[cabf_validation] domain registrar as an applicant

Adriano Santoni adriano.santoni at staff.aruba.it
Mon Oct 22 23:12:06 MST 2018

I concur with Ryan.

Il 22/10/2018 17:31, Ryan Sleevi ha scritto:
> On Mon, Oct 22, 2018 at 11:26 AM Dimitris Zacharopoulos 
> <jimmy at it.auth.gr <mailto:jimmy at it.auth.gr>> wrote:
>     On 22/10/2018 4:23 μμ, Adriano Santoni via Validation wrote:
>>     In fact, I cannot describe any such process based on the current
>>     BRs. Just wanted to see if anybody had a different opinion...
>     Adriano,
>     Based on the recent amendment of the definition of *Domain
>     Contact*: "The Domain Name Registrant, technical contact, or
>     administrative contract (or the equivalent under a ccTLD) as
>     listed in the WHOIS record of the Base Domain Name or in a DNS SOA
>     record, or as obtained through direct contact with the Domain Name
>     Registrar"
>     you can retrieve this information from a Domain Name Registrar
>     (again, as defined in 1.6.1). Once you have the Domain Contact for
>     a specific Domain Name, you can use for example to send
>     an e-mail, to call, and so on, to validate the Domain.
>     Perhaps I have not understood your message correctly but I don't
>     see any "doubt" or ambiguity in the BRs regarding this
>     requirement. You usually start with some TLD and work towards the
>     Base Domain Name.
> That doesn't seem to match the question, which is why I prodded for a 
> defined process under
> If the question is whether or not it can be "inferred" whether the 
> entity /controls/ the domain, subject to the _remaining_ (emphasis 
> added) checks, that doesn't seem to match any of the described methods 
> of That said, you're correct that you can bootstrap a process 
> using permitted methods where applicable, using Domain 
> Contact. However, the definition of Domain Registrar didn't 
> necessarily gel with the described system.
> I highlight all of this to make sure that it's very precise, for any 
> CA proposing to use this method, to bear the burden of proof in very 
> specifically demonstrating how the validation process complies with 
> one of the permitted methods. In a variety of situations, it 
> can be done, but it cannot be inferred nor skipped, nor is government 
> act sufficient in-and-of-itself (c.f. the terminology of Registrar is 
> more restrictive in that regard)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20181023/fa72d42c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3849 bytes
Desc: Firma crittografica S/MIME
URL: <http://cabforum.org/pipermail/validation/attachments/20181023/fa72d42c/attachment.p7s>

More information about the Validation mailing list