[cabf_validation] Updating BR 3.2.2.4.10

Wayne Thayer wthayer at gmail.com
Wed Jun 17 18:20:53 MST 2020


Is RFC 8737 far enough along now that we can proceed to remove domain
validation method 10 (TLS Using a Random Number) and replace it with the
TLS-ALPN Challenge? The RFC appears to still be awaiting IANA approval (
https://datatracker.ietf.org/doc/rfc8737/).

Here is proposed language:

https://github.com/wthayer/documents/pull/11/files

There are a few issues worth discussing before turning this into a ballot:

* Should the new method permit reuse of the validation for other FQDNs
sharing the same authorization domain name and for wildcard validation?
* Given that multiple root store operators have banned the old method, is
there any need for a future sunset date on the method or validations
performed with it?
* Do validations that comply with the new method that were performed prior
to the effective date of this ballot need to be explicitly permitted?
* Other than expiring the token after 30 days, are there any other
requirements that we need to add to those specified in the RFC?

- Wayne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20200617/7ad75da3/attachment.html>


More information about the Validation mailing list