[cabf_validation] In-use IP address validation methods

Quirin Scheitle scheitle at net.in.tum.de
Fri Feb 2 08:12:04 MST 2018


Hi Doug,

thank you for sharing these! 

In the spirit of our call yesterday, and with special attention to dynamically assigned IPs, I would group IANA-based methods 1-3 as providing a (hopefully) quite stable ownership validation, while methods 4+5 may only prove temporary control of a dynamic IP address? 

Elaborating on 5, there are DNS servers that will set the rDNS pointer dynamically to a hostname you register via DHCP. 
These might not be many, but there will be cases where the rDNS pointer can be controlled by a short-time assignee of an IP address. 

Would that be a correct interpretation at this stage of our discussion?

Kind regards
Quirin


> On 2. Feb 2018, at 15:25, Doug Beattie via Validation <validation at cabforum.org> wrote:
> 
> Hi Tim,
> 
> GlobalSign uses the following methods to validate IP addresses:
> - Verify that the org owns the IP address via IANA, RIPE, etc.
> - Email verification via IANA (ARIN RIPE, APNIC, LACNIC, AFRINIC)  supplied info for the IP address
> - Phone verification via IANA (ARIN RIPE, APNIC, LACNIC, AFRINIC)  supplied info for the IP address
> - HTTP/web site change
> - Reverse DNS look-up of the IP and then validate the domain using one of the approved domain validation methods in 3.2.2.4
> 
> Doug
> 
> Doug Beattie
> Vice President of Product Management
> GlobalSign
> Two International Drive | Suite 150 | Portsmouth, NH 03801
> Email: doug.beattie at globalsign.com<mailto:doug.beattie at globalsign.com>
> www.globalsign.com<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.globalsign.com_&d=AwMFAg&c=qRq7a-87GiVVW7v8KD1gdQ&r=yL2kJgSsccUq5VcaUHiaiErHSMoqqBV4kmZtle8pI0U&m=7LSnl4Q_Qu_BEe5I_P8WSvWs0evmNYHNhThvhJlrvzE&s=8HjQZHbWrcD_ik5cm6C2gK7iPzU_KT9tF7RSZfrF1c0&e=>
> 
> <winmail.dat>_______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://cabforum.org/mailman/listinfo/validation



More information about the Validation mailing list