[cabfpub] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft
Gervase Markham
gerv at mozilla.org
Thu Apr 13 16:42:31 UTC 2017
On 29/03/17 15:42, Gervase Markham via Public wrote:
> On 28/03/17 20:11, Peter Bowen wrote:
>> I think it would be good to clarify that this does not prevent using
>> contractors or third parties for domain validation, but rather requires
>> the CA not exclude it from their audit scope. For example, a CA might
>> decide to use a service like https://www.whoisxmlapi.com/ to help get
>> and parse whois data. This is clearly a third party involved in the
>> validation process. The same would be true if the CA uses a service to
>> send emails.
>>
>> What is relevant is that the CA takes responsibility for the process.
>
> Can you propose changes which would have this effect?
Discussion on the call today suggests that https://www.whoisxmlapi.com/
may or may not be a DTP.
Anyway, if you think changes are needed to meet this goal, please
propose them.
Gerv
More information about the Public
mailing list