[cabfpub] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft

Peter Bowen pzb at amzn.com
Tue Mar 28 18:11:37 UTC 2017


> On Mar 28, 2017, at 6:54 AM, Gervase Markham via Public <public at cabforum.org> wrote:
> 
> Here's a draft of a ballot to forbid DTPs from doing Domain Validation, as discussed at the F2F. Again, this is early text, so comments on both the approach and the wording are very welcome.
> 
> Is an Enterprise RA a subset of Delegated Third Party, or a different thing? The BRs seem a little unclear on this. I think they are a separate thing, but there are some bits of wording this ballot modifies or removes that suggest that they are a subset. Comments?

I think it would be good to clarify that this does not prevent using contractors or third parties for domain validation, but rather requires the CA not exclude it from their audit scope.  For example, a CA might decide to use a service like https://www.whoisxmlapi.com/ <https://www.whoisxmlapi.com/> to help get and parse whois data.  This is clearly a third party involved in the validation process.  The same would be true if the CA uses a service to send emails.

What is relevant is that the CA takes responsibility for the process.

Thanks,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170328/dbd2ddf1/attachment-0003.html>


More information about the Public mailing list