[cabf_validation] Outline of Method 1 Replacement

Jonathan Rudenberg jonathan at titanous.com
Fri Mar 9 11:53:21 MST 2018


> On Mar 9, 2018, at 13:44, Wayne Thayer via Validation <validation at cabforum.org> wrote:
> 
> My takeaway from the validation summit was that there is some possibility that a more robust version of method #1 can be defined. The concept behind 3.2.2.4.1 was that the Domain Name Registrant (DNR) implicitly permits issuance of certificates for the domain to the organization listed as the DNR.

Is there a compelling reason to bring back a new version of this method? It seems like any modification that adds the appropriate security properties would bring it very close to 3.2.2.4.2 / 3.2.2.4.3. Based on my understanding of the use of this method in the wild, it makes more sense to me for CAs to switch to .2 and .3 for domain ownership authorization and then do necessary additional subject validation with 3.2.2.1 or EVGL 11.8.3.

Jonathan


More information about the Validation mailing list