[cabf_validation] Domain Validation Update
Doug Beattie
doug.beattie at globalsign.com
Thu Mar 24 10:28:28 MST 2016
Or: Verification by TLS using a Random Number
When it gets down to details, I think you’re going to need to add via Authorized Port in your detailed description for the same reasons we needed to add that to the Test Certificate option. If you don’t, then someone without admin permissions could configure the server on an “open” port and get a cert.
Doug
From: J.C. Jones [mailto:jjones at mozilla.com]
Sent: Thursday, March 24, 2016 1:22 PM
To: Doug Beattie <doug.beattie at globalsign.com>
Cc: validation at cabforum.org
Subject: Re: [cabf_validation] Domain Validation Update
On Thu, Mar 24,2016 at 10:05 AM, Doug Beattie <doug.beattie at globalsign.com<mailto:doug.beattie at globalsign.com>> wrote:
> 3.2.2.4.10 Verification by Random Number in a certificate <not Certificate, not Test Certificate, but just a self-signed(?) certificate? I defer to the ACME experts.
The relevant ACME challenge is "TLS-SNI", as the validation is during the TLS exchange rather than during a web site fetch.
It's more specific to say "Random Number in a certificate" but, in keeping with the others, what about instead "Verification by Agreed Upon TLS Configuration"?
Cheers,
J.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20160324/3baff7f8/attachment.html
More information about the Validation
mailing list