[cabfpub] [EXTERNAL] Verification of Domain Contact and Domain Authorization Document
Geoff Keating
geoffk at apple.com
Fri Jan 19 19:51:32 UTC 2018
> On Jan 19, 2018, at 11:23 AM, Kirk Hall <Kirk.Hall at entrustdatacard.com> wrote:
>
> First, I think everyone knows what CAs are supposed to do under Method 1
I’m fairly sure this is not the case…
> , and the lack of misissuance reports means CAs are doing it right. Here’s how Method 1 starts now:
>
> “Conforming the Applicant's control over the FQDN by validating the Applicant as the Domain Contact by verifying that: ***”
You can see why I think CAs might not know what they’re supposed to do, because the above quote is not the actual words from the the Baseline Requirements! Right now, in BR 1.5.4, Method 1 starts with these words:
> Confirming the Applicant's control over the FQDN by validating the Applicant is the Domain Contact directly with the Domain Name Registrar. This method may only be used if:
Your version prescribes a method. The actual current requirements specify an objective and don’t specify a method.
Now, I’m not against prescribing a method, but the method prescribed does need to achieve the original objective, and I think the proposed method is inadequate to do that…
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180119/96adb15f/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3321 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180119/96adb15f/attachment-0003.p7s>
More information about the Public
mailing list