[cabfpub] CNAME-based validation
Peter Bowen
pzb at amzn.com
Fri Sep 2 21:32:32 UTC 2016
How about making it simpler:
Confirming the Applicant's control over the requested FQDN by confirming the presence of a Random Value or Request Token in a DNS TXT, CNAME, or CAA record for an Authorization Domain Name or an Authorization Domain Name that is prefixed with a label that begins with an underscore character.
(insert “, CNAME,” in the existing method)
This would allow something like:
_certvalidation.example.com. IN CNAME <random>.validation.publicca.com.
This assumes the reason to ask for CNAME is to handle DNS configurations that don’t support setting TXT records.
Thanks,
Peter
> On Sep 2, 2016, at 2:26 PM, Jeremy Rowley <jeremy.rowley at digicert.com> wrote:
>
> I realized after reviewing my proposal that it will require a new method under the domain validation section. Therefore, I’m proposing we add the following as a new permitted method for domain validation:
>
> Add the following as Section 3.2.2.4.11:
>
> Confirming the Applicant’s control over the requested FQDN by appending a Random Value or Request Token as a sub domain to an Authorization Domain Name and pointing the CNAME record of the created sub domain to a FQDN verified by the CA using one of methods permitted under Section 3.2.2.4
>
> Looking for two endorsers.
>
> Jeremy
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list