[cabf_validation] ACME for EV

Doug Beattie doug.beattie at globalsign.com
Wed Apr 26 16:45:37 UTC 2023

I noticed that the Google survey and the PowerPoint [1]  indicated that some CAs are issuing EV certificates via ACME, and diving deeper, noticed that Sectigo for one supports it [2].  Given ACME domain validation is automated within the ACME protocol and the EVGL have some unique rules around the domain approval process, I was wondering how this all works in a compliant way.  Maybe these CAs don't use the acme protocol for domain validation and rely on pre-validated domains done out of band?

I don't know if these CAs are comfortable sharing their approach in this regard, but with the move to shorter validity certificates and domain reuse periods I'm sure that other CAs would like to understand how this could work.

Thanks in advance for any details that can be shared!


[1] https://cabforum.org/wp-content/uploads/6-CABF-F2F-58-Chrome-Browser-Update-PUBLIC.pdf

[2] https://sectigo.com/resource-library/sectigo-adds-acme-protocol-support-in-certificate-manager-platform-to-automate-ssl-lifecycle-management

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 31726 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20230426/353bc027/attachment-0001.bin>

More information about the Validation mailing list