[cabfpub] Final Domain Validation Methods pre-ballot for Forum consideration

Ryan Sleevi sleevi at google.com
Thu Oct 15 19:12:46 UTC 2015

Reposting on behalf of Peter Bowen


Thank you and all the validation working group members for publishing this
draft.  I think these changes will overall strengthen the validation
However, I think two of the new methods might have .

In Item J, it suggests that the random token is only valid for a FQDN
validation.  I think DNS validation should be allowed for domain
hierarchies in addition to specific FQDNs.  A domain registrant should be
able to choose to approve all FQDNs under corp.example.com by adding a
record for corp.example.com.

Conversely, in item K, using Authorization Domain seems in appropriate.
Just because I control the IP address of corp.example.com doesn't mean I
have control payments.corp.example.com.

I hope that the VWG considers this feedback for the next draft.


On Thu, Sep 10, 2015 at 5:27 PM, kirk_hall at trendmicro.com <
kirk_hall at trendmicro.com> wrote:

> The Validation Working Group (VWG) met this morning to discuss the
> remaining issues in our final Domain Validation Methods pre-ballot.
> The only open issue after the Forum discussed the last draft (dated Sept.
> 1) on last week’s call was which ports to list as “Authorized Ports” for
> the practical demonstration methods.  While we had some good input from
> members, in the end the VWG decided not to change the current definition of
> Authorized Ports from the last draft, which reads as follows:
> *Authorized Port: *One of the following ports:  80 (http), 443 (http),
> 115 (sftp), 25 (smtp), 22 (ssh).
> I also modified the language for revised Method 1 in Line C to make it
> clearer and correct the references to the EV Guidelines, but otherwise not
> make any substantive changes.
> *Dean* – can you put this revised draft domain validation ballot (dated
> Sept. 10) on the Agenda for the next CA-Browser Forum call on Sept. 17?
> Depending on the discussion at that time, the VWG will either bring the
> draft ballot back to the working group for further work, or present it as
> an actual ballot for review and voting by the Forum later this month.
> The information contained in this email and any attachments is confidential
> and may be subject to copyright or other intellectual property protection.
> If you are not the intended recipient, you are not authorized to use or
> disclose this information, and we request that you notify us by reply mail or
> telephone and delete the original message from your mail system.
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151015/5b83d75d/attachment-0002.html>

More information about the Public mailing list