[cabf_validation] FW: Authentication for IP addresses

Bruce Morton Bruce.Morton at entrustdatacard.com
Thu Nov 17 09:16:49 MST 2016


FYI, previous input from Doug.

Bruce.

From: validation-bounces at cabforum.org [mailto:validation-bounces at cabforum.org] On Behalf Of Doug Beattie
Sent: Wednesday, August 24, 2016 4:52 PM
To: validation (validation at cabforum.org) <validation at cabforum.org>
Subject: [cabf_validation] Authentication for IP addresses

Should we update section 3.2.2.5  so it better aligns with the new DV methods we just updated?

Current section:

1. Having the Applicant demonstrate practical control over the IP Address by making an agreed‐upon change to information found on an online Web page identified by a uniform resource identifier containing the IP Address;
2. Obtaining documentation of IP address assignment from the Internet Assigned Numbers Authority (IANA) or a Regional Internet Registry (RIPE, APNIC, ARIN, AfriNIC, LACNIC);
3. Performing a reverse‐IP address lookup and then verifying control over the resulting Domain Name under Section 3.2.2.4; or
4. Using any other method of confirmation, provided that the CA maintains documented evidence that the method of confirmation establishes that the Applicant has control over the IP Address to at least the same level of assurance as the methods previously described.

Item 1 should be more like this:


1.      Confirming the Applicants control over the IP address by making an agreed upon change to the web site in accordance with the process defined in 3.2.2.4.6 (except replace FQDN with IP address)

Item 2 is probably OK

Item 3: Doing a reverse DNS look-up and then demonstrating domain control for that domain in accordance with any method in section 3.2.2.4 - is that still acceptable?

We should delete item 4 (any other method).

Doug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20161117/65f27611/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <http://cabforum.org/pipermail/validation/attachments/20161117/65f27611/attachment.txt>


More information about the Validation mailing list