[Servercert-wg] 3.2.2.4.13 is wrong in BR.md on Github
Wayne Thayer
wthayer at mozilla.com
Wed Feb 13 17:22:02 MST 2019
Thanks for pointing this out Rich. It looks like a mistake in my pull
request - I'll get it fixed ASAP.
Wayne
On Wed, Feb 13, 2019 at 9:21 AM Richard Smith via Servercert-wg <
servercert-wg at cabforum.org> wrote:
> Ballot SC13 appears to have been incorrectly applied to Github.
>
>
>
> 3.2.2.4.13 in Github reads:
>
> 3.2.2.4.13: Domain Owner Email published in DNS
>
> Confirming the Applicant's control over the FQDN by sending a Random Value
> via email and then receiving a confirming response utilizing the Random
> Value. The Random Value MUST be sent to a DNS TXT Record Email Contact for
> the Authorization Domain Name selected to validate the FQDN.
>
>
>
> Each email MAY confirm control of multiple FQDNs, provided that each email
> address is DNS TXT Record Email Contact for each Authorization Domain Name
> being validated. The same email MAY be sent to multiple recipients as long
> as all recipients are DNS TXT Record Email Contacts for each Authorization
> Domain Name being validated.
>
>
>
> The Random Value SHALL be unique in each email. The email MAY be re-sent
> in its entirety, including the re-use of the Random Value, provided that
> its entire contents and recipient(s) SHALL remain unchanged. The Random
> Value SHALL remain valid for use in a confirming response for no more than
> 30 days from its creation. The CPS MAY specify a shorter validity period
> for Random Values.
>
>
>
> Note: Once the FQDN has been validated using this method, the CA MAY also
> issue Certificates for other FQDNs that end with all the labels of the
> validated FQDN. This method is suitable for validating Wildcard Domain
> Names.
>
>
>
> Ballot SC13 reads:
>
> Add Section 3.2.2.4.13: Email to DNS CAA Contact
>
>
>
> Confirming the Applicant’s control over the FQDN by sending a Random Value
> via email and then receiving a confirming response utilizing the Random
> Value. The Random Value MUST be sent to a DNS CAA Email Contact. The
> relevant CAA Resource Record Set MUST be found using the search algorithm
> defined in RFC 6844 Section 4, as amended by Errata 5065 (Appendix A).
>
>
>
> Each email MAY confirm control of multiple FQDNs, provided that each email
> address is a DNS CAA Email Contact for each Authorization Domain Name being
> validated. The same email MAY be sent to multiple recipients as long as
> all recipients are DNS CAA Email Contacts for each Authorization Domain
> Name being validated.
>
>
>
> The Random Value SHALL be unique in each email. The email MAY be re-sent
> in its entirety, including the re-use of the Random Value, provided that
> its entire contents and recipient(s) SHALL remain unchanged. The Random
> Value SHALL remain valid for use in a confirming response for no more than
> 30 days from its creation. The CPS MAY specify a shorter validity period
> for Random Values.
>
>
>
> Note: Once the FQDN has been validated using this method, the CA MAY also
> issue Certificates for other FQDNs that end with all the labels of the
> validated FQDN. This method is suitable for validating Wildcard Domain
> Names.
>
>
>
> It looks like 3.2.2.4.14 may have been pasted in twice by mistake. Can
> someone who is better with Github than I please fix?
>
>
>
>
>
> [image: cid:image002.jpg at 01D47772.3E7CF260]
> <https://www.facebook.com/Sectigo> [image:
> cid:image003.jpg at 01D47772.3E7CF260] <https://www.twitter.com/SectigoHQ> [image:
> cid:image004.jpg at 01D47772.3E7CF260]
> <https://www.linkedin.com/company/sectigo/> [image:
> cid:image005.png at 01D47772.3E7CF260]
> <https://www.youtube.com/channel/UCpBIBygkjPsEdrGkkWNGOsQ>
>
> *Rich Smith*
>
> *Sr. Compliance Manager*
>
> *Email:* rich at sectigo.com
>
> *Web:* Sectigo.com <https://sectigo.com/>
>
>
>
> This message and any files associated with it may contain legally
> privileged, confidential, or proprietary information. If you are not the
> intended recipient, you are not permitted to use, copy, or forward it, in
> whole or in part without the express consent of the sender. Please notify
> the sender by reply email, disregard the foregoing messages, and delete it
> immediately.
>
>
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/b9a0b286/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6552 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/b9a0b286/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 843 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/b9a0b286/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 1120 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/b9a0b286/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 933 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/b9a0b286/attachment-0005.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.gif
Type: image/gif
Size: 541 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190213/b9a0b286/attachment-0001.gif>
More information about the Servercert-wg
mailing list