[cabf_validation] CNAME ballot

Jeremy Rowley jeremy.rowley at digicert.com
Thu Dec 1 08:47:25 MST 2016

This is the CNAME ballot discussed last week:

Confirming the Applicant's control over the requested FQDN by confirming the
presence of a Random Value or Request Token in a DNS TXT, CNAME, or CAA
record for an Authorization Domain Name or an Authorization Domain Name that
is prefixed with a label that begins with an underscore character. 

If a Random Value is used, the CA or Delegated Third Party SHALL provide a
Random Value unique to the certificate request and SHALL not use the Random
Value after (i) 30 days or (ii) if the Applicant submitted the certificate
request, the timeframe permitted for reuse of validated information relevant
to the certificate (such as in Section 3.3.1 of these Guidelines or Section
11.14.3 of the EV Guidelines). 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20161201/922a9a02/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20161201/922a9a02/attachment.bin>

More information about the Validation mailing list