[cabfpub] [EXTERNAL] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft

[Jeremy Rowley]

A broad removal of DTPs would be difficult for anyone using any sort of hosted services.  Scoping the removal to 3.2.2.4 is fine (and in-line with Gerv's original proposal).

-----Original Message-----
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Peter Bowen via Public
Sent: Monday, May 1, 2017 7:30 AM
To: Gervase Markham <gerv at mozilla.org>
Cc: Peter Bowen <pzb at amzn.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] [EXTERNAL] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft


> On May 1, 2017, at 6:15 AM, Gervase Markham <gerv at mozilla.org> wrote:
> 
> On 01/05/17 14:12, Peter Bowen wrote:
>> You understand correctly.  Today CAs use many third parties as part 
>> of operation — they rent space in data centers and office buildings 
>> they don’t own, they contract with companies to provide security 
>> guards, etc.
> 
> OK. This change would be of larger scope than a change merely to 
> prevent the outsourcing of domain ownership validation. The latter got 
> agreement (after discussion) from the participants at the F2F, which 
> makes it a tempting route to go down. What do people think of Peter's 
> expanded proposal?

Looking back at the BRs, you might be right.  If anyone is reading DTP to cover the data center or security guard examples above, then simply removing DTP is too broad a brush.

We can probably scope the removal of DTP to 3.2.2.4.

Thanks,
Peter
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170501/d560c728/attachment-0001.bin>