[cabfpub] Ballot 218: Remove validation methods #1 and #5
sleevi at google.com
Wed Jan 10 13:49:41 MST 2018
On Wed, Jan 10, 2018 at 2:37 PM, Daymion T. Reynolds <dreynolds at godaddy.com>
> Thank you for replying as this is a good discussion to have.
> “Direct contact” is great method when you don’t have a clean, reliable data
> source to validate ownership. For Registrar / CA combos, whereby the same
> account ordered the domain and the cert, knowledge of ownership is robust.
> Requiring a second contact doesn’t seem more secure, but rather seems more
> cumbersome for an already complex process.
Can you explain why you do not believe it is more secure?
> If you are concerned about the possibility of a customer account being
> compromised, it doesn’t change the risk. If there was a compromise they
> would have control over DNS and could then domain validate a cert order
> from anyone.
I don't believe this is universally the case. Consider the situation of
registrars and registries that allow signing in without a 2FA, but require
changes to use a 2FA. I realize a response might be "Well, the registrar
could just require 2FA for issuing a cert" - and while that would be in
theory possible, there's absolutely zero assurance for relying parties and
browsers as to the registrars (and CAs) practices. I hope you can see why
this remains a fundamentally problematic proposal.
> Rather than eliminate .1, I believe a better course of
> action would be to add transparency and lock down when you can and cannot
> use the registrar validation method.
I think it's important to be precise here when talking about .1. Is it
correct to say you are only concerned with retaining some notion of .1
Option 3? When we say "don't eliminate .1", I think that carries with it
the significant (and insecure) suggestion of retaining .1 Option 1 and .1
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public