[cabfpub] Ballot 218: Remove validation methods #1 and #5

[Ryan Sleevi]

On Fri, Jan 12, 2018 at 2:07 PM, Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:

>
>
> I made some edits to the pull request:
>
>
>
> https://github.com/cabforum/documents/pull/79/commits/
> 665e6688f95d305a9363a988c184232436b21263
>
>
>
> Gerv might want to take a look at how I handled 3.2.2.4.11.
>
>
>
> In 3.2.2.4.12, shouldn’t it be Applicant Representative instead of
> Applicant?  Applicant is an organization, Applicant Representative is a
> person.
>

Thanks Tim!

I think it's correct as Applicant, since the use case we're discussing is
the sort of logical account (e.g. the Applicant is the entity who requests
the certificate, and is also the Domain Registrant).

I think supporting this would be looking at how 3.2.2.4.3 handles
"Applicant's request" rather than "Applicant Representative's request" -
which I think is the same manifestation of the point you're raising here.

That said, I can also see an argument that both 3.2.2.4.3 and this should
be using "Applicant Representative", because you wouldn't want "just
anyone" from Google to be able to get a certificate. Put differently, if
you were to call Google and ask "Can Google request a certificate for
google.com", the answer is always yes. If your question is "Can Ryan Sleevi
request a certificate for google.com", the answer is ... Maybe ;)

However, even with that, I think "Applicant" is still the better/correct
answer, and think any risk is mitigated by the "Domain Contact" language
requiring that it not just be "an Employee of Google" but the "Domain Name
Registrant, technical contact, or administrative contract", where
Registrant is similarly scoped as "the person(s) or entity(ies) registered
with a Domain Name Registrar as having the right to control how a Domain
Name is used"

Would you agree?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180112/04333d3b/attachment-0003.html>