) is not at par with other methods outlined in this section.

From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg
Sent: Thursday, April 16, 2015 8:51 AM
To: public at cabforum.org<mailto:public at cabforum.org>
Subject: Re: [cabfpub] Domain validation


On 04/16/2015 06:45 PM, Eddy Nigg wrote:

On 04/16/2015 06:42 PM, Jeremy Rowley wrote:
But they are rarely updated and often inaccurate.


Well, if they don't match your records than they can update it to make it correct. This also confirms that they really control the domain :-)

Anyway, the WHOIS records I find are more correct than not or they are obscured (privacy).

Besides that, email addresses found in the WHOIS records can't be really incorrect I assume...which is the only thing used for a domain control validation.
--
Regards



Signer:

Eddy Nigg, COO/CTO



StartCom Ltd.<http://www.startcom.org>

XMPP:

startcom at startcom.org<xmpp:startcom at startcom.org>

Blog:

Join the Revolution!<http://blog.startcom.org>

Twitter:

Follow Me<http://twitter.com/eddy_nigg>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150416/79cfc48d/attachment-0003.html>


More information about the Public mailing list