[cabfpub] Pre-Ballot 169: Revised Validation Requirements

J.C. Jones jjones at mozilla.com
Thu May 12 15:47:32 UTC 2016


I can speak to the first points about

Yes, "TLS Using a Random Number" is intended to permit the TLS-SNI method
from the ACME specification. You're right that it's missing the clause "on
the Authorization Domain Name" as appears in the other methods, it should
be added.

I updated the graphical diff from earlier in this thread:


On Thu, May 12, 2016 at 5:01 PM, Mads Egil Henriksveen <
Mads.Henriksveen at buypass.no> wrote:

> Hi Jeremy
> I think this proposal clarifies the approved domain validation methods and
> describes how to implement most of the methods.
> However, the method described in TLS Using a Random Number is
> incomplete according to my understanding. Compared to the other methods,
> this method does not describe how to ensure that the actual FQDN is
> controlled by the applicant. I do not find any link between the FQDN and
> the Certificate and/or TLS connection used to verify the Applicant’s
> control (i.e. similar to the Authorization Domain Name acting as a link for
> some of the other methods). And is the *TLS with Server Name Indication*
> validation method as defined in the ACME specification meant to be covered
> by this method?
> [snip]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160512/6571a360/attachment-0003.html>

More information about the Public mailing list