[cabf_validation] Domain Validation Update

J.C. Jones jjones at mozilla.com
Thu Mar 24 10:36:04 MST 2016


On Thu, Mar 24, 2016 at 10:28 AM, Doug Beattie <doug.beattie at globalsign.com>
wrote:
> Or: Verification by TLS using a Random Number

That sounds good to me as well.

> When it gets down to details, I think you’re going to need to add via
Authorized Port in your detailed description for the same reasons we needed
to add that to the Test Certificate option.  If you don’t, then someone
without admin permissions could configure the server on an “open” port and
get a cert.

Already on it. On the 3-11 draft, Authorized Port is included already:

""" 10. Confirming the Applicant's control over the requested FQDN by
confirming the presence of a Random Value within a Certificate which is
accessible by the CA via TLS over an Authorized Port. """

Thanks again!
J.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20160324/8145a2b3/attachment.html 


More information about the Validation mailing list