[cabf_validation] Authentication for IP addresses

[Doug Beattie]

Should we update section 3.2.2.5  so it better aligns with the new DV methods we just updated?

Current section:

1. Having the Applicant demonstrate practical control over the IP Address by making an agreed‐upon change to information found on an online Web page identified by a uniform resource identifier containing the IP Address;
2. Obtaining documentation of IP address assignment from the Internet Assigned Numbers Authority (IANA) or a Regional Internet Registry (RIPE, APNIC, ARIN, AfriNIC, LACNIC);
3. Performing a reverse‐IP address lookup and then verifying control over the resulting Domain Name under Section 3.2.2.4; or
4. Using any other method of confirmation, provided that the CA maintains documented evidence that the method of confirmation establishes that the Applicant has control over the IP Address to at least the same level of assurance as the methods previously described.

Item 1 should be more like this:


1.       Confirming the Applicants control over the IP address by making an agreed upon change to the web site in accordance with the process defined in 3.2.2.4.6 (except replace FQDN with IP address)

Item 2 is probably OK

Item 3: Doing a reverse DNS look-up and then demonstrating domain control for that domain in accordance with any method in section 3.2.2.4 - is that still acceptable?

We should delete item 4 (any other method).

Doug

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 16948 bytes
Desc: not available
Url : https://cabforum.org/pipermail/validation/attachments/20160824/9a9a41e7/attachment-0001.bin