[cabfpub] CNAME-based validation

Ryan Sleevi sleevi at google.com
Fri Sep 2 21:28:09 UTC 2016


Jeremy,

Does this introduce risk for sites that use Wildcard DNS records? How would
you propose mitigating that risk?

On Fri, Sep 2, 2016 at 2:26 PM, Jeremy Rowley <jeremy.rowley at digicert.com>
wrote:

> I realized after reviewing my proposal that it will require a new method
> under the domain validation section. Therefore, I’m proposing we add the
> following as a new permitted method for domain validation:
>
>
>
> Add the following as Section 3.2.2.4.11:
>
>
>
> Confirming the Applicant’s control over the requested FQDN by appending a
> Random Value or Request Token as a sub domain to an Authorization Domain
> Name and pointing the CNAME record of the created sub domain to a FQDN
> verified by the CA using one of methods permitted under Section 3.2.2.4
>
>
>
> Looking for two endorsers.
>
>
>
> Jeremy
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160902/40109675/attachment-0003.html>


More information about the Public mailing list