[cabf_validation] domain registrar as an applicant
Ryan Sleevi
sleevi at google.com
Mon Oct 22 08:31:42 MST 2018
On Mon, Oct 22, 2018 at 11:26 AM Dimitris Zacharopoulos <jimmy at it.auth.gr>
wrote:
> On 22/10/2018 4:23 μμ, Adriano Santoni via Validation wrote:
>
> In fact, I cannot describe any such process based on the current BRs. Just
> wanted to see if anybody had a different opinion...
>
>
>
> Adriano,
>
> Based on the recent amendment of the definition of *Domain Contact*: "The
> Domain Name Registrant, technical contact, or administrative contract (or
> the equivalent under a ccTLD) as listed in the WHOIS record of the Base
> Domain Name or in a DNS SOA record, or as obtained through direct contact
> with the Domain Name Registrar"
>
> you can retrieve this information from a Domain Name Registrar (again, as
> defined in 1.6.1). Once you have the Domain Contact for a specific Domain
> Name, you can use for example 3.2.2.4.2 to send an e-mail, 3.2.2.4.3 to
> call, and so on, to validate the Domain.
>
> Perhaps I have not understood your message correctly but I don't see any
> "doubt" or ambiguity in the BRs regarding this requirement. You usually
> start with some TLD and work towards the Base Domain Name.
>
That doesn't seem to match the question, which is why I prodded for a
defined process under 3.2.2.4.
If the question is whether or not it can be "inferred" whether the entity
/controls/ the domain, subject to the _remaining_ (emphasis added) checks,
that doesn't seem to match any of the described methods of 3.2.2.4. That
said, you're correct that you can bootstrap a process using 3.2.2.4
permitted methods where applicable, using Domain Contact. However, the
definition of Domain Registrar didn't necessarily gel with the described
system.
I highlight all of this to make sure that it's very precise, for any CA
proposing to use this method, to bear the burden of proof in very
specifically demonstrating how the validation process complies with one of
the permitted 3.2.2.4 methods. In a variety of situations, it can be done,
but it cannot be inferred nor skipped, nor is government act sufficient
in-and-of-itself (c.f. the terminology of Registrar is more restrictive in
that regard)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20181022/e770cb7f/attachment.html>
More information about the Validation
mailing list