[cabf_validation] Proposed ballot to remove Required Website Content

J.C. Jones jjones at mozilla.com
Tue Dec 6 10:20:22 MST 2016


This looks fine to me, Rick.

J.C.

On Mon, Dec 5, 2016 at 8:12 AM, Rick Andrews via Validation <
validation at cabforum.org> wrote:

> Steve and  I signed us up to produce this ballot for the VWG. Comments are
> welcome.
>
> -Rick
>
> Ballot 169 left behind some language around "Required Website Content" that
> appears extraneous, so this ballot aims to remove unneeded text. Two
> options
> were given for Agreed‐Upon Change to Website, Required Website Content and
> Request Token /Request Value (that should be "Random Value", so I'm
> correcting that too). Required Website Content seems to be a superset of
> Random Value/Request Token, with the addition of unique Subscriber
> identification. Since Random Value/Request Token don't require unique
> Subscriber identification, and since Request Token can include additional
> information (like Subscriber information), no value seems to be added by
> Required Website Content.
>
> -- MOTION BEGINS -
>
> Effective immediately, the follow changes are made to the Baseline
> Requirements:
>
> A)      Remove the following from 1.6.1 Definitions:
> Required Website Content: Either a Random Value or a Request Token,
> together
> with additional information that uniquely identifies the Subscriber, as
> specified by the CA.
>
> B)      Change Section 3.2.2.4.6 Agreed‐Upon Change to Website:
> From:
> Confirming the Applicant's control over the requested FQDN by confirming
> one
> of the following under the "/.well‐known/pki‐validation" directory, or
> another path registered with IANA for the purpose of Domain Validation, on
> the Authorization Domain Name that is accessible by the CA via HTTP/HTTPS
> over an Authorized Port:
>         1. The presence of Required Website Content contained in the
> content
> of a file or on a web page in the form of a meta tag. The entire Required
> Website Content MUST NOT appear in the request used to retrieve the file or
> web page, or
>         2. The presence of the Request Token or Request Value contained in
> the content of a file or on a webpage in the form of a meta tag where the
> Request Token or Random Value MUST NOT appear in the request.
>
> To:
> Confirming the Applicant's control over the requested FQDN by confirming
> under the "/.well‐known/pki‐validation" directory, or another path
> registered with IANA for the purpose of Domain Validation, on the
> Authorization Domain Name that is accessible by the CA via HTTP/HTTPS over
> an Authorized Port, the presence of the Request Token or Random Value
> contained in the content of a file or on a webpage in the form of a meta
> tag
> where the Request Token or Random Value MUST NOT appear in the request.
>
> ---- END BALLOT ----
>
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://cabforum.org/mailman/listinfo/validation
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20161206/3f398374/attachment.html>


More information about the Validation mailing list