[cabfpub] Ballot 169 - Revised Validation Requirements
Geoff Keating
geoffk at apple.com
Thu Jul 28 02:16:08 UTC 2016
I guess you could change “Authorization Domain Name” to “FQDN”, so the start of 3.2.2.4.6 would read:
Confirming the Applicant's control over the requested FQDN by confirming one of the following under the "/.well-known/pki-validation" directory, or another path registered with IANA for the purpose of Domain Validation, on the FQDN that is accessible by the CA via HTTP/HTTPS over an Authorized Port:
That is, if you’re validating shop.example.com, the web site change has to actually be at shop.example.com, it will not suffice to make the change at example.com.
Another alternative would be to at least require HTTPS on port 443 if you’re validating at other than the FQDN:
Confirming the Applicant's control over the requested FQDN by confirming one of the following under the "/.well-known/pki-validation" directory, or another path registered with IANA for the purpose of Domain Validation, on the FQDN that is accessible by the CA via HTTP/HTTPS over an Authorized Port, or on the Authorization Domain Name via HTTPS over port 443:
> On 27 Jul 2016, at 6:38 AM, Kirk Hall <Kirk.Hall at entrust.com> wrote:
>
> Geoff, it will probably take the Forum a long time to amend any of this new domain validation language - do you have an amendment to suggest now for 3.2.2.4.6?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3321 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160727/6bcabca3/attachment-0001.p7s>
More information about the Public
mailing list