[cabf_validation] Validation by telephone
Doug Beattie
doug.beattie at globalsign.com
Tue Jan 19 08:47:27 MST 2016
I don't like references to certificate requests because this section isn't
limited to that.
How about this?
Confirming the Applicant's control over the requested FQDN by placing a
phone call to the Domain Name Registrant using a telephone number obtained
from the WHOIS record's "registrant", "technical", or "administrative" field
and confirming the Applicant's request for validation of the FQDN; or
Or
Confirming the Applicant's control over the requested FQDN by calling the
Domain Name Registrant's phone number where the phone number was obtained
from (a) the Domain Name Registrar or (b) the WHOIS record's "registration",
"technical", or "administrative" field, and confirming the Applicant's
request for validation of the FQDN; or
From: validation-bounces at cabforum.org
[mailto:validation-bounces at cabforum.org] On Behalf Of Rick Andrews
Sent: Monday, January 18, 2016 6:55 PM
To: Jeremy Rowley <jeremy.rowley at digicert.com>; validation at cabforum.org
Subject: Re: [cabf_validation] Validation by telephone
Thanks, Jeremy. I like #1 better too.
From: validation-bounces at cabforum.org
<mailto:validation-bounces at cabforum.org>
[mailto:validation-bounces at cabforum.org] On Behalf Of Jeremy Rowley
Sent: Thursday, January 14, 2016 5:12 PM
To: validation at cabforum.org <mailto:validation at cabforum.org>
Subject: [cabf_validation] Validation by telephone
Here are the two telephone validation processes split out from the email:
2. Confirming the Applicant's domain ownership or control by receiving
confirmation of the certificate's request from the Domain Name Registrant
where (i) the certificate request is confirmed by communicating with the
Domain Name Registrant using a postal address or by email, (ii) the address
or email used for communicating with the Domain Name Registrant is either
(a) provided by the Domain Name Registrar or (b) listed in the WHOIS
record's "registration", "technical", or "administrative" field, (ii) the
confirmation of the certificate's request contains a Random Value unique to
the Applicant, and (iii) the Applicant responds to the communication with a
response confirming the Applicant's receipt of the Random Value; or
3. Confirming the Applicant's domain ownership or control by receiving
confirmation of the certificate request from the Domain Name Registrant
where the certificate request is confirmed by communicating with the Domain
Name Registrant using a telephone number provided by either (i) the Domain
Name Registrar or (ii) listed in the WHOIS record's "registrant",
"technical", or "administrative" field; or
Alternative:
2. Confirming the Applicant's domain ownership or control by communicating
with the Domain Name Registrant using a postal address or by email where
(ii) the address or email of the Domain Name Registrant is either (a)
provided by the Domain Name Registrar or (b) is listed in the WHOIS record's
"registration", "technical", or "administrative" field, (ii) the
confirmation of the certificate's request contains a Random Value unique to
the Applicant, and (iii) the Applicant responds to the communication with a
response confirming the Applicant's receipt of the Random Value; or
3. Confirming the Applicant's domain ownership or control by communicating
with the Domain Name Registrant using a telephone number that is either (i)
provided by the Domain Name Registrar or (ii) listed in the WHOIS record's
"registrant", "technical", or "administrative" field; or
I liked #1 because it required that there be a confirmation of the
certificate request from the Domain Name Registrant. It's not just simply
calling a number (or sending an email) that contains no information about
the purpose of the email/call.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20160119/9b07e19a/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4289 bytes
Desc: not available
Url : https://cabforum.org/pipermail/validation/attachments/20160119/9b07e19a/attachment-0001.bin
More information about the Validation
mailing list