[cabfpub] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft
Gervase Markham
gerv at mozilla.org
Wed Mar 29 14:42:43 UTC 2017
On 28/03/17 20:11, Peter Bowen wrote:
> I think it would be good to clarify that this does not prevent using
> contractors or third parties for domain validation, but rather requires
> the CA not exclude it from their audit scope. For example, a CA might
> decide to use a service like https://www.whoisxmlapi.com/ to help get
> and parse whois data. This is clearly a third party involved in the
> validation process. The same would be true if the CA uses a service to
> send emails.
>
> What is relevant is that the CA takes responsibility for the process.
Can you propose changes which would have this effect?
Gerv
More information about the Public
mailing list