[cabf_validation] Use of underscore in DNS auth
Rick Andrews
Rick_Andrews at symantec.com
Thu Nov 17 10:39:00 MST 2016
On today's VWG call, Peter mentioned the language about underscore in DNS
auth. Here's the section:
3.2.2.4.7 DNS Change
Confirming the Applicant's control over the requested FQDN by confirming the
presence of a Random Value
or Request Token in a DNS TXT or CAA record for an Authorization Domain Name
or an Authorization
Domain Name that is prefixed with a label that begins with an underscore
character.
Upon re-reading this, I see that I did not interpret it properly; it seems
to exclude using DNS records for _foo.example.com if I'm trying to validate
foo.example.com. So I can use _validation.foo.example.com or
_validation.example.com. Anyone disagree?
-Rick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20161117/f68ebe31/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5725 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20161117/f68ebe31/attachment.bin>
More information about the Validation
mailing list