[cabfpub] Preballot - Revised Ballot 190

Geoff Keating geoffk at apple.com
Fri May 19 22:37:00 UTC 2017

Hi Ryan,

I don’t think there’s anything in the BRs that says that particular validation steps must happen before other steps, so long as the appropriate time limits are honored.  Your example where a CA finds an existing certificate for a prospective customer, validates everything in that certificate (for example checking domain name against organization name using whois), and then contacts the prospective customer (for example, via postal address in company registration, matched against whois) and asks if they’d like a replacement certificate and if all the details are correct, seems permitted to me.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3321 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170519/d0302017/attachment-0001.p7s>

More information about the Public mailing list