[cabf_validation] FW: Ballot 190: Domain Validation
Kirk Hall
Kirk.Hall at entrustdatacard.com
Mon Apr 24 14:16:33 MST 2017
Jeremy, while I don't believe Sec. 2 of Ballot 190 should go into the substantive provisions of BR 3.2.2.4 - if the rest of the VWG members disagree with me, just move it to the start of BR 3.2.2.4 (after the existing Note) so the start of BR 3.2.2.4 would read as follows.
3.2.2.4 Validation of Domain Authorization or Control
This section defines the permitted processes and procedures for validating the Applicant's ownership or control of the domain.
The CA SHALL confirm that, as of the date the Certificate issues, either the CA or a Delegated Third Party has validated each Fully-Qualified Domain Name (FQDN) listed in the Certificate using at least one of the methods listed below.
Completed confirmations of Applicant authority may be valid for the issuance of multiple certificates over time. In all cases, the confirmation must have been initiated within the time period specified in the relevant requirement (such as Section 3.3.1 of this document) prior to certificate issuance. For purposes of domain validation, the term Applicant includes the Applicant's Parent Company, Subsidiary Company, or Affiliate.
Note: FQDNs may be listed in Subscriber Certificates using dNSNames in the subjectAltName extension or in Subordinate CA Certificates via dNSNames in permittedSubtrees within the Name Constraints extension.
Note: The changes to BR 3.2.2.4.1 through 3.2.2.4.10 will apply only to the validation of domain names occurring on or after [insert Ballot 190's effective date if it passes and completes its Review Period]. Validation of domain names that occurs before [insert Ballot 190's effective date if it passes and completes its Review Period] and the resulting validation data may continue to be used for the periods specified in BR 4.2.1 and EVGL 11.14.3 so long as the validations were conducted in compliance with the BR Section 3.2.2.4 validation methods in effect at the time of each validation.
[Continue with Ballot 190 contents here ***]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170424/5cf87498/attachment-0001.html>
More information about the Validation
mailing list