[cabfpub] Pre-Ballot 169: Revised Validation Requirements
J.C. Jones
jjones at mozilla.com
Thu May 12 08:47:32 MST 2016
Mads,
I can speak to the first points about 3.2.2.4.10:
Yes, "TLS Using a Random Number" is intended to permit the TLS-SNI method
from the ACME specification. You're right that it's missing the clause "on
the Authorization Domain Name" as appears in the other methods, it should
be added.
I updated the graphical diff from earlier in this thread:
https://github.com/cabforum/documents/compare/Ballot-169...jcjones:Ballot-169?expand=1
Cheers,
J.C.
On Thu, May 12, 2016 at 5:01 PM, Mads Egil Henriksveen <
Mads.Henriksveen at buypass.no> wrote:
> Hi Jeremy
>
>
>
> I think this proposal clarifies the approved domain validation methods and
> describes how to implement most of the methods.
>
>
>
> However, the method described in 3.2.2.4.10 TLS Using a Random Number is
> incomplete according to my understanding. Compared to the other methods,
> this method does not describe how to ensure that the actual FQDN is
> controlled by the applicant. I do not find any link between the FQDN and
> the Certificate and/or TLS connection used to verify the Applicant’s
> control (i.e. similar to the Authorization Domain Name acting as a link for
> some of the other methods). And is the *TLS with Server Name Indication*
> validation method as defined in the ACME specification meant to be covered
> by this method?
>
> [snip]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160512/6571a360/attachment.html
More information about the Public
mailing list