[cabf_validation] Proposed ballot to remove Required Website Content

Rick Andrews Rick_Andrews at symantec.com
Mon Dec 5 11:12:02 MST 2016


Steve and  I signed us up to produce this ballot for the VWG. Comments are
welcome.

-Rick

Ballot 169 left behind some language around "Required Website Content" that
appears extraneous, so this ballot aims to remove unneeded text. Two options
were given for Agreed‐Upon Change to Website, Required Website Content and
Request Token /Request Value (that should be "Random Value", so I'm
correcting that too). Required Website Content seems to be a superset of
Random Value/Request Token, with the addition of unique Subscriber
identification. Since Random Value/Request Token don't require unique
Subscriber identification, and since Request Token can include additional
information (like Subscriber information), no value seems to be added by
Required Website Content.

-- MOTION BEGINS -

Effective immediately, the follow changes are made to the Baseline
Requirements:

A)	Remove the following from 1.6.1 Definitions:
Required Website Content: Either a Random Value or a Request Token, together
with additional information that uniquely identifies the Subscriber, as
specified by the CA.

B)	Change Section 3.2.2.4.6 Agreed‐Upon Change to Website:
From:
Confirming the Applicant's control over the requested FQDN by confirming one
of the following under the "/.well‐known/pki‐validation" directory, or
another path registered with IANA for the purpose of Domain Validation, on
the Authorization Domain Name that is accessible by the CA via HTTP/HTTPS
over an Authorized Port:
	1. The presence of Required Website Content contained in the content
of a file or on a web page in the form of a meta tag. The entire Required
Website Content MUST NOT appear in the request used to retrieve the file or
web page, or
	2. The presence of the Request Token or Request Value contained in
the content of a file or on a webpage in the form of a meta tag where the
Request Token or Random Value MUST NOT appear in the request.

To:
Confirming the Applicant's control over the requested FQDN by confirming
under the "/.well‐known/pki‐validation" directory, or another path
registered with IANA for the purpose of Domain Validation, on the
Authorization Domain Name that is accessible by the CA via HTTP/HTTPS over
an Authorized Port, the presence of the Request Token or Random Value
contained in the content of a file or on a webpage in the form of a meta tag
where the Request Token or Random Value MUST NOT appear in the request.

---- END BALLOT ----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5725 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20161205/fe655684/attachment-0001.bin>


More information about the Validation mailing list