[cabfpub] CAA (was RE: Domain Control Validation)

Ben Wilson ben.wilson at digicert.com
Mon Aug 25 20:29:02 UTC 2014


Good points.  Thanks.

-----Original Message-----
From: Chris Palmer [mailto:palmer at google.com] 
Sent: Monday, August 25, 2014 2:25 PM
To: Ben Wilson
Cc: CABFPub
Subject: Re: [cabfpub] CAA (was RE: Domain Control Validation)

On Mon, Aug 25, 2014 at 1:19 PM, Ben Wilson <ben.wilson at digicert.com> wrote:

> Ben W. said, “if the CA gives the applicant a code that they need to 
> put in the TXT record, and that happens,” and
>
> Ryan S. replied, “I think a CA-generated code with the DNS admin 
> placing it is equivalent to mechanisms 1-6 for control demonstration purposes”.
>
> I think we ought to allow this as another method of confirming domain 
> control for purposes of EV.

You'd want to also specify time-limits, one-time-use, and non-replayability for the token.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4998 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140825/0b33ca03/attachment-0001.p7s>


More information about the Public mailing list