[cabfpub] Random value reuse

Jeremy Rowley jeremy.rowley at digicert.com
Fri Jul 28 06:53:12 MST 2017

I think the random value should be tied to a single communication without reuse.  For example, a single email sent to the constructed emails, a single API call, a single phone call, etc.  The random value shouldn’t be tied to a method, but should be tied to a specific communication from the CA that is tied to a request. By getting rid of the reuse language, we can simplify the process and eliminate the risk associated with reuse.


From: Rich Smith [mailto:richard.smith at comodo.com] 
Sent: Friday, July 28, 2017 6:38 AM
To: 'Peter Bowen' <pzb at amzn.com>; 'CA/Browser Forum Public Discussion List' <public at cabforum.org>; Jeremy Rowley <jeremy.rowley at digicert.com>
Subject: RE: [cabfpub] Random value reuse



You make good points.  How about something along the lines of:


The CA SHALL NOT share the random value generated for methods 2 and/or 4 with the Applicant via any other method, but the CA MAY accept that random value for verification under methods 6, 7 and 10.


From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Peter Bowen via Public
Sent: Wednesday, July 26, 2017 12:34 AM
To: Jeremy Rowley <jeremy.rowley at digicert.com <mailto:jeremy.rowley at digicert.com> >; CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: Re: [cabfpub] Random value reuse




This is an interesting question and I the answer is you cannot share a value across all five of the methods you list.


Methods 2 and 4 involve sending the value privately to contacts related to the domain (either from registration data or role mailboxes). The certificate applicant does not know the random value unless they are a contact or the contact gives them the random value.  The CA doesn’t care how it gets the value back for these methods.


On the other hand, 6, 7, and 10 involve giving the applicant the random value and then the CA verifying the applicant could cause it to appear on something related to the domain.  The CA then looks for it at the right point.


If you use the same value for 2/4 and 6/7/10, then the workflow could look like:

- Certificate request

- You generate the random value and give it to the applicant (intending to be used for 6/7/10)

- Applicant turns around and submits it back to you (as if they had gotten it from a domain contact as per 2/4)

Result: No confirmation the applicant is authorized (BAD)


Alternatively, you could:

- Get certificate request

- Send random value to one or more addressed allowed by 2/4

- Then look for the value in a location allowed by 6/7/10

Result: double confirmation (good, but beyond the minimal requirement)


Maybe we should clarify this somehow in







On Jul 25, 2017, at 9:20 PM, Jeremy Rowley via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:


An interesting question came up today in connection with random values used for validation.  Methods 2, 4, 6, 7, and 10 permit use of a random values. Methods 2 and 4, require a unique random value per email. Methods 6, 7, and 10 do not require unique random values per request for the random value. 


Some customers would like to use the same random value across multiple methods (method 2, 6, and 7), having us look for the first instance of the random value, or across multiple domains. Method 6 and 7 require a unique random value per certificate request, not per domain. This means, that the same Random Value can appear in multiple DNS records at once to confirm control. 


The questions raised by this are:

1.	Should the random value be unique per verified domain name instead of per certificate request? With email methods, use of a single email to verify multiple domain names with the same email address makes sense. I’m not sure this makes as much sense for DNS records.  
2.	Can multiple methods use the same random value? Can you request a random value and then the CA just scour the permitted locations to find it? This seems okay to me as nothing requires the CA to specify the method of validation associated with the Random Value, but thought I’d get other opinions.




Public mailing list
 <mailto:Public at cabforum.org> Public at cabforum.org
 <https://cabforum.org/mailman/listinfo/public> https://cabforum.org/mailman/listinfo/public


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170728/ec9e00f7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170728/ec9e00f7/attachment-0001.p7s>

More information about the Public mailing list