[cabf_validation] Required Website Content

J.C. Jones jjones at mozilla.com
Thu Dec 1 10:15:29 MST 2016


Rick,

I'm OK with striking the term "Required Website Content" and using "Request
Token or Random Value" without adding in the additional unique
identification of the Subscriber clause. Or we could change "Required
Website Content" to just be a stand-in for "Either a Random Value or a
Request Token."

That said, ACME does need "Random Value" part of that clause, as its
authorization flow is not compatible with the first clause of "Request
Token", as when ACME clients validate domains they do not yet have a
'certificate request' (assuming still that means a CSR).

Cheers,
J.C.

On Fri, Nov 18, 2016 at 6:48 PM, Rick Andrews via Validation <
validation at cabforum.org> wrote:

> It seems like “Required Website Content” is cruft left over from the
> Ballot 169 changes.
>
> It’s defined as “Either a Random Value or a Request Token, together with
> additional information that uniquely identifies the Subscriber, as
> specified by the CA.”
>
> But then in 3.2.2.4.6 Agreed‐Upon Change to Website, it’s an alternative
> to Request Token and Random Value. It doesn’t seem to add any value, as I
> can use Request Token or Random Value without “additional information
> that uniquely identifies the Subscriber”.
>
> Should we strike it from the BRs?
>
> -Rick
>
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://cabforum.org/mailman/listinfo/validation
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20161201/f6a927b9/attachment.html>


More information about the Validation mailing list