[Servercert-wg] SC-070: Clarify the use of DTPs for Domain Control Validation
Peter Miškovič
Peter.Miskovic at disig.sk
Mon Feb 19 08:18:02 UTC 2024
Disig votes "YES" on Ballot SC-070: Clarify the use of DTPs for Domain Control Validation.
Regards
Peter Miskovic
-----Original Message-----
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of servercert-wg-request at cabforum.org
Sent: utorok 13. februára 2024 17:58
To: servercert-wg at cabforum.org
Subject: Servercert-wg Digest, Vol 68, Issue 31
Send Servercert-wg mailing list submissions to
servercert-wg at cabforum.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.cabforum.org/mailman/listinfo/servercert-wg
or, via email, send a message with subject or body 'help' to
servercert-wg-request at cabforum.org
You can reach the person managing the list at
servercert-wg-owner at cabforum.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Servercert-wg digest..."
Today's Topics:
1. [Voting Period Begins] SC-070: Clarify the use of DTPs for
Domain Control Validation (Aaron Gable)
----------------------------------------------------------------------
Message: 1
Date: Tue, 13 Feb 2024 08:56:39 -0800
From: Aaron Gable <aaron at letsencrypt.org>
To: "CA/B Forum Server Certificate WG Public Discussion List"
<servercert-wg at cabforum.org>
Subject: [Servercert-wg] [Voting Period Begins] SC-070: Clarify the
use of DTPs for Domain Control Validation
Message-ID:
<CAEmnErcsUCkUqRVBP5Gzu2-dMJWQ_0F=rvNG7+_a1az0U7PM_g at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
This new voting period is to fix a typo in the End timestamp of the voting period for the previous version of this ballot. The contents of the motion itself are identical. My apologies for the confusion.
This ballot aims to clarify the existing language around the use of delegated third-parties during domain and IP address control validation. It leaves the existing language in place, and adds specifics for the cases of DNS queries, WHOIS lookups, and contact with the Domain Name Registrat or IP Address Registration Authority.
Additionally, it places these same restrictions on CAA checking, with an effective date of 2024-05-15.
This ballot is proposed by Aaron Gable (ISRG / Let's Encrypt) and endorsed by Mads Henriksveen (Buypass) and Dimitris Zacharopoulos (HARICA). You can view and comment on the github pull request representing this ballot here:
https://github.com/cabforum/servercert/puhttps://lists.cabforum.org/pipermail/servercert-wg/2024-February/004174.htmlll/475
<https://github.com/cabforum/servercert/pull/475>
The preceding discussion can be seen here:
https://lists.cabforum.org/pipermail/servercert-wg/2024-February/004174.html
--- Motion Begins ---
This ballot modifies the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" ("Baseline Requirements") based on Version 2.0.2
MODIFY the Baseline Requirements as specified in the following redline:
https://github.com/cabforum/servercert/compare/41f01640748fa612386f8b1a3031cd1bff3d4f35...00ea6e24c474fd0ab6eecc25cb8eb733fffc60c3
--- Motion Ends ---
Discussion (at least 7 days):
- Start: 2024-02-02 22:30 UTC
- End: 2024-02-12 22:30 UTC
Vote for approval (7 days):
- Start: 2024-02-13 17:00 UTC
- End: 2024-02-20 17:00 UTC
Thanks,
Aaron
More information about the Servercert-wg
mailing list