[cabf_validation] Domain Authorization Documents

Ben Wilson ben.wilson at digicert.com
Thu Aug 13 08:58:39 MST 2015


As I said on the call, the concept of the Domain Authorization Document is a
stop-gap measure needed to close that last mile in some limited situations.
It isn't something that should be used regularly, but it's needed to enable
SSL issuance when you have performed domain validation, yet the name in
WHOIS does not match the name of the entity in the certificate.  

 

This concept has been through the EVG sausage grinder multiple times-so it
doesn't make sense to go through its entire history.  Suffice it to say that
at one point the Attorney Letter was seen as satisfactory, (section
10.6.2(2)(A)(i),  of v. 1.2 of the EV Guidelines (2010)), and then at some
point in the development of the EV Guidelines, the Domain Authorization
Document was coined as the suggested way of handling private/anonymous
registrations.  In Draft 04, of v. 1.4 (March 2012), the following
definition was proposed, "Domain Authorization Document: Documentation
provided by, or a CA's documentation of a communication with, the domain
name registrar or the person or entity listed in WHOIS as registering the
domain name (including any private, anonymous, or proxy registration
service)  Correspondence or other documentation provided by a Domain Name
Registrant attesting that the Applicant has the exclusive right to use the
specified domain name."  

 

This concept needs to be retained somewhere in the CABF guidelines-not as an
alternative validation method, but as a way to supplement other methods. 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20150813/05e0f321/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
Url : https://cabforum.org/pipermail/validation/attachments/20150813/05e0f321/attachment.bin 


More information about the Validation mailing list