[cabf_validation] Pre-Ballot 169: Revised Validation Requirements

Doug Beattie doug.beattie at globalsign.com
Fri Apr 29 10:12:13 MST 2016

I'm don’t have a strong feeling, but at one of the prior F2F meetings there was a certain browser representative  that wanted to be sure we locked down the locations and didn’t leave it open.  We could preempt possible pushback by having the list right in the BRs.  I don’t think anyone will have problems getting new ones added as long as the group believes that it’s a URI registered for the purpose of Domain Validation.

As it stands, will it be obvious which values fall into this category?  Will everyone agree that they fall into this category?  
      "...or another path registered with IANA for the purpose of Domain Validation"


-----Original Message-----
From: J.C. Jones [mailto:jjones at mozilla.com] 
Sent: Friday, April 29, 2016 12:47 PM
To: Doug Beattie <doug.beattie at globalsign.com>
Cc: Jeremy Rowley <jeremy.rowley at digicert.com>; validation (validation at cabforum.org) <validation at cabforum.org>
Subject: Re: [cabf_validation] Pre-Ballot 169: Revised Validation Requirements


On Fri, Apr 29, 2016 at 4:55 AM, Doug Beattie <doug.beattie at globalsign.com> wrote:
> 2.       Also in H we say: “..or another path registered with IANA..”  At one point we decided this
> was a bad idea, but I probably missed the request to add it back.  I 
> was assuming we would add the exact path if/when IANA identified one so it was clear what paths are allowed.
> Doug

This was to permit the ACME-specified ".well-known/acme-challenge/"
path, without having to be ACME-specific [1].
While "acme-challenge" is not yet registered at IANA [2], the ACME WG intends to register it before the 6 month adoption period expires.

I think we could aim to be more specific here in a follow-up ballot.

1) https://cabforum.org/pipermail/validation/2016-February/000210.html
2) https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml


More information about the Validation mailing list