[cabfpub] DV issuance for next-generation onion services

Gervase Markham gerv at mozilla.org
Fri Nov 3 09:46:10 UTC 2017

On 03/11/17 00:14, Seth David Schoen via Public wrote:
> I would like to invite discussion of the prospect of a future ballot
> extending the current Ballot 201 permission to issue EV certificates for
> .onion names to also permit DV issuance -- otherwise following existing
> BR rules on allowable DV validation methods wherever any of the allowed
> methods can reasonably be applied to validating control of an onion
> service -- for subject names that are NG onion names.  It would be great
> to hear Forum members' opinions on this topic.

I think you make a good case. We would need to specify carefully which
validation methods make sense but other than that, I agree that the
cryptographic improvements in NG names make the EV requirement
superfluous, and that DV should be permitted.


More information about the Public mailing list