[cabfpub] Random value reuse
Ben Wilson
ben.wilson at digicert.com
Wed Aug 9 20:54:16 UTC 2017
Putting the issue of "reuse" aside, do we need to clarify this issue of which random value methods can be used in combination with others? It seems that a random value could be provided to the domain contact / admin under methods 2, 3 (if you wanted) or 4 and then used within 30 days for methods 2, 4, 6, 7 and 10, but not vice versa.
-----Original Message-----
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham via Public
Sent: Monday, July 31, 2017 9:02 AM
To: Jeremy Rowley <jeremy.rowley at digicert.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>; Rich Smith <richard.smith at comodo.com>; 'Peter Bowen' <pzb at amzn.com>
Subject: Re: [cabfpub] Random value reuse
On 28/07/17 14:53, Jeremy Rowley via Public wrote:
> I think the random value should be tied to a single communication
> without reuse. For example, a single email sent to the constructed
> emails, a single API call, a single phone call, etc. The random value
> shouldn’t be tied to a method, but should be tied to a specific
> communication from the CA that is tied to a request. By getting rid of
> the reuse language, we can simplify the process and eliminate the risk
> associated with reuse.
Right. New random values are cheap :-)
Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170809/0e0a2381/attachment-0002.p7s>
More information about the Public
mailing list