[cabfpub] Ballot 218: Remove validation methods #1 and #5
richard.smith at comodo.com
Fri Jan 5 09:31:33 MST 2018
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Dimitris Zacharopoulos via Public
Sent: Friday, January 5, 2018 5:44 AM
--- BEGIN updated language for 184.108.40.206.1 ---
Confirming the Applicant's control over the FQDN by validating the Applicant is the Domain Contact directly with the Domain Name Registrar. This method may only be used if:
1. The CA validates Domain Contact information obtained from the Domain Registrar by using the process described in section 220.127.116.11.2 OR 18.104.22.168.3; OR
2. The CA is also the Domain Name Registrar, or an Affiliate of the Registrar, of the Base Domain Name.
Note: Once the FQDN has been validated using this method, the CA MAY also issue Certificates for other FQDNs that end with all the labels of the validated FQDN. This method is suitable for validating Wildcard Domain Names.
--- END updated language for 22.214.171.124.1 ---
I think your #1 is redundant as those methods already stipulate obtaining information from the registrar. I’m not completely opposed to #2 because I do think that it makes some sense for a CA who is also the registrar to be able to have some internal process available to it which verifies domain authorization which is by definition not available to a CA which is not also the registrar, however I would really prefer that those CAs which are also registrars would come forward to discuss and outline more specifics as to what those processes might look like, so that we can codify them with more detail as to what is acceptable in such instance rather than continue to be ‘hand wavy’ about it. We’ve now gotten very specific as to the acceptable methods for non-registrar CAs and gotten rid of ‘any other method’ but I see the lack of specificity in this particular case as an ‘any other method’ for registrar CAs and I’m not sure why we should continue to allow it without any specifics.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public