[cabf_validation] Updated draft domain validation ballot for discussion on Thursday's call

Jeremy Rowley jeremy.rowley at digicert.com
Wed Aug 26 22:34:03 MST 2015


I don’t think you should have to use “a value that is unpredictable and previously unknown to the applicant” on D, E, and F. You’re communicating directly with the registrar or applicant.  How would you even do this by phone? Plus unpredictable is not well-defined at this point.

I also have issues with Authorized Port, which is not defined, and requiring a Random Value for H. The point is that the information is being placed into the .well-known directory, not that the value is random. I don’t think we should call it “DV” either as that causes confusion between the type of validation and the three different types of certificates.  It should be “validation” or something similar.

The change in J omits that a CNAME record could point to the DNS record.  This is not Random Value or Request Token but is (imo) better than a random value in a TXT record. CNAME validation appears inadvertently omitted and should be reinserted.

On H, methods 2, 3, and 4 do not necessarily require an email challenge. A telephone one is acceptable.

Jeremy

From: validation-bounces at cabforum.org [mailto:validation-bounces at cabforum.org] On Behalf Of kirk_hall at trendmicro.com
Sent: Wednesday, August 26, 2015 3:34 PM
To: validation at cabforum.org
Subject: [cabf_validation] Updated draft domain validation ballot for discussion on Thursday's call

I incorporated some additional comments and suggestions in the attached draft domain validation ballot (dated 8/26/2015) for discussion on Thursday's call – changes from the prior draft are shown in red.

Let’s work from this on our call tomorrow morning.

Kirk



TREND MICRO EMAIL NOTICE

The information contained in this email and any attachments is confidential

and may be subject to copyright or other intellectual property protection.

If you are not the intended recipient, you are not authorized to use or

disclose this information, and we request that you notify us by reply mail or

telephone and delete the original message from your mail system.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20150827/0d39ff47/attachment.html 


More information about the Validation mailing list