[cabfpub] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft

Gervase Markham gerv at mozilla.org
Wed Mar 29 14:42:43 UTC 2017


On 28/03/17 20:11, Peter Bowen wrote:
> I think it would be good to clarify that this does not prevent using
> contractors or third parties for domain validation, but rather requires
> the CA not exclude it from their audit scope.  For example, a CA might
> decide to use a service like https://www.whoisxmlapi.com/ to help get
> and parse whois data.  This is clearly a third party involved in the
> validation process.  The same would be true if the CA uses a service to
> send emails.
> 
> What is relevant is that the CA takes responsibility for the process.

Can you propose changes which would have this effect?

Gerv




More information about the Public mailing list