[cabfpub] Ballot 218: Remove validation methods #1 and #5

Ryan Sleevi sleevi at google.com
Mon Jan 15 05:09:59 MST 2018 

On Fri, Jan 12, 2018 at 7:11 PM, Ryan Sleevi <sleevi at google.com> wrote:

>
>
> On Fri, Jan 12, 2018 at 2:07 PM, Tim Hollebeek <tim.hollebeek at digicert.com
> > wrote:
>
>>
>>
>> I made some edits to the pull request:
>>
>>
>>
>> https://github.com/cabforum/documents/pull/79/commits/665e66
>> 88f95d305a9363a988c184232436b21263
>>
>>
>>
>> Gerv might want to take a look at how I handled 3.2.2.4.11.
>>
>>
>>
>> In 3.2.2.4.12, shouldn’t it be Applicant Representative instead of
>> Applicant?  Applicant is an organization, Applicant Representative is a
>> person.
>>
>
> Thanks Tim!
>
> I think it's correct as Applicant, since the use case we're discussing is
> the sort of logical account (e.g. the Applicant is the entity who requests
> the certificate, and is also the Domain Registrant).
>
> I think supporting this would be looking at how 3.2.2.4.3 handles
> "Applicant's request" rather than "Applicant Representative's request" -
> which I think is the same manifestation of the point you're raising here.
>
> That said, I can also see an argument that both 3.2.2.4.3 and this should
> be using "Applicant Representative", because you wouldn't want "just
> anyone" from Google to be able to get a certificate. Put differently, if
> you were to call Google and ask "Can Google request a certificate for
> google.com", the answer is always yes. If your question is "Can Ryan
> Sleevi request a certificate for google.com", the answer is ... Maybe ;)
>
> However, even with that, I think "Applicant" is still the better/correct
> answer, and think any risk is mitigated by the "Domain Contact" language
> requiring that it not just be "an Employee of Google" but the "Domain Name
> Registrant, technical contact, or administrative contract", where
> Registrant is similarly scoped as "the person(s) or entity(ies) registered
> with a Domain Name Registrar as having the right to control how a Domain
> Name is used"
>
> Would you agree?
>

For those following and want to view the full proposed set of changes,
https://github.com/cabforum/documents/pull/79/files is the URL to use. I
just realized Tim linked directly to the specific changes, the above Pull
Request 79 details all of the changes based on the discussion to date.

I think it looks good, and is good to proceed to balloting - I'm curious if
there are any other unaddressed concerns.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180115/cb66f802/attachment.html>

More information about the Public mailing list