[Servercert-wg] 3.2.2.4.13 is wrong in BR.md on Github
Richard Smith
rich at sectigo.com
Wed Feb 13 09:21:38 MST 2019
Ballot SC13 appears to have been incorrectly applied to Github.
3.2.2.4.13 in Github reads:
3.2.2.4.13: Domain Owner Email published in DNS
Confirming the Applicant's control over the FQDN by sending a Random Value
via email and then receiving a confirming response utilizing the Random
Value. The Random Value MUST be sent to a DNS TXT Record Email Contact for
the Authorization Domain Name selected to validate the FQDN.
Each email MAY confirm control of multiple FQDNs, provided that each email
address is DNS TXT Record Email Contact for each Authorization Domain Name
being validated. The same email MAY be sent to multiple recipients as long
as all recipients are DNS TXT Record Email Contacts for each Authorization
Domain Name being validated.
The Random Value SHALL be unique in each email. The email MAY be re-sent in
its entirety, including the re-use of the Random Value, provided that its
entire contents and recipient(s) SHALL remain unchanged. The Random Value
SHALL remain valid for use in a confirming response for no more than 30 days
from its creation. The CPS MAY specify a shorter validity period for Random
Values.
Note: Once the FQDN has been validated using this method, the CA MAY also
issue Certificates for other FQDNs that end with all the labels of the
validated FQDN. This method is suitable for validating Wildcard Domain
Names.
Ballot SC13 reads:
Add Section 3.2.2.4.13: Email to DNS CAA Contact
Confirming the Applicant's control over the FQDN by sending a Random Value
via email and then receiving a confirming response utilizing the Random
Value. The Random Value MUST be sent to a DNS CAA Email Contact. The
relevant CAA Resource Record Set MUST be found using the search algorithm
defined in RFC 6844 Section 4, as amended by Errata 5065 (Appendix A).
Each email MAY confirm control of multiple FQDNs, provided that each email
address is a DNS CAA Email Contact for each Authorization Domain Name being
validated. The same email MAY be sent to multiple recipients as long as all
recipients are DNS CAA Email Contacts for each Authorization Domain Name
being validated.
The Random Value SHALL be unique in each email. The email MAY be re-sent in
its entirety, including the re-use of the Random Value, provided that its
entire contents and recipient(s) SHALL remain unchanged. The Random Value
SHALL remain valid for use in a confirming response for no more than 30 days
from its creation. The CPS MAY specify a shorter validity period for Random
Values.
Note: Once the FQDN has been validated using this method, the CA MAY also
issue Certificates for other FQDNs that end with all the labels of the
validated FQDN. This method is suitable for validating Wildcard Domain
Names.
It looks like 3.2.2.4.14 may have been pasted in twice by mistake. Can
someone who is better with Github than I please fix?
<https://www.facebook.com/Sectigo> <https://www.twitter.com/SectigoHQ>
<https://www.linkedin.com/company/sectigo/>
<https://www.youtube.com/channel/UCpBIBygkjPsEdrGkkWNGOsQ>
Rich Smith
Sr. Compliance Manager
Email: <mailto:rich at sectigo.com> rich at sectigo.com
Web: <https://sectigo.com/> Sectigo.com
This message and any files associated with it may contain legally
privileged, confidential, or proprietary information. If you are not the
intended recipient, you are not permitted to use, copy, or forward it, in
whole or in part without the express consent of the sender. Please notify
the sender by reply email, disregard the foregoing messages, and delete it
immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/d15cc8aa/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6552 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/d15cc8aa/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 843 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/d15cc8aa/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 1120 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/d15cc8aa/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 933 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/d15cc8aa/attachment-0005.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.gif
Type: image/gif
Size: 541 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/d15cc8aa/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5716 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/d15cc8aa/attachment-0001.p7s>
More information about the Servercert-wg
mailing list