[cabfpub] [EXTERNAL] Verification of Domain Contact and Domain Authorization Document

Geoff Keating geoffk at apple.com
Fri Jan 19 12:51:32 MST 2018



> On Jan 19, 2018, at 11:23 AM, Kirk Hall <Kirk.Hall at entrustdatacard.com> wrote:
> 
> First, I think everyone knows what CAs are supposed to do under Method 1

I’m fairly sure this is not the case…

> , and the lack of misissuance reports means CAs are doing it right.  Here’s how Method 1 starts now:
>  
> “Conforming the Applicant's control over the FQDN by validating the Applicant as the Domain Contact by verifying that: ***”

You can see why I think CAs might not know what they’re supposed to do, because the above quote is not the actual words from the the Baseline Requirements!  Right now, in BR 1.5.4, Method 1 starts with these words:

> Confirming the Applicant's control over the FQDN by validating the Applicant is the Domain Contact directly with the Domain Name Registrar. This method may only be used if:

Your version prescribes a method.  The actual current requirements specify an objective and don’t specify a method.

Now, I’m not against prescribing a method, but the method prescribed does need to achieve the original objective, and I think the proposed method is inadequate to do that…

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180119/96adb15f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3321 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180119/96adb15f/attachment.p7s>


More information about the Public mailing list