[cabf_validation] Domain Validation Update
J.C. Jones
jjones at mozilla.com
Thu Mar 24 10:36:04 MST 2016
On Thu, Mar 24, 2016 at 10:28 AM, Doug Beattie <doug.beattie at globalsign.com>
wrote:
> Or: Verification by TLS using a Random Number
That sounds good to me as well.
> When it gets down to details, I think you’re going to need to add via
Authorized Port in your detailed description for the same reasons we needed
to add that to the Test Certificate option. If you don’t, then someone
without admin permissions could configure the server on an “open” port and
get a cert.
Already on it. On the 3-11 draft, Authorized Port is included already:
""" 10. Confirming the Applicant's control over the requested FQDN by
confirming the presence of a Random Value within a Certificate which is
accessible by the CA via TLS over an Authorized Port. """
Thanks again!
J.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20160324/8145a2b3/attachment.html
More information about the Validation
mailing list