[Servercert-wg] Replacement for Method 10

Doug Beattie doug.beattie at globalsign.com
Thu Apr 11 08:34:02 MST 2019

As an early recommendation, how does something like this sound for a
replacement to Method 10?


Confirming the Applicant's control over a FQDN by validating domain control
of the FQDN using TLS as specified in this specific IETF specification and
version:  https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05 

Note: Once the FQDN has been validated using this method, the CA MAY also
issue Certificates for other FQDNs that end with all the labels of the
validated FQDN.  This method is suitable for validating Wildcard Domain


According to Let's Encrypt, we should be able to EOL current method 10 by
June 1 as they have transitioned to this new method at least 90 days prior
to this date.  We can also set the EOL date for Method 10 as part of this


Apparently we need to wait until 05 version is final.  When do we expect
that to happen?





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190411/d38e943d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5701 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190411/d38e943d/attachment-0001.p7s>

More information about the Servercert-wg mailing list