[cabfpub] Final Domain Validation Methods pre-ballot for Forum consideration

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Thu Oct 15 12:42:14 MST 2015 

Peter – if your company is willing to sign the IPR agreement, you will be welcome to participate on the next Validation Working Group call.

Otherwise, the VWG members have your input below and discuss.  We may want more information to understand your arguments, in which case we will ask you.

Jeremy, as chair of the VWG, I suggest you add this to the agenda for the next call.  We are also waiting for Richard Barnes to submit additional information about his suggested changes.

From: Peter Bowen [mailto:pzbowen at gmail.com]
Sent: Thursday, October 15, 2015 9:35 AM
To: Kirk Hall (RD-US); Ryan Sleevi
Cc: CABFPub (public at cabforum.org)
Subject: Re: [cabfpub] Final Domain Validation Methods pre-ballot for Forum consideration

(permission to repost granted)

Kirk,

Thank you and all the validation working group members for publishing this draft.  I think these changes will overall strengthen the validation processes.
However, I think two of the new methods might have .

In Item J, it suggests that the random token is only valid for a FQDN validation.  I think DNS validation should be allowed for domain hierarchies in addition to specific FQDNs.  A domain registrant should be able to choose to approve all FQDNs under corp.example.com<http://corp.example.com> by adding a record for corp.example.com<http://corp.example.com>.

Conversely, in item K, using Authorization Domain seems in appropriate.  Just because I control the IP address of corp.example.com<http://corp.example.com> doesn't mean I have control payments.corp.example.com<http://payments.corp.example.com>.

I hope that the VWG considers this feedback for the next draft.

Thanks,
Peter

On Thu, Sep 10, 2015 at 5:27 PM, kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com> <kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com>> wrote:
The Validation Working Group (VWG) met this morning to discuss the remaining issues in our final Domain Validation Methods pre-ballot.

The only open issue after the Forum discussed the last draft (dated Sept. 1) on last week’s call was which ports to list as “Authorized Ports” for the practical demonstration methods.  While we had some good input from members, in the end the VWG decided not to change the current definition of Authorized Ports from the last draft, which reads as follows:

Authorized Port: One of the following ports:  80 (http), 443 (http), 115 (sftp), 25 (smtp), 22 (ssh).

I also modified the language for revised Method 1 in Line C to make it clearer and correct the references to the EV Guidelines, but otherwise not make any substantive changes.

Dean – can you put this revised draft domain validation ballot (dated Sept. 10) on the Agenda for the next CA-Browser Forum call on Sept. 17?  Depending on the discussion at that time, the VWG will either bring the draft ballot back to the working group for further work, or present it as an actual ballot for review and voting by the Forum later this month.

TREND MICRO EMAIL NOTICE

The information contained in this email and any attachments is confidential

and may be subject to copyright or other intellectual property protection.

If you are not the intended recipient, you are not authorized to use or

disclose this information, and we request that you notify us by reply mail or

telephone and delete the original message from your mail system.



_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public


<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20151015/e1077db7/attachment-0001.html

More information about the Public mailing list