[cabf_validation] Domain Validation Update

Peter Bowen pzb at amzn.com
Fri Mar 11 07:02:39 MST 2016


I suggest we change the introduction (lines A & B) to read

3.2.2.4. Authorization by Domain Name Registrant

The CA SHALL confirm that, as of the date the Certificate issues, either the CA or a Delegated Third Party has confirmed, for each Fully-Qualified Domain Name (FQDN) in the Certificate, the authority of the Applicant to receive a Certificate containing the FQDN using at least one of the methods listed below.

Completed confirmations of Applicant authority may be valid for the issuance of multiple certificates over time.  In all cases, the confirmation must have been initiated no more than 39 months prior to certificate issuance.

For purposes of domain validation, the term Applicant includes the Applicant’s Parent Company, Subsidiary Company, or Affiliate.


There has been lots of discussion about the model where a CA validates domain authorization prior to receiving a specific certificate request.  I think that this revised text should assist in clarifying the situation.  It also make it very clear that the 39 month re-use rule applies to domain authorizations, rather than having to infer it based on the text in "Identification and Authentication for Routine Re‐key”.

Thanks,
Peter


> On Mar 10, 2016, at 9:34 PM, Jeremy Rowley <jeremy.rowley at digicert.com> wrote:
> 
> Here’s the updated domain validation draft based on today’s discussion (and a couple of attempts to clarify items of confusion).  I look forward to the comments.
> <Domain Validation Draft (3-11-2016).docx>_______________________________________________
> Validation mailing list
> Validation at cabforum.org <mailto:Validation at cabforum.org>
> https://cabforum.org/mailman/listinfo/validation <https://cabforum.org/mailman/listinfo/validation>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20160311/70712b71/attachment-0001.html 


More information about the Validation mailing list