[cabfpub] Question 4 – Domain Validation pre-ballot

Wayne Thayer wthayer at godaddy.com
Fri Nov 13 13:51:26 MST 2015

I agree with Peter’s comment and suggest we change “Authorization Domain” in this section to “FQDN”.
Also, section includes a practical control method that we should consider updating to match the new method 6 and an “any other method” option that we should consider removing as part of this ballot.
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of kirk_hall at trendmicro.com
Sent: Thursday, November 12, 2015 6:08 PM
To: CABFPub (public at cabforum.org) <public at cabforum.org>
Subject: [cabfpub] Question 4 – Domain Validation pre-ballot

Question 4 – Domain Validation pre-ballot

Again, Peter Bowen of Amazon did not submit specific new language, but posed the following comment about new Method No. 8 shown below:

Proposal 4: In line K of current draft (Method No. 8)

“Conversely, in item K, using Authorization Domain seems inappropriate.  Just because I control the IP address of corp.example.com<http://corp.example.com> doesn't mean I have control payments.corp.example.com<http://payments.corp.example.com>.”

Here is the current Ballot language for Method No. 7:

[Current Ballot language]

8. Having the Applicant demonstrate control over the requested FQDN by the CA confirming that the Applicant controls an IP address returned from a DNS lookup for A or AAAA records for the Authorization Domain Name in accordance with section; or

On the call today, Wayne Thayer thought he agreed with Peter’s comment, and offered to come up with revised ballot language on this issue.  There was no other discussion.

Question for Discussion: Should proving domain control for an SLDN (Base Domain) or a FQDN by showing the applicant controls an IP address returned from a DNS lookup for A or AAAA records be sufficient to show domain control for all higher level FQDNs also?

To Peter Bowen: If you want to comment on this issue, please email to me and I will post to the Public list.


The information contained in this email and any attachments is confidential

and may be subject to copyright or other intellectual property protection.

If you are not the intended recipient, you are not authorized to use or

disclose this information, and we request that you notify us by reply mail or

telephone and delete the original message from your mail system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20151113/70d1004c/attachment-0001.html 

More information about the Public mailing list