[cabf_validation] domain registrar as an applicant
jimmy at it.auth.gr
Mon Oct 22 08:26:18 MST 2018
On 22/10/2018 4:23 μμ, Adriano Santoni via Validation wrote:
> In fact, I cannot describe any such process based on the current BRs.
> Just wanted to see if anybody had a different opinion...
Based on the recent amendment of the definition of *Domain Contact*:
"The Domain Name Registrant, technical contact, or administrative
contract (or the equivalent under a ccTLD) as listed in the WHOIS record
of the Base Domain Name or in a DNS SOA record, or as obtained through
direct contact with the Domain Name Registrar"
you can retrieve this information from a Domain Name Registrar (again,
as defined in 1.6.1). Once you have the Domain Contact for a specific
Domain Name, you can use for example 184.108.40.206.2 to send an e-mail,
220.127.116.11.3 to call, and so on, to validate the Domain.
Perhaps I have not understood your message correctly but I don't see any
"doubt" or ambiguity in the BRs regarding this requirement. You usually
start with some TLD and work towards the Base Domain Name.
> Il 22/10/2018 15:10, Ryan Sleevi ha scritto:
>> I think any CA advocating that would need to describe under 18.104.22.168
>> which method they're using to validate. Could you explain a process
>> that a CA could use that compiles with one of the 22.214.171.124 validation
>> methods that meets that?
>> There had been some discussion about proposing additional methods -
>> what, during the validation work, had been suggested as "126.96.36.199.13",
>> which was a modification proposed by Peter Bowen at Amazon that would
>> have allowed greater flexibility while still achieving the same
>> security objectives of 188.8.131.52.12, in a more interoperable way.
>> However, Peter didn't push that forward as .13, and no other member
>> stepped up to do so.
>> On Mon, Oct 22, 2018 at 5:25 AM Adriano Santoni via Validation
>> <validation at cabforum.org <mailto:validation at cabforum.org>> wrote:
>> I'd like to get some opinions on the following doubt.
>> Can it be inferred, from the BRs, that the entity which is is
>> officialy designated (e.g. by governmental acts) as the /unique/
>> registrar of a certain domain also /controls/ that domain and is
>> therefore "entitled" (subject to the remaining checks required by
>> the BRs) to receive SSL server certificates for such domain and
>> all subdomains thereof? I mean, can we draw this conclusion based
>> on "just" the official documental evidences (e.g. by governmental
>> acts) ? Section 184.108.40.206 of the BRs seems not to allow that - or
>> not too clearly, at any rate.
>> (Please note that I am not referring to the particular
>> circumstance addressed by 220.127.116.11.12 of the BRs)
>> Validation mailing list
>> Validation at cabforum.org <mailto:Validation at cabforum.org>
> Validation mailing list
> Validation at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Validation