[cabfpub] Preballot - Revised Ballot 190

Peter Bowen pzb at amzn.com
Sat May 20 18:09:23 UTC 2017


> On May 20, 2017, at 8:11 AM, Peter Bowen <pzb at amzn.com> wrote:
> 
> 
>> On May 20, 2017, at 7:41 AM, Ryan Sleevi via Public <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>> 
>> 
>> 
>> On Fri, May 19, 2017 at 9:47 PM, Jeremy Rowley <jeremy.rowley at digicert.com <mailto:jeremy.rowley at digicert.com>> wrote:
>> “The certificate request MAY include all factual information about the Applicant to be included in the Certificate, and such additional information as is necessary for the CA to obtain from the Applicant in order to comply with these Requirements and the CA’s Certificate Policy and/or Certification Practice Statement.”
>> 
>> This indicates a certificate request may include partial information.
>> I appreciate you mentioning this - as I've mentioned it several times - but this doesn't address the concern related to 4.1.2
> 
> How about we solve this by changing 4.2.1 to say:
> 
> "The	CA	MUST have obtained documents	and	data used to	verify	certificate	information no	more	than	825	days	prior	to	issuing	the	Certificate.”
> 
> This could also move to section 3.2 itself to help readers and implementers, as having it down in 4.2.1 has clearly caused confusion.

Looking back at this thread, I suggest we also modify 3.2.2.4:

The	CA	MUST confirm, prior to certificate issuance, that either	the	CA	or	a	Delegated	Third	Party	has	validated	each	Fully‐Qualified	Domain	Name	(FQDN)	listed	in	the	Certificate using either one	of	the	methods	listed	below or a method that was allowed by the Baseline Requirements if effect at the time of validation.  The validation must have occurred no more than 825 days prior to certificate issuance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170520/68be95f1/attachment-0003.html>


More information about the Public mailing list