[cabfpub] Ballot 169 - Revised Validation Requirements

Ben Wilson ben.wilson at digicert.com
Thu Jul 28 15:25:27 UTC 2016


Geoff,
That proposal (to replace "Authorization Domain Name" with "FQDN" in the body of proposed subsection 3.2.2.4.6) was considered and rejected by the working group.
Cheers,
Ben

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Geoff Keating
Sent: Wednesday, July 27, 2016 8:16 PM
To: Kirk Hall <Kirk.Hall at entrust.com>
Cc: CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Ballot 169 - Revised Validation Requirements

I guess you could change “Authorization Domain Name” to “FQDN”, so the start of 3.2.2.4.6 would read:

Confirming the Applicant's control over the requested FQDN by confirming one of the following under the "/.well-known/pki-validation" directory, or another path registered with IANA for the purpose of Domain Validation, on the FQDN that is accessible by the CA via HTTP/HTTPS over an Authorized Port: 

That is, if you’re validating shop.example.com, the web site change has to actually be at shop.example.com, it will not suffice to make the change at example.com.

Another alternative would be to at least require HTTPS on port 443 if you’re validating at other than the FQDN:

Confirming the Applicant's control over the requested FQDN by confirming one of the following under the "/.well-known/pki-validation" directory, or another path registered with IANA for the purpose of Domain Validation, on the FQDN that is accessible by the CA via HTTP/HTTPS over an Authorized Port, or on the Authorization Domain Name via HTTPS over port 443: 

> On 27 Jul 2016, at 6:38 AM, Kirk Hall <Kirk.Hall at entrust.com> wrote:
> 
> Geoff, it will probably take the Forum a long time to amend any of this new domain validation language - do you have an amendment to suggest now for 3.2.2.4.6?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160728/a0ac27ec/attachment-0001.p7s>


More information about the Public mailing list