[cabfpub] [EXTERNAL] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft
sleevi at google.com
Sat Apr 29 03:26:16 UTC 2017
On Fri, Apr 28, 2017 at 3:59 PM, Jeremy Rowley via Public <
public at cabforum.org> wrote:
> I think removing DTPs completely would have some unforeseen consequences.
> We talked about the need for DTPs when passing the guidelines and the
> various reasons were given:
> 1) Org validation - some entities have DTPs that validate organizational
> validation in the country where they operate.
> 2) Domain validation - some entities used to outsource domain validation
> (this is what the ballot is trying to prohibit and what everyone agreed to
> at the F2F)
> 3) OCSP/CRL signing - some entities give third parties control over
> OCSP/CRL signing
> 4) Subscriber agreement signing - some entities delegate the subscriber
> agreement collection requirements to third parties
> 5) Repository hosting - some entities have a third party host/provide
> their repository
> I don't recall anyone mentioning outsourcing of training, archiving, or
> background checks, but I could see some of this happening. I also don't
> have examples of all of these situations, but these were some of the
> reasons cited previously for using DTPs. Refining the permitted delegation
> of functionality might be better than removing the concept completely.
Note, none of these activities would be forbidden - they'd just be part of
the same scope of the audit.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public