[cabf_validation] Validation by telephone
Jeremy Rowley
jeremy.rowley at digicert.com
Thu Jan 14 18:12:04 MST 2016
Here are the two telephone validation processes split out from the email:
2. Confirming the Applicant's domain ownership or control by receiving
confirmation of the certificate's request from the Domain Name Registrant
where (i) the certificate request is confirmed by communicating with the
Domain Name Registrant using a postal address or by email, (ii) the address
or email used for communicating with the Domain Name Registrant is either
(a) provided by the Domain Name Registrar or (b) listed in the WHOIS
record's "registration", "technical", or "administrative" field, (ii) the
confirmation of the certificate's request contains a Random Value unique to
the Applicant, and (iii) the Applicant responds to the communication with a
response confirming the Applicant's receipt of the Random Value; or
3. Confirming the Applicant's domain ownership or control by receiving
confirmation of the certificate request from the Domain Name Registrant
where the certificate request is confirmed by communicating with the Domain
Name Registrant using a telephone number provided by either (i) the Domain
Name Registrar or (ii) listed in the WHOIS record's "registrant",
"technical", or "administrative" field; or
Alternative:
2. Confirming the Applicant's domain ownership or control by communicating
with the Domain Name Registrant using a postal address or by email where
(ii) the address or email of the Domain Name Registrant is either (a)
provided by the Domain Name Registrar or (b) is listed in the WHOIS record's
"registration", "technical", or "administrative" field, (ii) the
confirmation of the certificate's request contains a Random Value unique to
the Applicant, and (iii) the Applicant responds to the communication with a
response confirming the Applicant's receipt of the Random Value; or
3. Confirming the Applicant's domain ownership or control by communicating
with the Domain Name Registrant using a telephone number that is either (i)
provided by the Domain Name Registrar or (ii) listed in the WHOIS record's
"registrant", "technical", or "administrative" field; or
I liked #1 because it required that there be a confirmation of the
certificate request from the Domain Name Registrant. It's not just simply
calling a number (or sending an email) that contains no information about
the purpose of the email/call.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20160115/bcb13ea0/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
Url : https://cabforum.org/pipermail/validation/attachments/20160115/bcb13ea0/attachment.bin
More information about the Validation
mailing list