[cabfpub] New validation method

Peter Bowen pzb at amzn.com
Wed Oct 25 02:06:37 UTC 2017

> On Oct 24, 2017, at 3:46 PM, Geoff Keating <geoffk at apple.com> wrote:
>> On 24 Oct 2017, at 2:58 pm, Peter Bowen via Public <public at cabforum.org> wrote:
>> As ballot 190 is complete and fully effective, it seems like a reasonable time to start considering further validation method.  Amazon proposes the following new method.  As far as I know, this does not overlap with any of the existing methods.
>> Registrar challenge validation
>> Confirming the Applicant’s control over the request Domain Name by confirming the presence of a Random Value or Request Token in a response from the Domain Name Registrar or Registry received in response to a request containing an Authorization Domain Name.
> I like the concept, but can we be a bit more specific than just ‘in response to a request’?  For example, can we say ‘in response to a WHOIS request for the Authorization Domain Name’?

I was trying to stay fairly generic because some registries, such as Núcleo de Informação e Coordenação do Ponto BR, CZ.NIC, z. s. p. o., and Dirección Nacional del Registro de Dominios de Internet, the registries for .br, .cz, and .ar, are using RDAP now (see https://data.iana.org/rdap/dns.json <https://data.iana.org/rdap/dns.json> for the current list).  Additionally, as you may be aware some registries do not have RDAP or Whois servers, so one could imagine that some registries might even be open to implementing an API that could be used for validation.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171024/62ae700a/attachment-0003.html>

More information about the Public mailing list