[cabf_validation] In-use IP address validation methods
scheitle at net.in.tum.de
Fri Feb 2 08:12:04 MST 2018
thank you for sharing these!
In the spirit of our call yesterday, and with special attention to dynamically assigned IPs, I would group IANA-based methods 1-3 as providing a (hopefully) quite stable ownership validation, while methods 4+5 may only prove temporary control of a dynamic IP address?
Elaborating on 5, there are DNS servers that will set the rDNS pointer dynamically to a hostname you register via DHCP.
These might not be many, but there will be cases where the rDNS pointer can be controlled by a short-time assignee of an IP address.
Would that be a correct interpretation at this stage of our discussion?
> On 2. Feb 2018, at 15:25, Doug Beattie via Validation <validation at cabforum.org> wrote:
> Hi Tim,
> GlobalSign uses the following methods to validate IP addresses:
> - Verify that the org owns the IP address via IANA, RIPE, etc.
> - Email verification via IANA (ARIN RIPE, APNIC, LACNIC, AFRINIC) supplied info for the IP address
> - Phone verification via IANA (ARIN RIPE, APNIC, LACNIC, AFRINIC) supplied info for the IP address
> - HTTP/web site change
> - Reverse DNS look-up of the IP and then validate the domain using one of the approved domain validation methods in 220.127.116.11
> Doug Beattie
> Vice President of Product Management
> Two International Drive | Suite 150 | Portsmouth, NH 03801
> Email: doug.beattie at globalsign.com<mailto:doug.beattie at globalsign.com>
> Validation mailing list
> Validation at cabforum.org
More information about the Validation