[cabf_validation] Updated validation proposal

Rick Andrews Rick_Andrews at symantec.com
Fri Mar 6 18:00:40 MST 2015


Small typo:

"Test Certificate: A Certificate which includes data that renders the Certificate unusable for use by an application software vendor or publicly trusted TLS server such inclusion of a critical extension that is not recognized by any known application software vendor or a certificate issued from a root certificate not subject to these Requirements." Change "such" to "such as"

In all these domain validation methods, wouldn't we want to say that the name of the file or its contents or the DNS record contents are proposed by the CA (like in number 7?) It seems unsafe to let the requester propose what content change they will make.

Number 6 says "Having the Applicant demonstrate control over the FQDN by making an agreed-upon change to information found to a file hosted in the /.well-known/ suffix of the FQDN;" I think you want "in" instead of "to.

Typo in number 9: "Having the Applicant demonstrate practical control over the FQDN by making an agreed-upon change to information found on an online Web page identified by a uniform resource identifier containing the FQDNto a file hosted in the /.well-known/ suffix of the FQDN; or" There's no space between 'FQDN' and 'to', but it seems to run on. They have to make a change to info in an online web page identified by a URI containing the FQDN to a file hosted...?

Number 11 is about using a Test Certificate with an FQDN, but it seems like this would be a great way to validate someone requesting a cert for a public IP address. Can we expand this one?

-Rick

From: validation-bounces at cabforum.org [mailto:validation-bounces at cabforum.org] On Behalf Of Jeremy Rowley
Sent: Friday, March 06, 2015 4:15 PM
To: validation at cabforum.org
Subject: [cabf_validation] Updated validation proposal

Here's an updated draft for discussion next week.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20150306/7de811a5/attachment.html 


More information about the Validation mailing list