[Servercert-wg] Voting begins: Ballot SC19 - Phone Contact with DNS CAA Phone Contact v2

Devon O'Brien asymmetric at google.com
Sun May 19 18:20:03 MST 2019 

Google votes YES on SC19 v2

On Mon, May 13, 2019 at 12:16 PM Doug Beattie via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Purpose of Ballot: This ballot will permit domain owners to publish phone
> numbers in a DNS CAA record for the purposes of performing domain
> validation.
>
> The following motion has been proposed by Doug Beattie of GlobalSign and
> endorsed Tim Hollebeek of DigiCert and Bruce Morton from Entrust.
>
> --- MOTION BEGINS ---
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” as follows, based on Version
> 1.6.4.
>
>
>
> Add the following definition to section 1.6.1:
>
> DNS CAA Phone Contact: The phone number defined in section B.1.2.
>
>
>
> Add the following Acronym to section 1.6.2:
>
> ADN      Authorization Doman Name
>
>
>
>
>
> Add Section 3.2.2.4.17 as follows:
>
> 3.2.2.4.17 Phone Contact with DNS CAA Phone Contact
>
> Confirm the Applicant's control over the FQDN by calling the DNS CAA Phone
> Contact’s phone number and obtain a confirming response to validate the
> ADN. Each phone call MAY confirm control of multiple ADNs provided that the
> same DNS CAA Phone Contact phone number is listed for each ADN being
> verified and they provide a confirming response for each ADN. The
> relevant CAA Resource Record Set MUST be found using the search algorithm
> defined in RFC 6844 Section 4, as amended by Errata 5065 (Appendix A).
>
> The CA MUST NOT be transferred or request to be transferred as this phone
> number has been specifically listed for the purposes of Domain Validation.
>
>
> In the event of reaching voicemail, the CA may leave the Random Value and
> the ADN(s) being validated.  The Random Value MUST be returned to the CA to
> approve the request.
>
> The Random Value SHALL remain valid for use in a confirming response for
> no more than 30 days from its creation. The CPS MAY specify a shorter
> validity period for Random Values.
>
> Note: Once the FQDN has been validated using this method, the CA MAY also
> issue Certificates for other FQDNs that end with all the labels of the
> validated FQDN.  This method is suitable for validating Wildcard Domain
> Names.
>
>
>
> Add appendix section B.1.2 as follows:
>
> B.1.2. CAA contactphone Property
>
> SYNTAX: contactphone <rfc3966 Global Number>
>
> The CAA contactphone property takes a phone number as its parameter.  The
> entire parameter value MUST be a valid Global Number as defined in RFC 3966
> section 5.1.4, or it cannot be used.  Global Numbers MUST have a preceding
> + and a country code and MAY contain visual separators.
>
> The following is an example where the holder of the domain specified the
> contact property using a phone number.
>
> $ORIGIN example.com
> <https://clicktime.symantec.com/a/1/RrrP5wlUIQO0UEjES80UukJCFmwihBc7ewjfd-b_CQw=?d=_T97g78l-8OxNi8y9HcnecBd6kOhpD4OMPofFY5ICoU11DJf_5A8WZNy9Ebhlk9EU1493o-cw2ufBrk_KyPjP5jHjWZzBrywM79-63FKXl0bNo6iQsoyJwUlSACCytubGSMK9qpRH2MMU3bDA-kNpoYQInVxfDn3HxqzwxirEY0OaC96e1cfUzdUtTHmBFANU7rJUC6wy8soSb3QC_xlnCShaNi5Dn4rBvui7cTKJNS-Y0rysL60AtYs5PIgO8BiMU9RbE25y_Ub-CWOD0mq6DU2VTir5ewnM5lteZQV7NKGVir566yr6VusFmdDsnGQ7IN04SOYzJHJ0BaQpW1ldsZnIdQMElOtzWgjqhZv1HbbsTJ1GTsBHUaqxrljTvKis2p07PvKBJLDUpH-4i2DTtJHidnrZuTVshduGxPcI5Plt1RPbE73ddIdkv3bT2720-0vs-vGYu5n6XuxDtgIVIor3qxDksjD_3yy38MvvVbzZwqrNPfB5NYZPw%3D%3D&u=http%3A%2F%2Fexample.com>
> .
>
>     CAA 0 contactphone "+1 (555) 123-4567"
>
> The contactphone property MAY be critical if the domain owner does not
> want CAs who do not understand it to issue certificates for the domain.
>
> --- MOTION ENDS ---
>
>
>
> *** WARNING ***: USE AT YOUR OWN RISK.  THE REDLINE BELOW IS NOT THE
> OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
>
>
>
> A comparison of the changes can be found at (while the link name may be
> misleading, this is an accurate redline for SC19):
>
>
> https://github.com/dougbeattie/documents/compare/master...dougbeattie:SC18-v1-CAA-Phone-Validation
>
>
>
> The procedure for approval of this ballot is as follows:
>
>
>
> Discussion (7+ days)
>
>
>
> Start Time: 2019-05-02   12:00 Eastern
>
> End Time: Not before 2019-05-09   12:00 Eastern
>
>
>
> Vote for approval (7 days)
>
>
>
> Start Time: 2019-05-13   16:30 Eastern
>
> End Time: 2019-05-20   16:30 Eastern
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190519/4db1e868/attachment-0001.html>

More information about the Servercert-wg mailing list