[cabfpub] Random value reuse
Geoff Keating
geoffk at apple.com
Wed Aug 9 14:10:55 MST 2017
I think that’s where the ‘single communication’ rule really helps. Then this is taken care of by the descriptions of the methods: if you have to send the random value to a particular place, then obviously that can’t be combined with a random value sent some other way; if you have to put it in a particular place, then it doesn’t matter how it was sent…
> On 9 Aug 2017, at 1:54 pm, Ben Wilson via Public <public at cabforum.org> wrote:
>
> Putting the issue of "reuse" aside, do we need to clarify this issue of which random value methods can be used in combination with others? It seems that a random value could be provided to the domain contact / admin under methods 2, 3 (if you wanted) or 4 and then used within 30 days for methods 2, 4, 6, 7 and 10, but not vice versa.
>
> -----Original Message-----
> From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham via Public
> Sent: Monday, July 31, 2017 9:02 AM
> To: Jeremy Rowley <jeremy.rowley at digicert.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>; Rich Smith <richard.smith at comodo.com>; 'Peter Bowen' <pzb at amzn.com>
> Subject: Re: [cabfpub] Random value reuse
>
> On 28/07/17 14:53, Jeremy Rowley via Public wrote:
>> I think the random value should be tied to a single communication
>> without reuse. For example, a single email sent to the constructed
>> emails, a single API call, a single phone call, etc. The random value
>> shouldn’t be tied to a method, but should be tied to a specific
>> communication from the CA that is tied to a request. By getting rid of
>> the reuse language, we can simplify the process and eliminate the risk
>> associated with reuse.
>
> Right. New random values are cheap :-)
>
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3321 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170809/2745d45b/attachment.p7s>
More information about the Public
mailing list