[cabfpub] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft (2)

Peter Bowen pzb at amzn.com
Mon Apr 24 15:28:29 UTC 2017

> On Apr 24, 2017, at 7:41 AM, Gervase Markham via Public <public at cabforum.org> wrote:
> On 20/04/17 18:57, Ryan Sleevi wrote:
>> That is, if were worded to somehow suggest that:
>> "The CA SHALL confirm that, as of the date the Certificate issues, the
>> CA has validated each Fully‐Qualified Domain Name (FQDN) listed in the
>> Certificate using at least one of the methods listed below, or is within
>> the Domain Namespace of a Fully-Qualified Domain Name (FQDN) that has
>> been validated using at least one of the methods listed below. "
> Are we happy that, for all 10 methods, proof of control of
> foo.example.com makes it fine to issue wibble.fish.foo.example.com?

No.  One of the 10 does not allow that.

More information about the Public mailing list